vulnerability
Oracle Linux: CVE-2023-6597: ELSA-2024-3347: python3 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:N/C:C/I:C/A:N) | Mar 19, 2024 | May 30, 2024 | Sep 2, 2025 |
Severity
6
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:N)
Published
Mar 19, 2024
Added
May 30, 2024
Modified
Sep 2, 2025
Description
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.
Solutions
oracle-linux-upgrade-platform-pythonoracle-linux-upgrade-platform-python-debugoracle-linux-upgrade-platform-python-develoracle-linux-upgrade-python3oracle-linux-upgrade-python3-11oracle-linux-upgrade-python3-11-debugoracle-linux-upgrade-python3-11-develoracle-linux-upgrade-python3-11-idleoracle-linux-upgrade-python3-11-libsoracle-linux-upgrade-python3-11-rpm-macrosoracle-linux-upgrade-python3-11-testoracle-linux-upgrade-python3-11-tkinteroracle-linux-upgrade-python39oracle-linux-upgrade-python39-cffioracle-linux-upgrade-python39-chardetoracle-linux-upgrade-python39-cryptographyoracle-linux-upgrade-python39-debugoracle-linux-upgrade-python39-develoracle-linux-upgrade-python39-idleoracle-linux-upgrade-python39-idnaoracle-linux-upgrade-python39-libsoracle-linux-upgrade-python39-lxmloracle-linux-upgrade-python39-mod-wsgioracle-linux-upgrade-python39-numpyoracle-linux-upgrade-python39-numpy-docoracle-linux-upgrade-python39-numpy-f2pyoracle-linux-upgrade-python39-piporacle-linux-upgrade-python39-pip-wheeloracle-linux-upgrade-python39-plyoracle-linux-upgrade-python39-psutiloracle-linux-upgrade-python39-psycopg2oracle-linux-upgrade-python39-psycopg2-docoracle-linux-upgrade-python39-psycopg2-testsoracle-linux-upgrade-python39-pycparseroracle-linux-upgrade-python39-pymysqloracle-linux-upgrade-python39-pysocksoracle-linux-upgrade-python39-pyyamloracle-linux-upgrade-python39-requestsoracle-linux-upgrade-python39-rpm-macrosoracle-linux-upgrade-python39-scipyoracle-linux-upgrade-python39-setuptoolsoracle-linux-upgrade-python39-setuptools-wheeloracle-linux-upgrade-python39-sixoracle-linux-upgrade-python39-testoracle-linux-upgrade-python39-tkinteroracle-linux-upgrade-python39-tomloracle-linux-upgrade-python39-urllib3oracle-linux-upgrade-python39-wheeloracle-linux-upgrade-python39-wheel-wheeloracle-linux-upgrade-python3-debugoracle-linux-upgrade-python3-develoracle-linux-upgrade-python3-idleoracle-linux-upgrade-python3-libsoracle-linux-upgrade-python3-testoracle-linux-upgrade-python3-tkinteroracle-linux-upgrade-python-unversioned-command
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.