rhsa-2023_6793
Vulnerability from csaf_redhat
Published
2023-11-08 08:20
Modified
2024-11-15 17:34
Summary
Red Hat Security Advisory: rh-python38-python security update
Notes
Topic
An update for rh-python38-python is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
The following packages have been upgraded to a later upstream version: rh-python38-python (3.8.18), rh-python38-python-cryptography (2.8), rh-python38-python-pip (19.3.1), rh-python38-python-requests (2.22.0), rh-python38-python-setuptools (41.6.0), rh-python38-python-wheel (0.33.6).
Security Fix(es):
* python: urllib.parse url blocklisting bypass (CVE-2023-24329)
* python: TLS handshake bypass (CVE-2023-40217)
* python: tarfile module directory traversal (CVE-2007-4559)
* pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)
* python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli (CVE-2022-40898)
* python: CPU denial of service via inefficient IDNA decoder (CVE-2022-45061)
* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)
* python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-python38-python is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nThe following packages have been upgraded to a later upstream version: rh-python38-python (3.8.18), rh-python38-python-cryptography (2.8), rh-python38-python-pip (19.3.1), rh-python38-python-requests (2.22.0), rh-python38-python-setuptools (41.6.0), rh-python38-python-wheel (0.33.6).\n\nSecurity Fix(es):\n\n* python: urllib.parse url blocklisting bypass (CVE-2023-24329)\n\n* python: TLS handshake bypass (CVE-2023-40217)\n\n* python: tarfile module directory traversal (CVE-2007-4559)\n\n* pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)\n\n* python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli (CVE-2022-40898)\n\n* python: CPU denial of service via inefficient IDNA decoder (CVE-2022-45061)\n\n* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)\n\n* python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:6793", "url": "https://access.redhat.com/errata/RHSA-2023:6793" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "263261", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=263261" }, { "category": "external", "summary": "2144072", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144072" }, { "category": "external", "summary": "2158559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158559" }, { "category": "external", "summary": "2165864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165864" }, { "category": "external", "summary": "2171817", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817" }, { "category": "external", "summary": "2173917", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173917" }, { "category": "external", "summary": "2209469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209469" }, { "category": "external", "summary": "2235789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235789" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6793.json" } ], "title": "Red Hat Security Advisory: rh-python38-python security update", "tracking": { "current_release_date": "2024-11-15T17:34:29+00:00", "generator": { "date": "2024-11-15T17:34:29+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2023:6793", "initial_release_date": "2023-11-08T08:20:36+00:00", "revision_history": [ { "date": "2023-11-08T08:20:36+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-11-08T08:20:36+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-15T17:34:29+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for RHEL(v. 7)", "product": { "name": "Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-python38-python-setuptools-0:41.6.0-8.el7.src", "product": { "name": "rh-python38-python-setuptools-0:41.6.0-8.el7.src", "product_id": "rh-python38-python-setuptools-0:41.6.0-8.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-setuptools@41.6.0-8.el7?arch=src" } } }, { "category": "product_version", "name": "rh-python38-python-requests-0:2.22.0-11.el7.src", "product": { "name": "rh-python38-python-requests-0:2.22.0-11.el7.src", "product_id": "rh-python38-python-requests-0:2.22.0-11.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-requests@2.22.0-11.el7?arch=src" } } }, { "category": "product_version", "name": "rh-python38-python-wheel-0:0.33.6-9.el7.src", "product": { "name": "rh-python38-python-wheel-0:0.33.6-9.el7.src", "product_id": "rh-python38-python-wheel-0:0.33.6-9.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-wheel@0.33.6-9.el7?arch=src" } } }, { "category": "product_version", "name": "rh-python38-python-pip-0:19.3.1-4.el7.src", "product": { "name": "rh-python38-python-pip-0:19.3.1-4.el7.src", "product_id": "rh-python38-python-pip-0:19.3.1-4.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-pip@19.3.1-4.el7?arch=src" } } }, { "category": "product_version", "name": "rh-python38-python-cryptography-0:2.8-6.el7.src", "product": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.src", "product_id": "rh-python38-python-cryptography-0:2.8-6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-cryptography@2.8-6.el7?arch=src" } } }, { "category": "product_version", "name": "rh-python38-python-0:3.8.18-2.el7.src", "product": { "name": "rh-python38-python-0:3.8.18-2.el7.src", "product_id": "rh-python38-python-0:3.8.18-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python@3.8.18-2.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "product": { "name": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "product_id": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-setuptools@41.6.0-8.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "product": { "name": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "product_id": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-setuptools-wheel@41.6.0-8.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-python38-python-requests-0:2.22.0-11.el7.noarch", "product": { "name": "rh-python38-python-requests-0:2.22.0-11.el7.noarch", "product_id": "rh-python38-python-requests-0:2.22.0-11.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-requests@2.22.0-11.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "product": { "name": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "product_id": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-wheel@0.33.6-9.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "product": { "name": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "product_id": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-wheel-wheel@0.33.6-9.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-python38-python-pip-0:19.3.1-4.el7.noarch", "product": { "name": "rh-python38-python-pip-0:19.3.1-4.el7.noarch", "product_id": "rh-python38-python-pip-0:19.3.1-4.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-pip@19.3.1-4.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "product": { "name": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "product_id": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-pip-wheel@19.3.1-4.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "product": { "name": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "product_id": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-rpm-macros@3.8.18-2.el7?arch=noarch" } } }, { "category": "product_version", "name": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "product": { "name": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "product_id": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-srpm-macros@3.8.18-2.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "product": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "product_id": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-cryptography@2.8-6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "product": { "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "product_id": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-cryptography-debuginfo@2.8-6.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-python38-python-0:3.8.18-2.el7.x86_64", "product": { "name": "rh-python38-python-0:3.8.18-2.el7.x86_64", "product_id": "rh-python38-python-0:3.8.18-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python@3.8.18-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "product": { "name": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "product_id": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-debug@3.8.18-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "product": { "name": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "product_id": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-devel@3.8.18-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "product": { "name": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "product_id": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-idle@3.8.18-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "product": { "name": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "product_id": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-libs@3.8.18-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-python38-python-test-0:3.8.18-2.el7.x86_64", "product": { "name": "rh-python38-python-test-0:3.8.18-2.el7.x86_64", "product_id": "rh-python38-python-test-0:3.8.18-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-test@3.8.18-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "product": { "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "product_id": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-tkinter@3.8.18-2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "product": { "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "product_id": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-debuginfo@3.8.18-2.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-python38-python-cryptography-0:2.8-6.el7.s390x", "product": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.s390x", "product_id": "rh-python38-python-cryptography-0:2.8-6.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-cryptography@2.8-6.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "product": { "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "product_id": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-cryptography-debuginfo@2.8-6.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-python38-python-0:3.8.18-2.el7.s390x", "product": { "name": "rh-python38-python-0:3.8.18-2.el7.s390x", "product_id": "rh-python38-python-0:3.8.18-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python@3.8.18-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-python38-python-debug-0:3.8.18-2.el7.s390x", "product": { "name": "rh-python38-python-debug-0:3.8.18-2.el7.s390x", "product_id": "rh-python38-python-debug-0:3.8.18-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-debug@3.8.18-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-python38-python-devel-0:3.8.18-2.el7.s390x", "product": { "name": "rh-python38-python-devel-0:3.8.18-2.el7.s390x", "product_id": "rh-python38-python-devel-0:3.8.18-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-devel@3.8.18-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-python38-python-idle-0:3.8.18-2.el7.s390x", "product": { "name": "rh-python38-python-idle-0:3.8.18-2.el7.s390x", "product_id": "rh-python38-python-idle-0:3.8.18-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-idle@3.8.18-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-python38-python-libs-0:3.8.18-2.el7.s390x", "product": { "name": "rh-python38-python-libs-0:3.8.18-2.el7.s390x", "product_id": "rh-python38-python-libs-0:3.8.18-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-libs@3.8.18-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-python38-python-test-0:3.8.18-2.el7.s390x", "product": { "name": "rh-python38-python-test-0:3.8.18-2.el7.s390x", "product_id": "rh-python38-python-test-0:3.8.18-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-test@3.8.18-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "product": { "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "product_id": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-tkinter@3.8.18-2.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "product": { "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "product_id": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-debuginfo@3.8.18-2.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "product": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "product_id": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-cryptography@2.8-6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "product": { "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "product_id": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-cryptography-debuginfo@2.8-6.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-python38-python-0:3.8.18-2.el7.ppc64le", "product": { "name": "rh-python38-python-0:3.8.18-2.el7.ppc64le", "product_id": "rh-python38-python-0:3.8.18-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python@3.8.18-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "product": { "name": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "product_id": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-debug@3.8.18-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "product": { "name": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "product_id": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-devel@3.8.18-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "product": { "name": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "product_id": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-idle@3.8.18-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "product": { "name": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "product_id": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-libs@3.8.18-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "product": { "name": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "product_id": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-test@3.8.18-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "product": { "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "product_id": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-tkinter@3.8.18-2.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "product": { "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "product_id": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-python38-python-debuginfo@3.8.18-2.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-0:3.8.18-2.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src" }, "product_reference": "rh-python38-python-0:3.8.18-2.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le" }, "product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x" }, "product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src" }, "product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64" }, "product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le" }, "product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x" }, "product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64" }, "product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debug-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-devel-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-idle-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-libs-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-pip-0:19.3.1-4.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch" }, "product_reference": "rh-python38-python-pip-0:19.3.1-4.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-pip-0:19.3.1-4.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src" }, "product_reference": "rh-python38-python-pip-0:19.3.1-4.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch" }, "product_reference": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-requests-0:2.22.0-11.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch" }, "product_reference": "rh-python38-python-requests-0:2.22.0-11.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-requests-0:2.22.0-11.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src" }, "product_reference": "rh-python38-python-requests-0:2.22.0-11.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch" }, "product_reference": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch" }, "product_reference": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-setuptools-0:41.6.0-8.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src" }, "product_reference": "rh-python38-python-setuptools-0:41.6.0-8.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch" }, "product_reference": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch" }, "product_reference": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-test-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-test-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-test-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-test-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch" }, "product_reference": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-wheel-0:0.33.6-9.el7.src as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src" }, "product_reference": "rh-python38-python-wheel-0:0.33.6-9.