RLSA-2024:2985

See a problem?

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2024:2985.json

JSON Data

https://api.osv.dev/v1/vulns/RLSA-2024:2985

Related

Published

2024-06-14T13:59:30.118978Z

Modified

2024-06-14T14:02:23.985439Z

Summary

Moderate: python39:3.9 and python39-devel:3.9 security update

Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)
python-cryptography: memory corruption via immutable objects (CVE-2023-23931)
python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple (CVE-2023-27043)
python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:8 / Cython

Package

Name: Cython
Purl: pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.29.21-5.module+el8.10.0+1582+bc278001

Rocky Linux:8 / mod_wsgi

Package

Name: mod_wsgi
Purl: pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.7.1-7.module+el8.10.0+1582+bc278001

Rocky Linux:8 / numpy

Package

Name: numpy
Purl: pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.19.4-3.module+el8.10.0+1582+bc278001

Rocky Linux:8 / pybind11

Package

Name: pybind11
Purl: pkg:rpm/rocky-linux/pybind11?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.7.1-1.module+el8.9.0+1357+a3b80af7

Rocky Linux:8 / pytest

Package

Name: pytest
Purl: pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:6.0.2-2.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python3x-pip

Package

Name: python3x-pip
Purl: pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:20.2.4-9.module+el8.10.0+1721+e52d6351

Rocky Linux:8 / python3x-pyparsing

Package

Name: python3x-pyparsing
Purl: pkg:rpm/rocky-linux/python3x-pyparsing?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.4.7-5.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python3x-setuptools

Package

Name: python3x-setuptools
Purl: pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:50.3.2-5.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python3x-six

Package

Name: python3x-six
Purl: pkg:rpm/rocky-linux/python3x-six?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.0-3.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-attrs

Package

Name: python-attrs
Purl: pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:20.3.0-2.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-cffi

Package

Name: python-cffi
Purl: pkg:rpm/rocky-linux/python-cffi?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.14.3-2.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-chardet

Package

Name: python-chardet
Purl: pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.0.4-19.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.3.1-3.module+el8.10.0+1697+7e517775

Rocky Linux:8 / python-iniconfig

Package

Name: python-iniconfig
Purl: pkg:rpm/rocky-linux/python-iniconfig?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.1.1-2.module+el8.9.0+1332+dd574197

Rocky Linux:8 / python-lxml

Package

Name: python-lxml
Purl: pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.6.5-1.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-more-itertools

Package

Name: python-more-itertools
Purl: pkg:rpm/rocky-linux/python-more-itertools?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:8.5.0-2.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-packaging

Package

Name: python-packaging
Purl: pkg:rpm/rocky-linux/python-packaging?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:20.4-4.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-pluggy

Package

Name: python-pluggy
Purl: pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.13.1-3.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-ply

Package

Name: python-ply
Purl: pkg:rpm/rocky-linux/python-ply?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.11-10.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-psutil

Package

Name: python-psutil
Purl: pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:5.8.0-4.module+el8.9.0+1357+a3b80af7

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.8.6-3.module+el8.10.0+1660+b5b6f004

Rocky Linux:8 / python-py

Package

Name: python-py
Purl: pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.10.0-1.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-pycparser

Package

Name: python-pycparser
Purl: pkg:rpm/rocky-linux/python-pycparser?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.20-3.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-PyMySQL

Package

Name: python-PyMySQL
Purl: pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.10.1-2.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-pysocks

Package

Name: python-pysocks
Purl: pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.7.1-4.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-requests

Package

Name: python-requests
Purl: pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.25.0-3.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-toml

Package

Name: python-toml
Purl: pkg:rpm/rocky-linux/python-toml?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.10.1-5.module+el8.9.0+1332+dd574197

Rocky Linux:8 / python-urllib3

Package

Name: python-urllib3
Purl: pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.25.10-5.module+el8.10.0+1545+03246da9

Rocky Linux:8 / python-wcwidth

Package

Name: python-wcwidth
Purl: pkg:rpm/rocky-linux/python-wcwidth?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.2.5-3.module+el8.10.0+1582+bc278001

Rocky Linux:8 / python-wheel

Package

Name: python-wheel
Purl: pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8&epoch=1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.35.1-4.module+el8.10.0+1582+bc278001

Rocky Linux:8 / PyYAML

Package

Name: PyYAML
Purl: pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:5.4.1-1.module+el8.10.0+1582+bc278001

Rocky Linux:8 / scipy

Package

Name: scipy
Purl: pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.5.4-5.module+el8.10.0+1582+bc278001