Home » Python: Multiple vulnerabilities enable code execution and DoS

Python: Multiple vulnerabilities enable code execution and DoS

by admin
Python: Multiple vulnerabilities enable code execution and DoS

An IT safety alert replace for a recognized vulnerability has been issued for Python. You can learn an outline of the safety hole together with the most recent updates and details about affected working methods and merchandise right here.

Federal workplace for Security in Information Technology (BSI) issued an replace on June 2, 2024 for a recognized safety hole on March 20, 2024. Python revealed. The safety vulnerability impacts MacOS and Dell NetWorker working methods.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Oracle Linux Security Advisory ELSA-2024-3466 (As of June 1, 2024). Some helpful sources are listed later on this article.

Python Security Advisory – Risk: Medium

Risk stage: 4 (average)
CVSS Base Score: 7.8
CVSS provisional rating: 6,8
Remote assault: No

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of pc methods. The CVSS normal makes it attainable to check potential or precise safety dangers primarily based on varied metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally take note of modifications over time within the danger scenario. The danger of the vulnerability talked about right here is assessed as “average” based on the CVSS with a base rating of seven.8.

Python bug: Multiple vulnerabilities enable code execution and DoS

Python is a general-purpose, generally interpreted, high-level language.

An attacker could exploit a number of vulnerabilities in Python to execute arbitrary code or trigger a denial of service situation.

Vulnerabilities are numbered for every product utilizing the CVE (Common Vulnerabilities and Exposures) reference system. CVE-2023-6597, CVE-2024-0450 and CVE-2023-52425.

Systems affected by the Python safety vulnerability at a look

Operating methods
MacOS X, Windows

See also  Is 787125 Anda Smart worth subscribing for? What is the issue price of the new shares?

Products
IBM AIX 7.3 (cpe:/o:ibm:aix)
IBM VIOS 4.1 (cpe:/a:ibm:vios)
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
SUSE Linux (cpe:/o:use:suse_linux)
Oracle Linux (cpe:/o:oracle:linux)
Gentoo Linux (cpe:/o:gentoo:linux)
EMC Avamar (cpe:/a:emc:avamar)
Open Source Python Open Source Python Open Source Python Dell NetWorker digital (cpe:/a:dell:networker)

General steps for coping with IT vulnerabilities

  1. Users of affected methods ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by creating a patch or workaround. When new safety updates can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically comprises further details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
  3. If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly examine the required sources to see if a brand new safety replace is obtainable.

Manufacturer details about updates, patches and workarounds

Here you will see some hyperlinks with details about bug experiences, safety fixes and workarounds.

Oracle Linux Security Advisory ELSA-2024-3466 vom 2024-06-01 (02.06.2024)
For extra info, see:

Amazon Linux Security Advisory ALASPYTHON3.8-2024-011 vom 2024-05-30 (30.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1844-1 vom 2024-05-29 (30.05.2024)
For extra info, see:

Oracle Linux Security Advisory ELSA-2024-3347 vom 2024-05-30 (30.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:3466 vom 2024-05-29 (30.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1847-1 vom 2024-05-29 (30.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1843-1 vom 2024-05-29 (30.05.2024)
For extra info, see:

See also  Minecraft added "Classical Chinese" to go martial arts style?Take the "Spirit Quenching Lower Realm Mysterious Iron Sword" to the adventure-ezone.hk-game animation-e-sports games

Red Hat Security Advisory RHSA-2024:3391 vom 2024-05-28 (28.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1774-1 vom 2024-05-24 (26.05.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-18B9C9B9CF vom 2024-05-23 (23.05.2024)
For extra info, see:

Red Hat Security Advisory RHSA-2024:3347 vom 2024-05-23 (23.05.2024)
For extra info, see:

Fedora Security Advisory FEDORA-2024-A702B78744 vom 2024-05-22 (22.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1698-1 vom 2024-05-20 (20.05.2024)
For extra info, see:

Amazon Linux Security Advisory ALAS-2024-2541 vom 2024-05-15 (15.05.2024)
For extra info, see:

Amazon Linux Security Advisory ALAS-2024-1936 vom 2024-05-13 (13.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1556-1 vom 2024-05-08 (09.05.2024)
For extra info, see:

Dell Security Advisory DSA-2024-198 vom 2024-05-08 (07.05.2024)
For extra info, see:

Gentoo Linux Security Advisory GLSA-202405-01 vom 2024-05-04 (05.05.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:0782-2 vom 2024-04-30 (01.05.2024)
For extra info, see:

IBM Security Bulletin 7148151 vom 2024-04-12 (11.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1162-1 vom 2024-04-08 (08.04.2024)
For extra info, see:

SUSE Security Update SUSE-SU-2024:1009-1 vom 2024-03-27 (27.03.2024)
For extra info, see:

Debian Security Advisory DLA-3772 vom 2024-03-24 (24.03.2024)
For extra info, see:

Debian Security Advisory DLA-3771 vom 2024-03-24 (24.03.2024)
For extra info, see:

Proof of Concept (PoC) für CVE-2023-52425 (20.03.2024)
For extra info, see:

NVD CVE-2023-52425 (20.03.2024)
For extra info, see:

NATIONAL ACCIDENT DATABASE (20.03.2024)
For extra info, see:

GitHub Advisory Database (20.03.2024)
For extra info, see:

Python Github vom 2024-03-20 (20.03.2024)
For extra info, see:

Python Github vom 2024-03-20 (20.03.2024)
For extra info, see:

Python Github vom 2024-03-20 (20.03.2024)
For extra info, see:

Python Github vom 2024-03-20 (20.03.2024)
For extra info, see:

Python Github vom 2024-03-20 (20.03.2024)
For extra info, see:

Python Github vom 2024-03-20 (20.03.2024)
For extra info, see:

Python Github vom 2024-03-20 (20.03.2024)
For extra info, see:

See also  Microsoft Teams: Warning of new IT vulnerability

Discuss.Python.org as of 2024-03-20 (20.03.2024)
For extra info, see:

Version historical past of this safety alert

This is model 18 of this Python IT safety discover. This doc will likely be up to date as extra updates are introduced. You can see the modifications made utilizing the model historical past under.

March 20, 2024 – First model
03/24/2024 – New updates from Debian added
03/27/2024 – New updates from SUSE added
04/08/2024 – New updates from SUSE added
April 11, 2024 – Added new updates from IBM
May 1, 2024 – New updates from SUSE added
05/05/2024 – New updates from Gentoo added
May 7, 2024 – New updates from Dell added
May 9, 2024 – New updates from SUSE added
May 13, 2024 – Added new updates from Amazon
May 15, 2024 – Added new updates from Amazon
May 20, 2024 – New updates from SUSE added
May 22, 2024 – New updates from Fedora added
May 23, 2024 – New updates from Red Hat and Fedora have been added
May 26, 2024 – New updates from SUSE added
May 28, 2024 – New updates from Red Hat have been added
May 30, 2024 – New updates from SUSE, Red Hat and Oracle Linux added
June 2, 2024 – New Oracle Linux updates added

+++ Editorial observe: This doc relies on present BSI knowledge and will likely be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see sizzling information, present movies and a direct line to the editorial staff.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy