A safety warning issued for Python has acquired an replace from the BSI. You can learn an outline of the safety hole together with the most recent updates and details about affected working programs and merchandise right here.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: SUSE Security Update SUSE-SU-2024:1667-1 (From 16 May 2024). Some helpful assets are listed later on this article.
Python Security Advisory – Risk: Medium
Risk stage: 3 (reasonable)
CVSS Base Score: 5.3
CVSS provisional rating: 4.9
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc programs. The CVSS customary makes it potential to match potential or precise safety dangers based mostly on numerous metrics with a purpose to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. Temporal scores additionally have in mind adjustments over time within the danger state of affairs. The severity of the present vulnerability is assessed as “reasonable” in response to the CVSS with a base rating of 5.3.
Python Bug: Vulnerability permits safety measures to be bypassed
Python it’s a common, generally translated, high-level language.
A distant, unknown attacker might exploit a vulnerability in Python to bypass safety measures.
Vulnerabilities are recognized by a singular CVE (Common Vulnerabilities and Exposures) serial quantity. CVE-2023-27043 on the market.
About Python Vulnerabilities in Security Products at a Glance
Products
Open supply Python for Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Open Source Python SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
EMC Avamar (cpe:/a:emc:avamar)
NetApp ActiveIQ Unified Manager (cpe:/a:netapp:active_iq_unified_manager)
IBM QRadar SIEM 7.5 (cpe:/a:ibm:qradar_siem)
IBM QRadar SIEM Dell NetWorker digital (cpe:/a:dell:networker)
General suggestions for coping with IT vulnerabilities
- Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them shortly by growing a patch or workaround. When new safety updates can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This typically accommodates further details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you might have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to frequently examine the required sources to see if a brand new safety replace is obtainable.
Sources for updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug reviews, safety fixes and workarounds.
SUSE Security Update SUSE-SU-2024:1667-1 vom 2024-05-16 (15.05.2024)
For extra info, see:
Dell Security Advisory DSA-2024-198 vom 2024-05-08 (07.05.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0782-2 vom 2024-04-30 (01.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2292 vom 2024-04-30 (29.04.2024)
For extra info, see:
IBM Security Bulletin 7148094 vom 2024-04-11 (11.04.2024)
For extra info, see:
IBM Security Bulletin 7145367 vom 2024-03-27 (27.03.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:1383 vom 2024-03-19 (19.03.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0784-1 vom 2024-03-06 (06.03.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0782-1 vom 2024-03-06 (06.03.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0329-2 vom 2024-03-05 (05.03.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0595-1 vom 2024-02-23 (22.02.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0595-1 vom 2024-02-23 (22.02.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-94E0390E4E vom 2024-02-16 (18.02.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-8DF4AC93D7 vom 2024-02-16 (18.02.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0464-1 vom 2024-02-14 (14.02.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0438-1 vom 2024-02-09 (11.02.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0437-1 vom 2024-02-08 (08.02.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0436-1 vom 2024-02-08 (08.02.2024)
For extra info, see:
SUSE Security Update SUSE-SU-2024:0329-1 vom 2024-02-05 (05.02.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0586 vom 2024-01-30 (30.01.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0530 vom 2024-01-25 (25.01.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-0466 vom 2024-01-25 (25.01.2024)
For extra info, see:
RedHat Security Advisory (24.01.2024)
For extra info, see:
RedHat Security Advisory (24.01.2024)
For extra info, see:
RedHat Security Advisory (24.01.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-0256 vom 2024-01-17 (17.01.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:0256 vom 2024-01-16 (15.01.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-06FF0A6DEF vom 2024-01-02 (02.01.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-93FAD630DE vom 2024-01-02 (02.01.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-3AB90A5B01 vom 2024-01-02 (02.01.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2023-0583EEDDE7 vom 2023-12-29 (28.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-2F86A608B2 vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-C69D73674A vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-C61A7D5227 vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-87771F4249 vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-8085628FFF vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-3C8C06B6BB vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-1BB427C240 vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-254C1F3B69 vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-F96FF39B59 vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-D577604E6A vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-0D125EB31D vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-D01F8A69B4 vom 2023-12-19 (19.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-C0BF8C0C4E vom 2023-12-19 (18.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-88FBB78CD3 vom 2023-12-19 (18.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-7D223EE343 vom 2023-12-19 (18.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-555B4D49B1 vom 2023-12-19 (18.12.2023)
For extra info, see:
Fedora Security Advisory FEDORA-2023-65C95A087D vom 2023-12-19 (18.12.2023)
For extra info, see:
SUSE Security Update SUSE-SU-2023:4220-1 vom 2023-10-26 (26.10.2023)
For extra info, see:
NetApp Security Advisory NTAP-20230601-0003 vom 2023-06-01 (01.06.2023)
For extra info, see:
Python Github vom 2023-04-27 (27.04.2023)
For extra info, see:
National Vulnerability Database – CVE-2023-27043 vom 2023-04-27 (27.04.2023)
For extra info, see:
Version historical past of this safety alert
This is the twenty seventh model of this Python IT safety discover. This doc will likely be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.
April 27, 2023 – First model
June 1, 2023 – New updates from NetApp added
October 26, 2023 – New updates from SUSE added
12/18/2023 – New updates from Fedora added
12/19/2023 – New updates from Fedora added
12/28/2023 – New updates from Fedora added
02.01.2024 – New Fedora updates added
01/15/2024 – New updates from Red Hat added
01/17/2024 – New Oracle Linux updates added
01/24/2024 – New updates from Red Hat added
01/25/2024 – New updates from Oracle Linux and Red Hat have been added
01/30/2024 – New updates from Red Hat added
02/05/2024 – New updates from SUSE added
02/08/2024 – New updates from SUSE added
02/11/2024 – New updates from SUSE added
02/14/2024 – New updates from SUSE added
02/18/2024 – New updates from Fedora added
02/22/2024 – New updates from SUSE added
03/05/2024 – New updates from SUSE added
03/06/2024 – New updates from SUSE added
03/19/2024 – New updates from Red Hat have been added
03/27/2024 – New updates from IBM added
April 11, 2024 – Added new updates from IBM
April 29, 2024 – New updates from Red Hat have been added
May 1, 2024 – New updates from SUSE added
May 7, 2024 – New updates from Dell added
May 15, 2024 – New updates from SUSE added
+++ Editorial observe: This doc relies on present BSI information and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover sizzling information, present movies and a direct line to the editorial crew.
kns/roj/information.de