ALSA-2024:9190

Source
https://errata.almalinux.org/9/ALSA-2024-9190.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:9190.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2024:9190
Related
Published
2024-11-12T00:00:00Z
Modified
2024-11-18T18:13:18Z
Summary
Moderate: python3.12 security update
Details

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the "python3.12-" prefix.

Security Fix(es):

  • python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)
  • python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)
  • python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service (CVE-2024-8088)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:9 / python3.12

Package

Name
python3.12

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.5-2.el9

AlmaLinux:9 / python3.12-debug

Package

Name
python3.12-debug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.5-2.el9

AlmaLinux:9 / python3.12-devel

Package

Name
python3.12-devel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.5-2.el9

AlmaLinux:9 / python3.12-idle

Package

Name
python3.12-idle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.5-2.el9

AlmaLinux:9 / python3.12-libs

Package

Name
python3.12-libs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.5-2.el9

AlmaLinux:9 / python3.12-test

Package

Name
python3.12-test

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.5-2.el9

AlmaLinux:9 / python3.12-tkinter

Package

Name
python3.12-tkinter

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.5-2.el9