-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: python3.9 security update Advisory ID: RHSA-2023:3595-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:3595 Issue date: 2023-06-14 CVE Names: CVE-2023-24329 ===================================================================== 1. Summary: An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: urllib.parse url blocklisting bypass (CVE-2023-24329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2173917 - CVE-2023-24329 python: urllib.parse url blocklisting bypass 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): aarch64: python3-devel-3.9.16-1.el9_2.1.aarch64.rpm python3-tkinter-3.9.16-1.el9_2.1.aarch64.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.aarch64.rpm python3.9-debugsource-3.9.16-1.el9_2.1.aarch64.rpm noarch: python-unversioned-command-3.9.16-1.el9_2.1.noarch.rpm ppc64le: python3-devel-3.9.16-1.el9_2.1.ppc64le.rpm python3-tkinter-3.9.16-1.el9_2.1.ppc64le.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.ppc64le.rpm python3.9-debugsource-3.9.16-1.el9_2.1.ppc64le.rpm s390x: python3-devel-3.9.16-1.el9_2.1.s390x.rpm python3-tkinter-3.9.16-1.el9_2.1.s390x.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.s390x.rpm python3.9-debugsource-3.9.16-1.el9_2.1.s390x.rpm x86_64: python3-devel-3.9.16-1.el9_2.1.i686.rpm python3-devel-3.9.16-1.el9_2.1.x86_64.rpm python3-tkinter-3.9.16-1.el9_2.1.x86_64.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.i686.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.x86_64.rpm python3.9-debugsource-3.9.16-1.el9_2.1.i686.rpm python3.9-debugsource-3.9.16-1.el9_2.1.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 9): Source: python3.9-3.9.16-1.el9_2.1.src.rpm aarch64: python3-3.9.16-1.el9_2.1.aarch64.rpm python3-libs-3.9.16-1.el9_2.1.aarch64.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.aarch64.rpm python3.9-debugsource-3.9.16-1.el9_2.1.aarch64.rpm ppc64le: python3-3.9.16-1.el9_2.1.ppc64le.rpm python3-libs-3.9.16-1.el9_2.1.ppc64le.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.ppc64le.rpm python3.9-debugsource-3.9.16-1.el9_2.1.ppc64le.rpm s390x: python3-3.9.16-1.el9_2.1.s390x.rpm python3-libs-3.9.16-1.el9_2.1.s390x.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.s390x.rpm python3.9-debugsource-3.9.16-1.el9_2.1.s390x.rpm x86_64: python3-3.9.16-1.el9_2.1.x86_64.rpm python3-libs-3.9.16-1.el9_2.1.i686.rpm python3-libs-3.9.16-1.el9_2.1.x86_64.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.i686.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.x86_64.rpm python3.9-debugsource-3.9.16-1.el9_2.1.i686.rpm python3.9-debugsource-3.9.16-1.el9_2.1.x86_64.rpm Red Hat Enterprise Linux CRB (v. 9): aarch64: python3-debug-3.9.16-1.el9_2.1.aarch64.rpm python3-idle-3.9.16-1.el9_2.1.aarch64.rpm python3-test-3.9.16-1.el9_2.1.aarch64.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.aarch64.rpm python3.9-debugsource-3.9.16-1.el9_2.1.aarch64.rpm ppc64le: python3-debug-3.9.16-1.el9_2.1.ppc64le.rpm python3-idle-3.9.16-1.el9_2.1.ppc64le.rpm python3-test-3.9.16-1.el9_2.1.ppc64le.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.ppc64le.rpm python3.9-debugsource-3.9.16-1.el9_2.1.ppc64le.rpm s390x: python3-debug-3.9.16-1.el9_2.1.s390x.rpm python3-idle-3.9.16-1.el9_2.1.s390x.rpm python3-test-3.9.16-1.el9_2.1.s390x.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.s390x.rpm python3.9-debugsource-3.9.16-1.el9_2.1.s390x.rpm x86_64: python3-3.9.16-1.el9_2.1.i686.rpm python3-debug-3.9.16-1.el9_2.1.i686.rpm python3-debug-3.9.16-1.el9_2.1.x86_64.rpm python3-idle-3.9.16-1.el9_2.1.i686.rpm python3-idle-3.9.16-1.el9_2.1.x86_64.rpm python3-test-3.9.16-1.el9_2.1.i686.rpm python3-test-3.9.16-1.el9_2.1.x86_64.rpm python3-tkinter-3.9.16-1.el9_2.1.i686.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.i686.rpm python3.9-debuginfo-3.9.16-1.el9_2.1.x86_64.rpm python3.9-debugsource-3.9.16-1.el9_2.1.i686.rpm python3.9-debugsource-3.9.16-1.el9_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZIm299zjgjWX9erEAQgn/w/9HVPuvhAi4ny11jxkXuRJkHJI5oFy9JDW OF8yHqyap3oZTLSxvh5EbgfGHVzQKyLO2nMdYsAysj4pqnTqDxk42dcy7dR32B7C fIKWz5mB0+6l3lW2Unig0l/0SLJkKl6YgOcHoeJyOO9M3X6Iv4UxY7g/mGf45szn aNmOo5+9d4LawxlZoAzOTg7PrGVEW/Mm1tESUStyHWYEGUqHANRX9C7pJ8rGQPBP tJ74kRSwDGofffMGGKQ+BeDnKP4230OZojLKb0LmL1xMGG6qi6LZVQdvGhjxjXOX ZOlI6v/RCVndv2kzeNHMFJWPXgqNHVnS8NKSQFFwH4XMSHALEhJHfCY+EDrnrxbE mMPEXMNVlkmnzjw585oEG4qmc4oR9m/tVo8VGA4R5eswvQcsa/TG5IxzA22V5k48 YjwVgp25ATXTrGVJsGK1zxD5fM5PO5kRsIW3SDpCNWIcD26iPCv3GnNvKFGqyoe8 8EX/gwx5IdIt47g61lBRE5qihJxl06xaM7+SDwDQqIEwQYZF50+BFvWfIXsPI7W9 5CqSHJfnkWPau//KNXLTxzui/NEFmUQmRloBm3t1wU6dEwDARXoCRg/Hie4oVq/l ye6HaZs1QHfkG8+CmhaBattlmpgqRrSxBVqYQZEIbSQgJdGSUedZEsr09CAZ5Mni tk8YEx1JkVU= =OA+2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce