Download
| Alert*
|
oval:org.secpod.oval:def:89050212
This update for python fixes the following issues: * CVE-2022-48566: Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. * CVE-2022-48565: Fixed an XXE in the plistlib module oval:org.secpod.oval:def:93578 The host is installed with Python before 3.6.13, 3.7.x before 3.7.10, 3.8.x before 3.8.7, or 3.9.x before 3.9.1 and is prone to a timing attack vulnerability. A flaw is present in the application, which fails to properly handle an issue in compare_digest in Lib/hmac.py. Successful exploitation allow ... oval:org.secpod.oval:def:1702011 An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest oval:org.secpod.oval:def:3302040 Security update for python oval:org.secpod.oval:def:89051657 This update for python3 fixes the following issues: * CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory . * CVE-2022-48566: Make compare_digest more constant-time . oval:org.secpod.oval:def:89051918 This update for python36 fixes the following issues: * CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number . * CVE-2024-0450: Fixed detecting the vulnerability of "quoted-overlap" zipbomb . * CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.Temporary ... |
