RHSA-2023:6793HighCVSS 8.6
Red Hat Security Advisory: rh-python38-python security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2007-4559 — python: tarfile module directory traversal CVE-2022-40897 — pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py CVE-2022-40898 — python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli CVE-2022-45061 — python: CPU denial of service via inefficient IDNA decoder CVE-2023-23931 — python-cryptography: memory corruption via immutable objects CVE-2023-24329 — python: urllib.parse url blocklisting bypass CVE-2023-32681 — python-requests: Unintended leak of Proxy-Authorization header CVE-2023-40217 — python: TLS handshake bypass
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2023:6793
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2173917
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2209469
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2235789
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=263261
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2144072
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2158559
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2171817
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2165864
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6793.json