MGASA-2024-0096

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2023-6597 CVE-2024-0450

Published: 28 Mar 2024, 03:52

Last modified:16 Apr 2026, 04:41

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

28 Mar 2024, 03:52

Published

Vulnerability first disclosed

16 Apr 2026, 04:41

Last Modified

Vulnerability information updated

Description

Updated python3, python packages fix security vulnerabilities The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. (CVE-2023-6597) The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. (CVE-2024-0450)

Affected Systems

mageia•python
< 2.7.18-15.2.mga9
mageia•python3
< 3.10.11-1.2.mga9

MGASA-2024-0096

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)