Red Hat Security Advisory 2024-8856-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow, null pointer, and out of bounds access vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8856.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:8856-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8856  
Issue date:         2024-11-05  
Revision:           03  
CVE Names:          CVE-2022-48773  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)

* kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)

* kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)

* kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)

* kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)

* kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)

* kernel: nouveau: lock the client object tree. (CVE-2024-27062)

* kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)

* kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)

* kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)

* kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)

* kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

* kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)

* kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)

* kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)

* kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)

* kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)

* kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)

* kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)

* kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)

* kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)

* kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)

* kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)

* kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)

* kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)

* kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)

* kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)

* kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)

* kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)

* kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)

* kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)

* kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

* kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)

* kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)

* kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)

* kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)

* kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)

* kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)

* kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)

* kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

* kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)

* kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-48773

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2266247  
https://bugzilla.redhat.com/show_bug.cgi?id=2269183  
https://bugzilla.redhat.com/show_bug.cgi?id=2275750  
https://bugzilla.redhat.com/show_bug.cgi?id=2277168  
https://bugzilla.redhat.com/show_bug.cgi?id=2278262  
https://bugzilla.redhat.com/show_bug.cgi?id=2278350  
https://bugzilla.redhat.com/show_bug.cgi?id=2278387  
https://bugzilla.redhat.com/show_bug.cgi?id=2281284  
https://bugzilla.redhat.com/show_bug.cgi?id=2281669  
https://bugzilla.redhat.com/show_bug.cgi?id=2281817  
https://bugzilla.redhat.com/show_bug.cgi?id=2293356  
https://bugzilla.redhat.com/show_bug.cgi?id=2293402  
https://bugzilla.redhat.com/show_bug.cgi?id=2293458  
https://bugzilla.redhat.com/show_bug.cgi?id=2293459  
https://bugzilla.redhat.com/show_bug.cgi?id=2297475  
https://bugzilla.redhat.com/show_bug.cgi?id=2297508  
https://bugzilla.redhat.com/show_bug.cgi?id=2297545  
https://bugzilla.redhat.com/show_bug.cgi?id=2297567  
https://bugzilla.redhat.com/show_bug.cgi?id=2297568  
https://bugzilla.redhat.com/show_bug.cgi?id=2298109  
https://bugzilla.redhat.com/show_bug.cgi?id=2298412  
https://bugzilla.redhat.com/show_bug.cgi?id=2300412  
https://bugzilla.redhat.com/show_bug.cgi?id=2300442  
https://bugzilla.redhat.com/show_bug.cgi?id=2300487  
https://bugzilla.redhat.com/show_bug.cgi?id=2300488  
https://bugzilla.redhat.com/show_bug.cgi?id=2300508  
https://bugzilla.redhat.com/show_bug.cgi?id=2300517  
https://bugzilla.redhat.com/show_bug.cgi?id=2307862  
https://bugzilla.redhat.com/show_bug.cgi?id=2307865  
https://bugzilla.redhat.com/show_bug.cgi?id=2307892  
https://bugzilla.redhat.com/show_bug.cgi?id=2309852  
https://bugzilla.redhat.com/show_bug.cgi?id=2309853  
https://bugzilla.redhat.com/show_bug.cgi?id=2311715  
https://bugzilla.redhat.com/show_bug.cgi?id=2315178  
https://bugzilla.redhat.com/show_bug.cgi?id=2317601

Red Hat Security Advisory 2024-8856-03

Red Hat Security Advisory 2024-8849-03 - An update for haproxy is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8849.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: haproxy security updateAdvisory ID:        RHSA-2024:8849-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8849Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2023-45539====================================================================Summary: An update for haproxy is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.Security Fix(es):* haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers (CVE-2023-45539)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45539References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2253037

Red Hat Security Advisory 2024-8849-03

Red Hat Security Advisory 2024-8847-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8847.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: grafana-pcp security updateAdvisory ID:        RHSA-2024:8847-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8847Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-9355====================================================================Summary: An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.Security Fix(es):* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9355References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2315719

Red Hat Security Advisory 2024-8847-03

Red Hat Security Advisory 2024-8846-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8846.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:rhel8 security updateAdvisory ID:        RHSA-2024:8846-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8846Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-9341====================================================================Summary: An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (CVE-2024-9341)* Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407)* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9341References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315691https://bugzilla.redhat.com/show_bug.cgi?id=2315887https://bugzilla.redhat.com/show_bug.cgi?id=2317458

Red Hat Security Advisory 2024-8846-03

Red Hat Security Advisory 2024-8843-03 - An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8843.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python3.11-urllib3 security updateAdvisory ID:        RHSA-2024:8843-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8843Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-37891====================================================================Summary: An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37891References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292788

Red Hat Security Advisory 2024-8843-03

Red Hat Security Advisory 2024-8842-03 - An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a remote shell upload vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8842.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python3.12-urllib3 security updateAdvisory ID:        RHSA-2024:8842-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8842Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-37891====================================================================Summary: An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries:   • Thread safety.  • Connection pooling.  • Client-side SSL/TLS verification.  • File uploads with multipart encoding.  • Helpers for retrying requests and dealing with HTTP redirects.  • Support for gzip, deflate, brotli, and zstd encoding.  • Proxy support for HTTP and SOCKS.  • 100% test coverage.Security Fix(es):* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37891References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2292788

Red Hat Security Advisory 2024-8842-03

Red Hat Security Advisory 2024-8838-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8838.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python3.11 security updateAdvisory ID:        RHSA-2024:8838-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8838Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-6232====================================================================Summary: An update for python3.11 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6232References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2309426

Red Hat Security Advisory 2024-8838-03

Red Hat Security Advisory 2024-8836-03 - An update for python3.12 is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8836.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python3.12 security updateAdvisory ID:        RHSA-2024:8836-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8836Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-6232====================================================================Summary: An update for python3.12 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries.  The python3.12 package provides the \"python3.12\" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately.  Documentation for Python is provided in the python3.12-docs package.  Packages containing additional libraries for Python are generally named with the \"python3.12-\" prefix.  For the unversioned \"python\" executable, see manual page \"unversioned-python\".Security Fix(es):* python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6232References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2309426

Red Hat Security Advisory 2024-8836-03

Red Hat Security Advisory 2024-8834-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8834.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python-gevent security updateAdvisory ID:        RHSA-2024:8834-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8834Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2023-41419====================================================================Summary: An update for python-gevent is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:gevent is a coroutine-based Python networking library that uses greenlet to provide a high-level synchronous API on top of libevent event loop.  Features include:    * convenient API around greenlets   * familiar synchronization primitives (gevent.event, gevent.queue)   * socket module that cooperates   * WSGI server on top of libevent-http   * DNS requests done through libevent-dns   * monkey patching utility to get pure Python modules to cooperateSecurity Fix(es):* python-gevent: privilege escalation via a crafted script to the WSGIServer component (CVE-2023-41419)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-41419References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2240651

Tag

#vulnerability