Download
| Alert*
oval:org.secpod.oval:def:97737
[CLSA-2023:1689886440] python: Fix of CVE-2023-24329 oval:org.secpod.oval:def:19500586 An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters oval:org.secpod.oval:def:708482 python3.9: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:206034 Security Fix: python: urllib.parse url blocklisting bypass For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:507787 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:507786 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:95040 python3.9: An interactive high-level object-oriented language Several security issues were fixed in Python. oval:org.secpod.oval:def:1701787 An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters oval:org.secpod.oval:def:507823 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:125822 Python 3.7 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, see other distributions that support it, such as an older Fedora release. oval:org.secpod.oval:def:507788 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:125783 Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the 'python3.10' executable: the ... oval:org.secpod.oval:def:1506749 babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 Cython [0.28.1-7] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 numpy [1:1.14.2-16] - Fix include path - Related: rhbz#1907601 pytest python2 [2.7.18-13.0.1.1] - Fix for CVE-2023-24329 - Add missing part ... oval:org.secpod.oval:def:89048496 This update for python36 fixes the following issues: * CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters . oval:org.secpod.oval:def:89049101 This update for python fixes the following issues: * CVE-2023-24329: Fixed urllib.parse bypass when supplying a URL that starts with blank characters . oval:org.secpod.oval:def:1506623 [3.11.2-2.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 oval:org.secpod.oval:def:1701222 An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters oval:org.secpod.oval:def:125224 MinGW Windows python3 library. oval:org.secpod.oval:def:89501 python3.10: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object ... oval:org.secpod.oval:def:87687 The host is installed with Python through 3.11 and is prone to a security bypass vulnerability. The flaw is present in the application, which fails to properly handle an issue in urllib.parse component. Successful exploitation allows attackers to bypass blocklisting methods by supplying a URL that s ... oval:org.secpod.oval:def:2600269 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. oval:org.secpod.oval:def:708038 python3.10: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level object-oriented language - python3.5: An interactive high-level object ... oval:org.secpod.oval:def:507792 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix: * python: urllib.parse url blocklisting bypass For mor ... oval:org.secpod.oval:def:4501435 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:507798 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix: * python: urllib.parse url blocklisting bypass For mor ... oval:org.secpod.oval:def:4501475 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix: * python: urllib.parse url blocklisting bypass For mor ... oval:org.secpod.oval:def:4501431 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:1506796 [2.6.6-68.0.3] - ASCII newline and tab characters are stripped from the URL [CVE-2022-0391][Orabug: 35479836] - Start stripping C0 control and space chars in urlsplit [CVE-2023-24329][Orabug: 35479836] oval:org.secpod.oval:def:125833 Python 3.7 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, see other distributions that support it, such as an older Fedora release. oval:org.secpod.oval:def:206028 Security Fix: python: urllib.parse url blocklisting bypass For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:89049139 This update for python39 fixes the following issues: Update to 3.9.17: * urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 . * Fixed a security in flaw in uu.decode that could allow for direct ... oval:org.secpod.oval:def:1506596 [3.6.8-19.0.1] - Remove the getfile feature of pydoc [Orabug: 33182027][CVE-2021-3426] - Fix buffer overflow in PyCArg_repr [Orabug: 32551171][CVE-2021-3177] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-19] - Security fix for CVE-2023-24329 - Fix the test suite support fo ... oval:org.secpod.oval:def:3302421 Security update for python311 oval:org.secpod.oval:def:125797 Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software Co ... oval:org.secpod.oval:def:125751 Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. oval:org.secpod.oval:def:1601670 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by r ... oval:org.secpod.oval:def:2600276 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. oval:org.secpod.oval:def:92827 The host is missing a patch containing a security fixes, which affects the following package(s): Python oval:org.secpod.oval:def:97717 [CLSA-2023:1678136944] python: Fix of CVE-2023-24329 oval:org.secpod.oval:def:19500041 A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int, a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits . The highest threat from this vulnerability is to system availability. An issue in the url ... oval:org.secpod.oval:def:1601678 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by r ... oval:org.secpod.oval:def:4501463 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:4501464 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:91498 python3.11: An interactive high-level object-oriented language - python3.10: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level objec ... oval:org.secpod.oval:def:125802 Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedora ... oval:org.secpod.oval:def:507801 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:2501123 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. oval:org.secpod.oval:def:125801 PyPy's implementation of Python 3.8, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types . This build of PyPy has JIT-compilation enabled. oval:org.secpod.oval:def:89048517 This update for python3 fixes the following issues: * CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters . The following non-security bug was fixed: * Eliminate unnecessary and dangerous calls to PyThread_exit_thread . oval:org.secpod.oval:def:2501125 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:2501126 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. oval:org.secpod.oval:def:1701208 An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by r ... oval:org.secpod.oval:def:125805 Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release. oval:org.secpod.oval:def:507804 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:125804 PyPy's implementation of Python 3.9, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types . This build of PyPy has JIT-compilation enabled. oval:org.secpod.oval:def:125803 Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedora ... oval:org.secpod.oval:def:507809 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:1506608 [3.11.2-2.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 oval:org.secpod.oval:def:1506602 [3.9.16-1.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 oval:org.secpod.oval:def:125764 Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ... oval:org.secpod.oval:def:125202 MinGW Windows python3 library. oval:org.secpod.oval:def:708216 python3.11: An interactive high-level object-oriented language - python3.10: An interactive high-level object-oriented language - python3.8: An interactive high-level object-oriented language - python2.7: An interactive high-level object-oriented language - python3.6: An interactive high-level objec ... oval:org.secpod.oval:def:5800198 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix: * python: urllib.parse url blocklisting bypass For mor ... oval:org.secpod.oval:def:1506609 [3.6.8-51.0.1] - Add Oracle Linux distribution in platform.py [Orabug: 20812544] [3.6.8-51.1] - Security fix for CVE-2023-24329 Resolves: rhbz#2173917 oval:org.secpod.oval:def:2108338 Oracle Solaris 11 - ( CVE-2023-24329 ) oval:org.secpod.oval:def:125808 PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types This build of PyPy has JIT-compilation enabled. oval:org.secpod.oval:def:5800193 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:125807 Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the 'python3.10' executable: the ... oval:org.secpod.oval:def:2501111 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. oval:org.secpod.oval:def:125779 PyPy's implementation of Python 3.9, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types . This build of PyPy has JIT-compilation enabled. oval:org.secpod.oval:def:1506610 [2.7.5-93.0.1] - Add Oracle Linux distribution in platform.py [orabug 20812544] [2.7.5-93] - Fix for CVE-2023-24329 Resolves: rhbz#2173917 oval:org.secpod.oval:def:2501113 Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. oval:org.secpod.oval:def:125777 Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release. oval:org.secpod.oval:def:89048505 This update for python3 fixes the following issues: * CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters . * CVE-2022-40899: Fixed REDoS in http.cookiejar . oval:org.secpod.oval:def:89048548 This update for python fixes the following issues: * CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters . * CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names . The following non-security bug was fixed: * ... oval:org.secpod.oval:def:125738 Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. oval:org.secpod.oval:def:89048500 This update for python39 fixes the following issues: * CVE-2023-24329: Fixed blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters . Update to 3.9.16: \- python -m http.server no longer allows terminal control characters sent within a garbage request ... oval:org.secpod.oval:def:1506738 python39 [3.9.16-1.1] - Security fix for CVE-2023-24329 oval:org.secpod.oval:def:507819 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:3301830 Security update for python310 oval:org.secpod.oval:def:89048585 This update for python3 fixes the following issues: * CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters . The following non-security bugs were fixed: * Fixed a crash in the garbage collection * Fixed email.generator.py to no ... oval:org.secpod.oval:def:125775 PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types This build of PyPy has JIT-compilation enabled. oval:org.secpod.oval:def:125774 Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ... oval:org.secpod.oval:def:125773 Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software Co ... oval:org.secpod.oval:def:1506736 babel [2.7.0-11] - Fix CVE-2021-20095 Resolves: rhbz#1955615 Cython [0.29.14-4] - Exclude unsupported i686 arch mod_wsgi [4.6.8-4] - Core dumped upon file upload |