vulnerability
Alma Linux: CVE-2024-0450: Important: python3.11 security update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:N/I:N/A:C) | 03/19/2024 | 05/31/2024 | 04/23/2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
03/19/2024
Added
05/31/2024
Modified
04/23/2025
Description
An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.
Solution(s)
alma-upgrade-platform-pythonalma-upgrade-platform-python-debugalma-upgrade-platform-python-develalma-upgrade-python-unversioned-commandalma-upgrade-python3alma-upgrade-python3-debugalma-upgrade-python3-develalma-upgrade-python3-idlealma-upgrade-python3-libsalma-upgrade-python3-testalma-upgrade-python3-tkinteralma-upgrade-python3.11alma-upgrade-python3.11-debugalma-upgrade-python3.11-develalma-upgrade-python3.11-idlealma-upgrade-python3.11-libsalma-upgrade-python3.11-rpm-macrosalma-upgrade-python3.11-testalma-upgrade-python3.11-tkinteralma-upgrade-python3.12alma-upgrade-python3.12-debugalma-upgrade-python3.12-develalma-upgrade-python3.12-idlealma-upgrade-python3.12-libsalma-upgrade-python3.12-rpm-macrosalma-upgrade-python3.12-testalma-upgrade-python3.12-tkinteralma-upgrade-python39alma-upgrade-python39-attrsalma-upgrade-python39-cffialma-upgrade-python39-chardetalma-upgrade-python39-cryptographyalma-upgrade-python39-cythonalma-upgrade-python39-debugalma-upgrade-python39-develalma-upgrade-python39-idlealma-upgrade-python39-idnaalma-upgrade-python39-iniconfigalma-upgrade-python39-libsalma-upgrade-python39-lxmlalma-upgrade-python39-mod_wsgialma-upgrade-python39-more-itertoolsalma-upgrade-python39-numpyalma-upgrade-python39-numpy-docalma-upgrade-python39-numpy-f2pyalma-upgrade-python39-packagingalma-upgrade-python39-pipalma-upgrade-python39-pip-wheelalma-upgrade-python39-pluggyalma-upgrade-python39-plyalma-upgrade-python39-psutilalma-upgrade-python39-psycopg2alma-upgrade-python39-psycopg2-docalma-upgrade-python39-psycopg2-testsalma-upgrade-python39-pyalma-upgrade-python39-pybind11alma-upgrade-python39-pybind11-develalma-upgrade-python39-pycparseralma-upgrade-python39-pymysqlalma-upgrade-python39-pyparsingalma-upgrade-python39-pysocksalma-upgrade-python39-pytestalma-upgrade-python39-pyyamlalma-upgrade-python39-requestsalma-upgrade-python39-rpm-macrosalma-upgrade-python39-scipyalma-upgrade-python39-setuptoolsalma-upgrade-python39-setuptools-wheelalma-upgrade-python39-sixalma-upgrade-python39-testalma-upgrade-python39-tkinteralma-upgrade-python39-tomlalma-upgrade-python39-urllib3alma-upgrade-python39-wcwidthalma-upgrade-python39-wheelalma-upgrade-python39-wheel-wheel
References
- CVE-2024-0450
- https://attackerkb.com/topics/CVE-2024-0450
- URL-https://errata.almalinux.org/8/ALSA-2024-3347.html
- URL-https://errata.almalinux.org/8/ALSA-2024-3466.html
- URL-https://errata.almalinux.org/8/ALSA-2024-4058.html
- URL-https://errata.almalinux.org/8/ALSA-2024-4243.html
- URL-https://errata.almalinux.org/9/ALSA-2024-4078.html
- URL-https://errata.almalinux.org/9/ALSA-2024-9190.html
- URL-https://errata.almalinux.org/9/ALSA-2024-9192.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.