Oracle Linux: CVE-2024-8088: ELSA-2024-6961: python3.12 security update (MODERATE) (Multiple Advisories)

Oracle Linux: CVE-2024-8088: ELSA-2024-6961:python3.12 security update (MODERATE) (Multiple Advisories)

Severity

5

CVSS

(AV:N/AC:H/Au:N/C:N/I:N/A:C)

Published

08/22/2024

Created

10/18/2024

Added

10/16/2024

Modified

01/07/2025

Description

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected. A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.

Solution(s)

• oracle-linux-upgrade-python3
• oracle-linux-upgrade-python3-11
• oracle-linux-upgrade-python3-11-debug
• oracle-linux-upgrade-python3-11-devel
• oracle-linux-upgrade-python3-11-idle
• oracle-linux-upgrade-python3-11-libs
• oracle-linux-upgrade-python3-11-rpm-macros
• oracle-linux-upgrade-python3-11-test
• oracle-linux-upgrade-python3-11-tkinter
• oracle-linux-upgrade-python3-12
• oracle-linux-upgrade-python3-12-debug
• oracle-linux-upgrade-python3-12-devel
• oracle-linux-upgrade-python3-12-idle
• oracle-linux-upgrade-python3-12-libs
• oracle-linux-upgrade-python3-12-rpm-macros
• oracle-linux-upgrade-python3-12-test
• oracle-linux-upgrade-python3-12-tkinter
• oracle-linux-upgrade-python39
• oracle-linux-upgrade-python39-cffi
• oracle-linux-upgrade-python39-chardet
• oracle-linux-upgrade-python39-cryptography
• oracle-linux-upgrade-python39-debug
• oracle-linux-upgrade-python39-devel
• oracle-linux-upgrade-python39-idle
• oracle-linux-upgrade-python39-idna
• oracle-linux-upgrade-python39-libs
• oracle-linux-upgrade-python39-lxml
• oracle-linux-upgrade-python39-mod-wsgi
• oracle-linux-upgrade-python39-numpy
• oracle-linux-upgrade-python39-numpy-doc
• oracle-linux-upgrade-python39-numpy-f2py
• oracle-linux-upgrade-python39-pip
• oracle-linux-upgrade-python39-pip-wheel
• oracle-linux-upgrade-python39-ply
• oracle-linux-upgrade-python39-psutil
• oracle-linux-upgrade-python39-psycopg2
• oracle-linux-upgrade-python39-psycopg2-doc
• oracle-linux-upgrade-python39-psycopg2-tests
• oracle-linux-upgrade-python39-pycparser
• oracle-linux-upgrade-python39-pymysql
• oracle-linux-upgrade-python39-pysocks
• oracle-linux-upgrade-python39-pyyaml
• oracle-linux-upgrade-python39-requests
• oracle-linux-upgrade-python39-rpm-macros
• oracle-linux-upgrade-python39-scipy
• oracle-linux-upgrade-python39-setuptools
• oracle-linux-upgrade-python39-setuptools-wheel
• oracle-linux-upgrade-python39-six
• oracle-linux-upgrade-python39-test
• oracle-linux-upgrade-python39-tkinter
• oracle-linux-upgrade-python39-toml
• oracle-linux-upgrade-python39-urllib3
• oracle-linux-upgrade-python39-wheel
• oracle-linux-upgrade-python39-wheel-wheel
• oracle-linux-upgrade-python3-debug
• oracle-linux-upgrade-python3-devel
• oracle-linux-upgrade-python3-idle
• oracle-linux-upgrade-python3-libs
• oracle-linux-upgrade-python3-test
• oracle-linux-upgrade-python3-tkinter
• oracle-linux-upgrade-python-unversioned-command

References

• https://attackerkb.com/topics/cve-2024-8088
• CVE - 2024-8088
• ELSA-2024-6961
• ELSA-2024-6962
• ELSA-2024-5962
• ELSA-2024-9371
• ELSA-2024-9190
• ELSA-2024-9192

View more