RHSA-2023:6793

Description

Red Hat Security Advisory: rh-python38-python security update

CVSS Metrics

• v3.1•HIGH•Score: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Affected Systems

• redhat•rh-python38-python

  < 0:3.8.18-2.el7

• redhat•rh-python38-python-cryptography

  < 0:2.8-6.el7

• redhat•rh-python38-python-cryptography-debuginfo

  < 0:2.8-6.el7

• redhat•rh-python38-python-debug

  < 0:3.8.18-2.el7

• redhat•rh-python38-python-debuginfo

  < 0:3.8.18-2.el7

• redhat•rh-python38-python-devel

  < 0:3.8.18-2.el7

• redhat•rh-python38-python-idle

  < 0:3.8.18-2.el7

• redhat•rh-python38-python-libs

  < 0:3.8.18-2.el7

• redhat•rh-python38-python-pip

  < 0:19.3.1-4.el7

• redhat•rh-python38-python-pip-wheel

  < 0:19.3.1-4.el7

• redhat•rh-python38-python-requests

  < 0:2.22.0-11.el7

• redhat•rh-python38-python-rpm-macros

  < 0:3.8.18-2.el7

• redhat•rh-python38-python-setuptools

  < 0:41.6.0-8.el7

• redhat•rh-python38-python-setuptools-wheel

  < 0:41.6.0-8.el7

• redhat•rh-python38-python-srpm-macros

  < 0:3.8.18-2.el7

• redhat•rh-python38-python-test

  < 0:3.8.18-2.el7

• redhat•rh-python38-python-tkinter

  < 0:3.8.18-2.el7

• redhat•rh-python38-python-wheel

  < 0:0.33.6-9.el7

• redhat•rh-python38-python-wheel-wheel

  < 0:0.33.6-9.el7

References (45)

• https://access.redhat.com/errata/RHSA-2023:6793
• https://access.redhat.com/security/updates/classification/#important
• https://bugzilla.redhat.com/show_bug.cgi?id=263261
• https://bugzilla.redhat.com/show_bug.cgi?id=2144072
• https://bugzilla.redhat.com/show_bug.cgi?id=2158559
• https://bugzilla.redhat.com/show_bug.cgi?id=2165864
• https://bugzilla.redhat.com/show_bug.cgi?id=2171817
• https://bugzilla.redhat.com/show_bug.cgi?id=2173917
• https://bugzilla.redhat.com/show_bug.cgi?id=2209469
• https://bugzilla.redhat.com/show_bug.cgi?id=2235789
• https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6793.json
• https://access.redhat.com/security/cve/CVE-2007-4559
• https://www.cve.org/CVERecord?id=CVE-2007-4559
• https://nvd.nist.gov/vuln/detail/CVE-2007-4559
• https://access.redhat.com/security/cve/CVE-2022-40897
• https://www.cve.org/CVERecord?id=CVE-2022-40897
• https://nvd.nist.gov/vuln/detail/CVE-2022-40897
• https://pyup.io/vulnerabilities/CVE-2022-40897/52495/
• https://access.redhat.com/security/cve/CVE-2022-40898
• https://www.cve.org/CVERecord?id=CVE-2022-40898
• https://nvd.nist.gov/vuln/detail/CVE-2022-40898
• https://github.com/advisories/GHSA-qwmp-2cf2-g9g6
• https://access.redhat.com/security/cve/CVE-2022-45061
• https://www.cve.org/CVERecord?id=CVE-2022-45061
• https://nvd.nist.gov/vuln/detail/CVE-2022-45061
• https://github.com/python/cpython/issues/98433
• https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html
• https://access.redhat.com/security/cve/CVE-2023-23931
• https://www.cve.org/CVERecord?id=CVE-2023-23931
• https://nvd.nist.gov/vuln/detail/CVE-2023-23931
• https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
• https://access.redhat.com/security/cve/CVE-2023-24329
• https://www.cve.org/CVERecord?id=CVE-2023-24329
• https://nvd.nist.gov/vuln/detail/CVE-2023-24329
• https://pointernull.com/security/python-url-parse-problem.html
• https://access.redhat.com/security/cve/CVE-2023-32681
• https://www.cve.org/CVERecord?id=CVE-2023-32681
• https://nvd.nist.gov/vuln/detail/CVE-2023-32681
• https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q
• https://access.redhat.com/security/cve/CVE-2023-40217
• https://www.cve.org/CVERecord?id=CVE-2023-40217
• https://nvd.nist.gov/vuln/detail/CVE-2023-40217
• https://github.com/python/cpython/issues/108310
• https://github.com/python/cpython/pull/108315
• https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/