RLSA-2024:2985

See a problem?
Please try reporting it to the source first.
Source
https://errata.rockylinux.org/RLSA-2024:2985
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2024:2985.json
JSON Data
https://api.test.osv.dev/v1/vulns/RLSA-2024:2985
Related
Published
2024-06-14T13:59:30.118978Z
Modified
2024-06-14T14:02:23.985439Z
Summary
Moderate: python39:3.9 and python39-devel:3.9 security update
Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)

  • python-cryptography: memory corruption via immutable objects (CVE-2023-23931)

  • python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple (CVE-2023-27043)

  • python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8

Cython

Package

Name
Cython
Purl
pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.29.21-5.module+el8.10.0+1582+bc278001

mod_wsgi

Package

Name
mod_wsgi
Purl
pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.7.1-7.module+el8.10.0+1582+bc278001

numpy

Package

Name
numpy
Purl
pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.19.4-3.module+el8.10.0+1582+bc278001

pybind11

Package

Name
pybind11
Purl
pkg:rpm/rocky-linux/pybind11?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.7.1-1.module+el8.9.0+1357+a3b80af7

pytest

Package

Name
pytest
Purl
pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:6.0.2-2.module+el8.10.0+1582+bc278001

python3x-pip

Package

Name
python3x-pip
Purl
pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:20.2.4-9.module+el8.10.0+1721+e52d6351

python3x-pyparsing

Package

Name
python3x-pyparsing
Purl
pkg:rpm/rocky-linux/python3x-pyparsing?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.4.7-5.module+el8.10.0+1582+bc278001

python3x-setuptools

Package

Name
python3x-setuptools
Purl
pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:50.3.2-5.module+el8.10.0+1582+bc278001

python3x-six

Package

Name
python3x-six
Purl
pkg:rpm/rocky-linux/python3x-six?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.15.0-3.module+el8.10.0+1582+bc278001

python-attrs

Package

Name
python-attrs
Purl
pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:20.3.0-2.module+el8.10.0+1582+bc278001

python-cffi

Package

Name
python-cffi
Purl
pkg:rpm/rocky-linux/python-cffi?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.14.3-2.module+el8.10.0+1582+bc278001

python-chardet

Package

Name
python-chardet
Purl
pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.0.4-19.module+el8.10.0+1582+bc278001

python-cryptography

Package

Name
python-cryptography
Purl
pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.3.1-3.module+el8.10.0+1697+7e517775

python-iniconfig

Package

Name
python-iniconfig
Purl
pkg:rpm/rocky-linux/python-iniconfig?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.1.1-2.module+el8.9.0+1332+dd574197

python-lxml

Package

Name
python-lxml
Purl
pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.6.5-1.module+el8.10.0+1582+bc278001

python-more-itertools

Package

Name
python-more-itertools
Purl
pkg:rpm/rocky-linux/python-more-itertools?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:8.5.0-2.module+el8.10.0+1582+bc278001

python-packaging

Package

Name
python-packaging
Purl
pkg:rpm/rocky-linux/python-packaging?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:20.4-4.module+el8.10.0+1582+bc278001

python-pluggy

Package

Name
python-pluggy
Purl
pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.13.1-3.module+el8.10.0+1582+bc278001

python-ply

Package

Name
python-ply
Purl
pkg:rpm/rocky-linux/python-ply?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.11-10.module+el8.10.0+1582+bc278001

python-psutil

Package

Name
python-psutil
Purl
pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.8.0-4.module+el8.9.0+1357+a3b80af7

python-psycopg2

Package

Name
python-psycopg2
Purl
pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8.6-3.module+el8.10.0+1660+b5b6f004

python-py

Package

Name
python-py
Purl
pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.10.0-1.module+el8.10.0+1582+bc278001

python-pycparser

Package

Name
python-pycparser
Purl
pkg:rpm/rocky-linux/python-pycparser?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.20-3.module+el8.10.0+1582+bc278001

python-PyMySQL

Package

Name
python-PyMySQL
Purl
pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.10.1-2.module+el8.10.0+1582+bc278001

python-pysocks

Package

Name
python-pysocks
Purl
pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.7.1-4.module+el8.10.0+1582+bc278001

python-requests

Package

Name
python-requests
Purl
pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.25.0-3.module+el8.10.0+1582+bc278001

python-toml

Package

Name
python-toml
Purl
pkg:rpm/rocky-linux/python-toml?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.10.1-5.module+el8.9.0+1332+dd574197

python-urllib3

Package

Name
python-urllib3
Purl
pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.25.10-5.module+el8.10.0+1545+03246da9

python-wcwidth

Package

Name
python-wcwidth
Purl
pkg:rpm/rocky-linux/python-wcwidth?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.2.5-3.module+el8.10.0+1582+bc278001

python-wheel

Package

Name
python-wheel
Purl
pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.35.1-4.module+el8.10.0+1582+bc278001

PyYAML

Package

Name
PyYAML
Purl
pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.4.1-1.module+el8.10.0+1582+bc278001

scipy

Package

Name
scipy
Purl
pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.5.4-5.module+el8.10.0+1582+bc278001