Red Hat Product Errata RHSA-2024:8838 - Security Advisory
Issued:
2024-11-05
Updated:
2024-11-05

RHSA-2024:8838 - Security Advisory

Synopsis

Moderate: python3.11 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python3.11 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2309426 - CVE-2024-6232 python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

Red Hat Enterprise Linux for x86_64 8

SRPM
python3.11-3.11.10-1.el8_10.src.rpm SHA-256: 5dbf58d77f0f310cbac0b4ca4250af6cdc651e4a2362e6f85ebe7e20740bd290
x86_64
python3.11-3.11.10-1.el8_10.x86_64.rpm SHA-256: 905591db4a496d49645c29458369b7fa5507003f3261f7c5a1bac0ccc9364a61
python3.11-debuginfo-3.11.10-1.el8_10.i686.rpm SHA-256: bd648757bd1bc2bd451c4931b46afac69711373f1165f986d1bf25b1e22a208f
python3.11-debuginfo-3.11.10-1.el8_10.x86_64.rpm SHA-256: acb0d6aec9f725fe6ae38315cf41bfa2f6b7549628874099e1897c216ba1fc5d
python3.11-debugsource-3.11.10-1.el8_10.i686.rpm SHA-256: 73beb4a28c2c7cde32ce4491de9c4e51083b02a119141eb405ed7178d5af24d2
python3.11-debugsource-3.11.10-1.el8_10.x86_64.rpm SHA-256: fb67e884dff4fca54613b65a3b65d1c66b7f5dabfe750c94339fcbef92b32019
python3.11-devel-3.11.10-1.el8_10.i686.rpm SHA-256: 44e1f49de8e7ca752faf77f1ec52116c147a497e8591de97cce3cb12dc7cd32c
python3.11-devel-3.11.10-1.el8_10.x86_64.rpm SHA-256: bc29b6b075917b4270eacc59b04b285eba70cb002c0e8c2a0c0f8c83b6ebc36d
python3.11-libs-3.11.10-1.el8_10.i686.rpm SHA-256: 70833ca2b3bc1c809cea5dd507c5f0ca2c8330d9bbaf98438aea9c8b3433ce32
python3.11-libs-3.11.10-1.el8_10.x86_64.rpm SHA-256: a03cbefb0fe60078af055c8866b4989bd321b5fae5cf15f630db05f087fe3e54
python3.11-rpm-macros-3.11.10-1.el8_10.noarch.rpm SHA-256: 7c07ff097c267d45ac7174e80ae7ea5699ed15e4bf970c536bc165917988e6b5
python3.11-tkinter-3.11.10-1.el8_10.x86_64.rpm SHA-256: b471c0d39245d3cc433d893d8efd4f250fb0eee32af7f76128444e0c15b3e334

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
python3.11-3.11.10-1.el8_10.src.rpm SHA-256: 5dbf58d77f0f310cbac0b4ca4250af6cdc651e4a2362e6f85ebe7e20740bd290
s390x
python3.11-3.11.10-1.el8_10.s390x.rpm SHA-256: b2ccecd358941a7761e40b9d30854b35fc7dc3df0d5bab7fda7960c9540a7681
python3.11-debuginfo-3.11.10-1.el8_10.s390x.rpm SHA-256: bd89076fd8822b6795e11880ddbe4cc7b37a5701964594b654155f7526dde248
python3.11-debugsource-3.11.10-1.el8_10.s390x.rpm SHA-256: 57d87f9d376da98ec4b8bd37ca9b449c061805f96e0e83d34b9caa6e95dcc97b
python3.11-devel-3.11.10-1.el8_10.s390x.rpm SHA-256: a95dc5801a299dd3387106fd253bd2796836e177fc63f3a865ae15d3af4824b0
python3.11-libs-3.11.10-1.el8_10.s390x.rpm SHA-256: bff435c78d213fb735e8b0d070526fab28707e982eb1b088b88ad626fc791d30
python3.11-rpm-macros-3.11.10-1.el8_10.noarch.rpm SHA-256: 7c07ff097c267d45ac7174e80ae7ea5699ed15e4bf970c536bc165917988e6b5
python3.11-tkinter-3.11.10-1.el8_10.s390x.rpm SHA-256: 0ec54bbfd822dccaf16ea9d38ec3432f6bc0755206683701c00709b8ed8bad0b

Red Hat Enterprise Linux for Power, little endian 8

SRPM
python3.11-3.11.10-1.el8_10.src.rpm SHA-256: 5dbf58d77f0f310cbac0b4ca4250af6cdc651e4a2362e6f85ebe7e20740bd290
ppc64le
python3.11-3.11.10-1.el8_10.ppc64le.rpm SHA-256: 16487c84e830a2b5dcaa36d8a5b69460d73ca7bd687627acf3039f42425e0e75
python3.11-debuginfo-3.11.10-1.el8_10.ppc64le.rpm SHA-256: 60b02217a6fc8d2211e9eff7d44d29373223cbda8214cd7f6a3b31f8a88076af
python3.11-debugsource-3.11.10-1.el8_10.ppc64le.rpm SHA-256: ae8ac90e40bb0a5e494e5fd93a5872c9216c721c1a5593bcbdf2f07310c0cd01
python3.11-devel-3.11.10-1.el8_10.ppc64le.rpm SHA-256: a1ff83d5084533e8dec46e643485bcc6fdcd066780b49b85fae743b54b138088
python3.11-libs-3.11.10-1.el8_10.ppc64le.rpm SHA-256: 21f2b1ee30cfcb3fce8868dbbda507071b94b5b6d61a0290e3874b8a9c8244bb
python3.11-rpm-macros-3.11.10-1.el8_10.noarch.rpm SHA-256: 7c07ff097c267d45ac7174e80ae7ea5699ed15e4bf970c536bc165917988e6b5
python3.11-tkinter-3.11.10-1.el8_10.ppc64le.rpm SHA-256: 4a5e4c311f05577e33189c080bbad10311283afe672fed32d3311e0cc772e2e7

Red Hat Enterprise Linux for ARM 64 8

SRPM
python3.11-3.11.10-1.el8_10.src.rpm SHA-256: 5dbf58d77f0f310cbac0b4ca4250af6cdc651e4a2362e6f85ebe7e20740bd290
aarch64
python3.11-3.11.10-1.el8_10.aarch64.rpm SHA-256: dffaebdfea3fae47d45300a9585b5eb5bb94584a4d3bd4460308e8a17195a388
python3.11-debuginfo-3.11.10-1.el8_10.aarch64.rpm SHA-256: c744a5ebc1e730f03aa4c405d82f2244ac203c7f60e73d259984500a86d0ab68
python3.11-debugsource-3.11.10-1.el8_10.aarch64.rpm SHA-256: 931ebec7a7b2adf4f2a93c0fb96ca9cfe5ea740e9922b2459126d720e40ab399
python3.11-devel-3.11.10-1.el8_10.aarch64.rpm SHA-256: 0f55c271ed566b6f3580cfaa9d0650e7d56a25d98f65e90420294def935f7ce7
python3.11-libs-3.11.10-1.el8_10.aarch64.rpm SHA-256: f02d4192a6eaffe32a54c309feaa7d7bbb001b8a74e9614429fe22b4acf84a51
python3.11-rpm-macros-3.11.10-1.el8_10.noarch.rpm SHA-256: 7c07ff097c267d45ac7174e80ae7ea5699ed15e4bf970c536bc165917988e6b5
python3.11-tkinter-3.11.10-1.el8_10.aarch64.rpm SHA-256: 7288c828c01da155751ac9d1620b68e0c7b68f3bcc507535790fa9e21d177cb1

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
python3.11-3.11.10-1.el8_10.i686.rpm SHA-256: 3b9b576f41bb62540f50531f6ba95e5d13251ecce2b9919b59e913551c149a69
python3.11-debug-3.11.10-1.el8_10.i686.rpm SHA-256: bb85b6bfa2eb45db498d758a1f143d944f56c074c95d0bfa4aab344e00c2dbea
python3.11-debug-3.11.10-1.el8_10.x86_64.rpm SHA-256: 7ac8c70cc79aea461d24463a2888f03138c4b71dce6c18aaa14ff83be31a0716
python3.11-debuginfo-3.11.10-1.el8_10.i686.rpm SHA-256: bd648757bd1bc2bd451c4931b46afac69711373f1165f986d1bf25b1e22a208f
python3.11-debuginfo-3.11.10-1.el8_10.x86_64.rpm SHA-256: acb0d6aec9f725fe6ae38315cf41bfa2f6b7549628874099e1897c216ba1fc5d
python3.11-debugsource-3.11.10-1.el8_10.i686.rpm SHA-256: 73beb4a28c2c7cde32ce4491de9c4e51083b02a119141eb405ed7178d5af24d2
python3.11-debugsource-3.11.10-1.el8_10.x86_64.rpm SHA-256: fb67e884dff4fca54613b65a3b65d1c66b7f5dabfe750c94339fcbef92b32019
python3.11-idle-3.11.10-1.el8_10.i686.rpm SHA-256: 90310baf1f22401e0388de97c8ff59d32b9912dd8caba5535dcd4b19915277a7
python3.11-idle-3.11.10-1.el8_10.x86_64.rpm SHA-256: 1bd1535e4069482f491680261955b026d9c91e263d9dcbbdbb1c3ca8ef1be6b4
python3.11-test-3.11.10-1.el8_10.i686.rpm SHA-256: e84dd8f451c60c9dee7cdc3fecde06fb9b99f0abbee4af3af6c4aaf1c254742e
python3.11-test-3.11.10-1.el8_10.x86_64.rpm SHA-256: 0c81435c0c979e04a867b72e4dad973ed6b24bdd117d9fb1bc65fb6a9181034a
python3.11-tkinter-3.11.10-1.el8_10.i686.rpm SHA-256: a8d61d324d6d36f2dd64455da96d58bcf653f14ecb92546a4377eac6034ca536

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
python3.11-debug-3.11.10-1.el8_10.ppc64le.rpm SHA-256: 0303c39b3bbc8f71f4856f2d40813481e8b2c73a1ce1ca0eef0a58feb2bdd61c
python3.11-debuginfo-3.11.10-1.el8_10.ppc64le.rpm SHA-256: 60b02217a6fc8d2211e9eff7d44d29373223cbda8214cd7f6a3b31f8a88076af
python3.11-debugsource-3.11.10-1.el8_10.ppc64le.rpm SHA-256: ae8ac90e40bb0a5e494e5fd93a5872c9216c721c1a5593bcbdf2f07310c0cd01
python3.11-idle-3.11.10-1.el8_10.ppc64le.rpm SHA-256: 5edc43230a1a8c25438b04d4e85dc9397e541cbe67b1df78d0bcdad988ea2353
python3.11-test-3.11.10-1.el8_10.ppc64le.rpm SHA-256: daef1f62b0ea4e2071ebca7b137e95ea7ef62075cc7b8fd02e943d67c44701ae

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
python3.11-debug-3.11.10-1.el8_10.aarch64.rpm SHA-256: 5a48bb5aeeae2727859c93342b4ffa6610ea2500bc83b5d3bd3f9e99afc55fe0
python3.11-debuginfo-3.11.10-1.el8_10.aarch64.rpm SHA-256: c744a5ebc1e730f03aa4c405d82f2244ac203c7f60e73d259984500a86d0ab68
python3.11-debugsource-3.11.10-1.el8_10.aarch64.rpm SHA-256: 931ebec7a7b2adf4f2a93c0fb96ca9cfe5ea740e9922b2459126d720e40ab399
python3.11-idle-3.11.10-1.el8_10.aarch64.rpm SHA-256: d7e6a58660e376eb303fe5fbb678fa86dbe8c04e211fe67b4a22ad1bffb95bec
python3.11-test-3.11.10-1.el8_10.aarch64.rpm SHA-256: 04e0c17258f444e0616ad843425cb0d4ccb41ca8ccb2c564bf7f9806b162566a

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
python3.11-debug-3.11.10-1.el8_10.s390x.rpm SHA-256: aab14879027d9b7db4ec186108a0df91aa708dba829389b15bee22c37ef8390a
python3.11-debuginfo-3.11.10-1.el8_10.s390x.rpm SHA-256: bd89076fd8822b6795e11880ddbe4cc7b37a5701964594b654155f7526dde248
python3.11-debugsource-3.11.10-1.el8_10.s390x.rpm SHA-256: 57d87f9d376da98ec4b8bd37ca9b449c061805f96e0e83d34b9caa6e95dcc97b
python3.11-idle-3.11.10-1.el8_10.s390x.rpm SHA-256: 718c29e13a5e1e7c6faab4e5556883629f3c05aa7233efa1f7724509794d173c
python3.11-test-3.11.10-1.el8_10.s390x.rpm SHA-256: 1e0d8dd005aad84a7692e7fd1283cba415544e305f8f17a0f4a79b1813a52d11

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.