|
|
Subscribe / Log in / New account

AlmaLinux alert ALSA-2024:6961 (python3.12)



From:
              AlmaLinux Errata Notifications <errata@almalinux.org>


To:
              announce@lists.almalinux.org


Subject:
              [Announce]  [Security Advisory] ALSA-2024:6961: python3.12 security update (Moderate)


Date:
              Wed, 25 Sep 2024 10:00:04 -0700


Message-ID:
              <66f44194.050a0220.150d72.8cdb@mx.google.com>


Archive-link:
              Article


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata
notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2024-09-24

Summary:

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language,
designed with an emphasis on code readability. It includes an extensive standard library, and has a
vast ecosystem of third-party libraries.  The python3.12 package provides the "python3.12"
executable: the reference interpreter for the Python language, version 3. The majority of its
standard library is provided in the python3.12-libs package, which should be installed
automatically along with python3.12. The remaining parts of the Python standard library are broken
out into the python3.12-tkinter and python3.12-test packages, which may need to be installed
separately.  Documentation for Python is provided in the python3.12-docs package.  Packages
containing additional libraries for Python are generally named with the "python3.12-" prefix.  For
the unversioned "python" executable, see manual page "unversioned-python".

Security Fix(es):

* python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)
* cpython: python: email module doesn't properly quotes newlines in email headers, allowing header
injection (CVE-2024-6923)
* python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service
(CVE-2024-8088)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,
and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information:
https://errata.almalinux.org/8/ALSA-2024-6961.html

This message is automatically generated, please don’t reply. For further questions, please, contact
us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on
https://lists.almalinux.org.

Kind regards,
AlmaLinux Team
_______________________________________________
Announce mailing list -- announce@lists.almalinux.org
To unsubscribe send an email to announce-leave@lists.almalinux.org
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds