rpm package
opensuse/python3&distro=openSUSE Leap Micro 5.4
pkg:rpm/opensuse/python3&distro=openSUSE%20Leap%20Micro%205.4
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-0397 | Hig | 7.4 | < 3.6.15-150300.10.65.2 | 3.6.15-150300.10.65.2 | Jun 17, 2024 | A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the | |
| CVE-2024-4032 | Hig | 7.5 | < 3.6.15-150300.10.65.2 | 3.6.15-150300.10.65.2 | Jun 17, 2024 | The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Addr | |
| CVE-2024-0450 | Med | 6.2 | < 3.6.15-150300.10.65.2 | 3.6.15-150300.10.65.2 | Mar 19, 2024 | An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed | |
| CVE-2023-6597 | Hig | 7.8 | < 3.6.15-150300.10.57.1 | 3.6.15-150300.10.57.1 | Mar 19, 2024 | An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which c | |
| CVE-2023-52425 | — | < 3.6.15-150300.10.65.2 | 3.6.15-150300.10.65.2 | Feb 4, 2024 | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | ||
| CVE-2022-48566 | — | < 3.6.15-150300.10.57.1 | 3.6.15-150300.10.57.1 | Aug 22, 2023 | An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | ||
| CVE-2023-27043 | Med | 5.3 | < 3.6.15-150300.10.54.1 | 3.6.15-150300.10.54.1 | Apr 19, 2023 | The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which applica |
- affected < 3.6.15-150300.10.65.2fixed 3.6.15-150300.10.65.2
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the
- affected < 3.6.15-150300.10.65.2fixed 3.6.15-150300.10.65.2
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Addr
- affected < 3.6.15-150300.10.65.2fixed 3.6.15-150300.10.65.2
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed
- affected < 3.6.15-150300.10.57.1fixed 3.6.15-150300.10.57.1
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which c
- CVE-2023-52425Feb 4, 2024affected < 3.6.15-150300.10.65.2fixed 3.6.15-150300.10.65.2
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
- CVE-2022-48566Aug 22, 2023affected < 3.6.15-150300.10.57.1fixed 3.6.15-150300.10.57.1
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
- affected < 3.6.15-150300.10.54.1fixed 3.6.15-150300.10.54.1
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which applica