As BSI experiences, the IT safety alert, which considerations the Python vulnerability, has obtained an replace. You can examine which working techniques and merchandise are affected by the safety hole right here at information.de.
Federal workplace for Security on Information Technology (BSI) issued an replace on May 23, 2024 for a recognized safety hole on March 20, 2024. Python revealed. A safety vulnerability impacts macOS purposes.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Fedora Security Advisory FEDORA-2024-18B9C9B9CF (From 23 May 2024). Some helpful sources are listed later on this article.
Python Security Advisory – Risk: Medium
Risk stage: 4 (average)
CVSS Base Score: 7.8
CVSS provisional rating: 6,8
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of safety vulnerabilities in pc techniques. The CVSS commonplace makes it doable to match potential or precise safety dangers primarily based on varied standards with a view to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For non permanent impact, body circumstances that will change over time are thought-about within the take a look at. The severity of the vulnerability talked about right here is assessed as “average” in accordance with the CVSS with a base rating of seven.8.
Python bug: Multiple vulnerabilities permit code execution and DoS
Python is a general-purpose, generally interpreted, high-level language.
An attacker might exploit a number of vulnerabilities in Python to execute arbitrary code or trigger a denial of service situation.
Vulnerabilities are labeled utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2023-6597, CVE-2024-0450 and CVE-2023-52425.
Systems affected by the Python safety vulnerability at a look
Operating techniques
MacOS X, Windows
Products
IBM AIX 7.3 (cpe:/o:ibm:aix)
IBM VIOS 4.1 (cpe:/a:ibm:vios)
Debian Linux (cpe:/o:debian:debian_linux)
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
SUSE Linux (cpe:/o:use:suse_linux)
Gentoo Linux (cpe:/o:gentoo:linux)
EMC Avamar (cpe:/a:emc:avamar)
Open Source Python Open Source Python Open Source Python Dell NetWorker digital (cpe:/a:dell:networker)
General suggestions for addressing IT safety gaps
- Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This usually incorporates further details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
- If you’ve got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to test each time a producing firm makes a brand new safety replace accessible.
Manufacturer details about updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug experiences, safety fixes and workarounds.
Fedora Security Advisory FEDORA-2024-18B9C9B9CF vom 2024-05-23 (23.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:3347 vom 2024-05-23 (23.05.2024)
For extra data, see:
Fedora Security Advisory FEDORA-2024-A702B78744 vom 2024-05-22 (22.05.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1698-1 vom 2024-05-20 (20.05.2024)
For extra data, see:
Amazon Linux Security Advisory ALAS-2024-2541 vom 2024-05-15 (15.05.2024)
For extra data, see:
Amazon Linux Security Advisory ALAS-2024-1936 vom 2024-05-13 (13.05.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1556-1 vom 2024-05-08 (09.05.2024)
For extra data, see:
Dell Security Advisory DSA-2024-198 vom 2024-05-08 (07.05.2024)
For extra data, see:
Gentoo Linux Security Advisory GLSA-202405-01 vom 2024-05-04 (05.05.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:0782-2 vom 2024-04-30 (01.05.2024)
For extra data, see:
IBM Security Bulletin 7148151 vom 2024-04-12 (11.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1162-1 vom 2024-04-08 (08.04.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2024:1009-1 vom 2024-03-27 (27.03.2024)
For extra data, see:
Debian Security Advisory DLA-3772 vom 2024-03-24 (24.03.2024)
For extra data, see:
Debian Security Advisory DLA-3771 vom 2024-03-24 (24.03.2024)
For extra data, see:
Proof of Concept (PoC) für CVE-2023-52425 (20.03.2024)
For extra data, see:
NVD CVE-2023-52425 (20.03.2024)
For extra data, see:
NATIONAL ACCIDENT DATABASE (20.03.2024)
For extra data, see:
GitHub Advisory Database (20.03.2024)
For extra data, see:
Python Github vom 2024-03-20 (20.03.2024)
For extra data, see:
Python Github vom 2024-03-20 (20.03.2024)
For extra data, see:
Python Github vom 2024-03-20 (20.03.2024)
For extra data, see:
Python Github vom 2024-03-20 (20.03.2024)
For extra data, see:
Python Github vom 2024-03-20 (20.03.2024)
For extra data, see:
Python Github vom 2024-03-20 (20.03.2024)
For extra data, see:
Python Github vom 2024-03-20 (20.03.2024)
For extra data, see:
Discuss.Python.org as of 2024-03-20 (20.03.2024)
For extra data, see:
Version historical past of this safety alert
This is model 14 of this Python IT safety discover. If additional updates are introduced, this doc might be up to date. You can examine adjustments or additions on this model historical past.
March 20, 2024 – First model
03/24/2024 – New updates from Debian added
03/27/2024 – New updates from SUSE added
04/08/2024 – New updates from SUSE added
April 11, 2024 – Added new updates from IBM
May 1, 2024 – New updates from SUSE added
05/05/2024 – New updates from Gentoo added
May 7, 2024 – New updates from Dell added
May 9, 2024 – New updates from SUSE added
May 13, 2024 – Added new updates from Amazon
May 15, 2024 – Added new updates from Amazon
May 20, 2024 – New updates from SUSE added
May 22, 2024 – New updates from Fedora added
May 23, 2024 – New updates from Red Hat and Fedora have been added
+++ Editorial be aware: This doc relies on present BSI knowledge and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover sizzling information, present movies and a direct line to the editorial workforce.
kns/roj/information.de