{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"python3 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for python3 is now available for openEuler-22.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C++ (or other languages, depending on the chosen implementation). Python is also usable as an extension language for applications written in other languages that need easy-to-use scripting or automation interfaces.\n\nSecurity Fix(es):\n\nAn issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n(CVE-2023-6597)\n\nThere is a MEDIUM severity vulnerability affecting CPython.\n\nThe\n “socket” module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don’t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\n\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.(CVE-2024-3219)\n\nThere is a MEDIUM severity vulnerability affecting CPython.\n\n\n\n\n\nRegular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.(CVE-2024-6232)", "category":"general", "title":"Description" }, { "text":"An update for python3 is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"python3", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-2192", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2192" }, { "summary":"CVE-2023-6597", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-6597&packageName=python3" }, { "summary":"CVE-2024-3219", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-3219&packageName=python3" }, { "summary":"CVE-2024-6232", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6232&packageName=python3" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6597" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3219" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6232" }, { "summary":"openEuler-SA-2024-2192 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-2192.json" } ], "title":"An update for python3 is now available for openEuler-22.03-LTS-SP1", "tracking":{ "initial_release_date":"2024-09-27T19:47:12+08:00", "revision_history":[ { "date":"2024-09-27T19:47:12+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-09-29T16:47:12+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-09-29T16:47:12+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-09-29T16:47:12+08:00", "id":"openEuler-SA-2024-2192", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"openEuler-22.03-LTS-SP1", "name":"openEuler-22.03-LTS-SP1" }, "name":"openEuler-22.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-help-3.9.9-32.oe2203sp1.noarch.rpm", "name":"python3-help-3.9.9-32.oe2203sp1.noarch.rpm" }, "name":"python3-help-3.9.9-32.oe2203sp1.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-3.9.9-32.oe2203sp1.aarch64.rpm", "name":"python3-3.9.9-32.oe2203sp1.aarch64.rpm" }, "name":"python3-3.9.9-32.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-debug-3.9.9-32.oe2203sp1.aarch64.rpm", "name":"python3-debug-3.9.9-32.oe2203sp1.aarch64.rpm" }, "name":"python3-debug-3.9.9-32.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-debuginfo-3.9.9-32.oe2203sp1.aarch64.rpm", "name":"python3-debuginfo-3.9.9-32.oe2203sp1.aarch64.rpm" }, "name":"python3-debuginfo-3.9.9-32.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-debugsource-3.9.9-32.oe2203sp1.aarch64.rpm", "name":"python3-debugsource-3.9.9-32.oe2203sp1.aarch64.rpm" }, "name":"python3-debugsource-3.9.9-32.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-devel-3.9.9-32.oe2203sp1.aarch64.rpm", "name":"python3-devel-3.9.9-32.oe2203sp1.aarch64.rpm" }, "name":"python3-devel-3.9.9-32.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64.rpm", "name":"python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64.rpm" }, "name":"python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-3.9.9-32.oe2203sp1.src.rpm", "name":"python3-3.9.9-32.oe2203sp1.src.rpm" }, "name":"python3-3.9.9-32.oe2203sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-3.9.9-32.oe2203sp1.x86_64.rpm", "name":"python3-3.9.9-32.oe2203sp1.x86_64.rpm" }, "name":"python3-3.9.9-32.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-debug-3.9.9-32.oe2203sp1.x86_64.rpm", "name":"python3-debug-3.9.9-32.oe2203sp1.x86_64.rpm" }, "name":"python3-debug-3.9.9-32.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-debuginfo-3.9.9-32.oe2203sp1.x86_64.rpm", "name":"python3-debuginfo-3.9.9-32.oe2203sp1.x86_64.rpm" }, "name":"python3-debuginfo-3.9.9-32.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-debugsource-3.9.9-32.oe2203sp1.x86_64.rpm", "name":"python3-debugsource-3.9.9-32.oe2203sp1.x86_64.rpm" }, "name":"python3-debugsource-3.9.9-32.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-devel-3.9.9-32.oe2203sp1.x86_64.rpm", "name":"python3-devel-3.9.9-32.oe2203sp1.x86_64.rpm" }, "name":"python3-devel-3.9.9-32.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64.rpm", "name":"python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64.rpm" }, "name":"python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-help-3.9.9-32.oe2203sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-help-3.9.9-32.oe2203sp1.noarch", "name":"python3-help-3.9.9-32.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-3.9.9-32.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.aarch64", "name":"python3-3.9.9-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-debug-3.9.9-32.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.aarch64", "name":"python3-debug-3.9.9-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-debuginfo-3.9.9-32.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.aarch64", "name":"python3-debuginfo-3.9.9-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-debugsource-3.9.9-32.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.aarch64", "name":"python3-debugsource-3.9.9-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-devel-3.9.9-32.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.aarch64", "name":"python3-devel-3.9.9-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64", "name":"python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-3.9.9-32.oe2203sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.src", "name":"python3-3.9.9-32.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-3.9.9-32.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.x86_64", "name":"python3-3.9.9-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-debug-3.9.9-32.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.x86_64", "name":"python3-debug-3.9.9-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-debuginfo-3.9.9-32.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.x86_64", "name":"python3-debuginfo-3.9.9-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-debugsource-3.9.9-32.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.x86_64", "name":"python3-debugsource-3.9.9-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-devel-3.9.9-32.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.x86_64", "name":"python3-devel-3.9.9-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64", "name":"python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2023-6597", "notes":[ { "text":"An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:python3-help-3.9.9-32.oe2203sp1.noarch", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.src", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:python3-help-3.9.9-32.oe2203sp1.noarch", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.src", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64" ], "details":"python3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.8, "vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:python3-help-3.9.9-32.oe2203sp1.noarch", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.src", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2023-6597" }, { "cve":"CVE-2024-3219", "notes":[ { "text":"There is a MEDIUM severity vulnerability affecting CPython.\n\nThe\n “socket” module provides a pure-Python fallback to the \nsocket.socketpair() function for platforms that don’t support AF_UNIX, \nsuch as Windows. This pure-Python implementation uses AF_INET or \nAF_INET6 to create a local connected pair of sockets. The connection \nbetween the two sockets was not verified before passing the two sockets \nback to the user, which leaves the server socket vulnerable to a \nconnection race from a malicious local peer.\n\nPlatforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:python3-help-3.9.9-32.oe2203sp1.noarch", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.src", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:python3-help-3.9.9-32.oe2203sp1.noarch", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.src", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64" ], "details":"python3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.0, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:python3-help-3.9.9-32.oe2203sp1.noarch", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.src", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-3219" }, { "cve":"CVE-2024-6232", "notes":[ { "text":"There is a MEDIUM severity vulnerability affecting CPython.Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:python3-help-3.9.9-32.oe2203sp1.noarch", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.src", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:python3-help-3.9.9-32.oe2203sp1.noarch", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.src", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64" ], "details":"python3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2192" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:python3-help-3.9.9-32.oe2203sp1.noarch", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.src", "openEuler-22.03-LTS-SP1:python3-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debug-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debuginfo-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-debugsource-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-devel-3.9.9-32.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:python3-unversioned-command-3.9.9-32.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2024-6232" } ] }