Rocky Linux: CVE-2024-6232: python3.11 (Multiple Advisories)

Rocky Linux: CVE-2024-6232: python3.11 (Multiple Advisories)

Severity

8

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

09/03/2024

Created

10/03/2024

Added

10/02/2024

Modified

01/28/2025

Description

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Solution(s)

• rocky-upgrade-cython-debugsource
• rocky-upgrade-numpy-debugsource
• rocky-upgrade-platform-python
• rocky-upgrade-platform-python-debug
• rocky-upgrade-platform-python-devel
• rocky-upgrade-python-cffi-debugsource
• rocky-upgrade-python-cryptography-debugsource
• rocky-upgrade-python-lxml-debugsource
• rocky-upgrade-python-psutil-debugsource
• rocky-upgrade-python-psycopg2-debugsource
• rocky-upgrade-python3
• rocky-upgrade-python3-debug
• rocky-upgrade-python3-debuginfo
• rocky-upgrade-python3-debugsource
• rocky-upgrade-python3-devel
• rocky-upgrade-python3-idle
• rocky-upgrade-python3-libs
• rocky-upgrade-python3-test
• rocky-upgrade-python3-tkinter
• rocky-upgrade-python3.11
• rocky-upgrade-python3.11-debug
• rocky-upgrade-python3.11-debuginfo
• rocky-upgrade-python3.11-debugsource
• rocky-upgrade-python3.11-devel
• rocky-upgrade-python3.11-idle
• rocky-upgrade-python3.11-libs
• rocky-upgrade-python3.11-test
• rocky-upgrade-python3.11-tkinter
• rocky-upgrade-python3.12
• rocky-upgrade-python3.12-debug
• rocky-upgrade-python3.12-debuginfo
• rocky-upgrade-python3.12-debugsource
• rocky-upgrade-python3.12-devel
• rocky-upgrade-python3.12-idle
• rocky-upgrade-python3.12-libs
• rocky-upgrade-python3.12-test
• rocky-upgrade-python3.12-tkinter
• rocky-upgrade-python39
• rocky-upgrade-python39-cffi
• rocky-upgrade-python39-cffi-debuginfo
• rocky-upgrade-python39-cryptography
• rocky-upgrade-python39-cryptography-debuginfo
• rocky-upgrade-python39-cython
• rocky-upgrade-python39-cython-debuginfo
• rocky-upgrade-python39-debug
• rocky-upgrade-python39-debuginfo
• rocky-upgrade-python39-debugsource
• rocky-upgrade-python39-devel
• rocky-upgrade-python39-idle
• rocky-upgrade-python39-libs
• rocky-upgrade-python39-lxml
• rocky-upgrade-python39-lxml-debuginfo
• rocky-upgrade-python39-mod_wsgi
• rocky-upgrade-python39-numpy
• rocky-upgrade-python39-numpy-debuginfo
• rocky-upgrade-python39-numpy-f2py
• rocky-upgrade-python39-psutil
• rocky-upgrade-python39-psutil-debuginfo
• rocky-upgrade-python39-psycopg2
• rocky-upgrade-python39-psycopg2-debuginfo
• rocky-upgrade-python39-psycopg2-doc
• rocky-upgrade-python39-psycopg2-tests
• rocky-upgrade-python39-pybind11
• rocky-upgrade-python39-pybind11-devel
• rocky-upgrade-python39-pyyaml
• rocky-upgrade-python39-pyyaml-debuginfo
• rocky-upgrade-python39-scipy
• rocky-upgrade-python39-scipy-debuginfo
• rocky-upgrade-python39-test
• rocky-upgrade-python39-tkinter
• rocky-upgrade-pyyaml-debugsource
• rocky-upgrade-scipy-debugsource

References

• https://attackerkb.com/topics/cve-2024-6232
• CVE - 2024-6232
• https://errata.rockylinux.org/RLSA-2024:6975
• https://errata.rockylinux.org/RLSA-2024:8359
• https://errata.rockylinux.org/RLSA-2024:8374
• https://errata.rockylinux.org/RLSA-2024:8446
• https://errata.rockylinux.org/RLSA-2024:8447
• https://errata.rockylinux.org/RLSA-2024:8836
• https://errata.rockylinux.org/RLSA-2024:8838

View more