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch as a component of Red Hat Software Collections for RHEL Workstation(v. 7)", "product_id": "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" }, "product_reference": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-0:3.8.18-2.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src" }, "product_reference": "rh-python38-python-0:3.8.18-2.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le" }, "product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x" }, "product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src" }, "product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64" }, "product_reference": "rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le" }, "product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x" }, "product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64" }, "product_reference": "rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debug-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-devel-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-idle-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-libs-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-pip-0:19.3.1-4.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch" }, "product_reference": "rh-python38-python-pip-0:19.3.1-4.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-pip-0:19.3.1-4.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src" }, "product_reference": "rh-python38-python-pip-0:19.3.1-4.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch" }, "product_reference": "rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-requests-0:2.22.0-11.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch" }, "product_reference": "rh-python38-python-requests-0:2.22.0-11.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-requests-0:2.22.0-11.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src" }, "product_reference": "rh-python38-python-requests-0:2.22.0-11.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch" }, "product_reference": "rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch" }, "product_reference": "rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-setuptools-0:41.6.0-8.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src" }, "product_reference": "rh-python38-python-setuptools-0:41.6.0-8.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch" }, "product_reference": "rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch" }, "product_reference": "rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-test-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-test-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-test-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-test-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le" }, "product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x" }, "product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64 as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" }, "product_reference": "rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch" }, "product_reference": "rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-wheel-0:0.33.6-9.el7.src as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src" }, "product_reference": "rh-python38-python-wheel-0:0.33.6-9.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.8" }, { "category": "default_component_of", "full_product_name": { "name": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch as a component of Red Hat Software Collections for RHEL(v. 7)", "product_id": "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" }, "product_reference": "rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.8" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-4559", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2007-08-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "263261" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Python tarfile module. Extracting a crafted TAR archive with the tarfile.extract or tarfile.extractall functions could lead to a directory traversal vulnerability, resulting in overwrite of arbitrary files.", "title": "Vulnerability description" }, { "category": "summary", "text": "python: tarfile module directory traversal", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat Product Security has rated this issue as having a Moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification.\n\nVersions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ], "known_not_affected": [ "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-4559" }, { "category": "external", "summary": "RHBZ#263261", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=263261" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4559", "url": "https://www.cve.org/CVERecord?id=CVE-2007-4559" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4559" } ], "release_date": "2007-08-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-08T08:20:36+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6793" }, { "category": "workaround", "details": "Do not extract archives from untrusted sources with the Python tarfile module. Users of the module should add sanity checks when calling the tarfile.extract or tarfile.extractall functions.", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python: tarfile module directory traversal" }, { "cve": "CVE-2022-40897", "cwe": { "id": "CWE-185", "name": "Incorrect Regular Expression" }, "discovery_date": "2023-01-05T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2158559" } ], "notes": [ { "category": "description", "text": "A flaw was found in Python Setuptools due to a regular expression Denial of Service (ReDoS) present in package_index.py. This issue could allow a remote attacker to cause a denial of service via HTML in a crafted package or custom PackageIndex page.", "title": "Vulnerability description" }, { "category": "summary", "text": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch" ], "known_not_affected": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40897" }, { "category": "external", "summary": "RHBZ#2158559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158559" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40897", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897" }, { "category": "external", "summary": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/", "url": "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/" } ], "release_date": "2022-12-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-08T08:20:36+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6793" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py" }, { "cve": "CVE-2022-40898", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-12-23T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2165864" } ], "notes": [ { "category": "description", "text": "An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ], "known_not_affected": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-40898" }, { "category": "external", "summary": "RHBZ#2165864", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165864" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-40898", "url": "https://www.cve.org/CVERecord?id=CVE-2022-40898" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-40898", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40898" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-qwmp-2cf2-g9g6", "url": "https://github.com/advisories/GHSA-qwmp-2cf2-g9g6" } ], "release_date": "2022-12-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-08T08:20:36+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6793" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli" }, { "cve": "CVE-2022-45061", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-11-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2144072" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA (RFC 3490) decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor, which could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied hostname.", "title": "Vulnerability description" }, { "category": "summary", "text": "python: CPU denial of service via inefficient IDNA decoder", "title": "Vulnerability