Rocky Linux: CVE-2022-40897: python39-3.9-and-python39-devel-3.9 (Multiple Advisories)

Rocky Linux: CVE-2022-40897: python39-3.9-and-python39-devel-3.9 (Multiple Advisories)

Severity

7

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:C)

Published

12/23/2022

Created

03/13/2024

Added

03/12/2024

Modified

01/28/2025

Description

Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.

Solution(s)

• rocky-upgrade-cython-debugsource
• rocky-upgrade-numpy-debugsource
• rocky-upgrade-python-cffi-debugsource
• rocky-upgrade-python-cryptography-debugsource
• rocky-upgrade-python-lxml-debugsource
• rocky-upgrade-python-psutil-debugsource
• rocky-upgrade-python-psycopg2-debugsource
• rocky-upgrade-python39-cffi
• rocky-upgrade-python39-cffi-debuginfo
• rocky-upgrade-python39-cryptography
• rocky-upgrade-python39-cryptography-debuginfo
• rocky-upgrade-python39-cython
• rocky-upgrade-python39-cython-debuginfo
• rocky-upgrade-python39-lxml
• rocky-upgrade-python39-lxml-debuginfo
• rocky-upgrade-python39-mod_wsgi
• rocky-upgrade-python39-numpy
• rocky-upgrade-python39-numpy-debuginfo
• rocky-upgrade-python39-numpy-f2py
• rocky-upgrade-python39-psutil
• rocky-upgrade-python39-psutil-debuginfo
• rocky-upgrade-python39-psycopg2
• rocky-upgrade-python39-psycopg2-debuginfo
• rocky-upgrade-python39-psycopg2-doc
• rocky-upgrade-python39-psycopg2-tests
• rocky-upgrade-python39-pybind11
• rocky-upgrade-python39-pybind11-devel
• rocky-upgrade-python39-pyyaml
• rocky-upgrade-python39-pyyaml-debuginfo
• rocky-upgrade-python39-scipy
• rocky-upgrade-python39-scipy-debuginfo
• rocky-upgrade-pyyaml-debugsource
• rocky-upgrade-scipy-debugsource

References

• https://attackerkb.com/topics/cve-2022-40897
• CVE - 2022-40897
• https://errata.rockylinux.org/RLSA-2023:0835
• https://errata.rockylinux.org/RLSA-2023:0952
• https://errata.rockylinux.org/RLSA-2024:2985