summary" }, { "category": "other", "text": "Versions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ], "known_not_affected": [ "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-45061" }, { "category": "external", "summary": "RHBZ#2144072", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144072" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45061", "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45061", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45061" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/98433", "url": "https://github.com/python/cpython/issues/98433" }, { "category": "external", "summary": "https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html", "url": "https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html" } ], "release_date": "2022-11-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-08T08:20:36+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6793" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python: CPU denial of service via inefficient IDNA decoder" }, { "cve": "CVE-2023-23931", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "discovery_date": "2023-02-08T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2171817" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.", "title": "Vulnerability description" }, { "category": "summary", "text": "python-cryptography: memory corruption via immutable objects", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64" ], "known_not_affected": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23931" }, { "category": "external", "summary": "RHBZ#2171817", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171817" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23931", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23931" }, { "category": "external", "summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r", "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r" } ], "release_date": "2023-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-08T08:20:36+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6793" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python-cryptography: memory corruption via immutable objects" }, { "cve": "CVE-2023-24329", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2023-02-28T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2173917" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "python: urllib.parse url blocklisting bypass", "title": "Vulnerability summary" }, { "category": "other", "text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ], "known_not_affected": [ "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-24329" }, { "category": "external", "summary": "RHBZ#2173917", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173917" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24329", "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24329", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24329" }, { "category": "external", "summary": "https://pointernull.com/security/python-url-parse-problem.html", "url": "https://pointernull.com/security/python-url-parse-problem.html" } ], "release_date": "2023-02-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-08T08:20:36+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6793" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "python: urllib.parse url blocklisting bypass" }, { "cve": "CVE-2023-32681", "cwe": { "id": "CWE-402", "name": "Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)" }, "discovery_date": "2023-05-24T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2209469" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "title": "Vulnerability description" }, { "category": "summary", "text": "python-requests: Unintended leak of Proxy-Authorization header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src" ], "known_not_affected": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-32681" }, { "category": "external", "summary": "RHBZ#2209469", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2209469" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-32681", "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32681" }, { "category": "external", "summary": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q", "url": "https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q" } ], "release_date": "2023-05-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-08T08:20:36+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6793" }, { "category": "workaround", "details": "For users who are not able to update Requests immediately, there is one potential workaround.\n\nYou may disable redirects by setting allow_redirects to False on all calls through Requests top-level APIs. Note that if you are currently relying on redirect behaviors, you will need to capture the 3xx response codes and ensure a new request is made to the redirect destination.\n\nimport requests\nr = requests.get(\u0027http://github.com/\u0027, allow_redirects=False)", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "python-requests: Unintended leak of Proxy-Authorization header" }, { "cve": "CVE-2023-40217", "cwe": { "id": "CWE-305", "name": "Authentication Bypass by Primary Weakness" }, "discovery_date": "2023-08-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2235789" } ], "notes": [ { "category": "description", "text": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "title": "Vulnerability description" }, { "category": "summary", "text": "python: TLS handshake bypass", "title": "Vulnerability summary" }, { "category": "other", "text": "Versions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ], "known_not_affected": [ "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Server-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Server-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Server-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Server-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-cryptography-debuginfo-0:2.8-6.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-pip-0:19.3.1-4.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-pip-wheel-0:19.3.1-4.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-requests-0:2.22.0-11.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-0:41.6.0-8.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-setuptools-wheel-0:41.6.0-8.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-0:0.33.6-9.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-wheel-wheel-0:0.33.6-9.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40217" }, { "category": "external", "summary": "RHBZ#2235789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235789" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40217", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40217", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40217" }, { "category": "external", "summary": "https://github.com/python/cpython/issues/108310", "url": "https://github.com/python/cpython/issues/108310" }, { "category": "external", "summary": "https://github.com/python/cpython/pull/108315", "url": "https://github.com/python/cpython/pull/108315" }, { "category": "external", "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/", "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/" } ], "release_date": "2023-08-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-11-08T08:20:36+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6793" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Server-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Server-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.src", "7Workstation-RHSCL-3.8:rh-python38-python-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debug-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-debuginfo-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-devel-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-idle-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-libs-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-rpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-srpm-macros-0:3.8.18-2.el7.noarch", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-test-0:3.8.18-2.el7.x86_64", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.ppc64le", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.s390x", "7Workstation-RHSCL-3.8:rh-python38-python-tkinter-0:3.8.18-2.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "python: TLS handshake bypass" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.