Oracle Linux: CVE-2024-8088: ELSA-2024-6961: python3.12 security update (MODERATE) (Multiple Advisories)
Description
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected. A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.
Solution(s)
- oracle-linux-upgrade-python3
- oracle-linux-upgrade-python3-11
- oracle-linux-upgrade-python3-11-debug
- oracle-linux-upgrade-python3-11-devel
- oracle-linux-upgrade-python3-11-idle
- oracle-linux-upgrade-python3-11-libs
- oracle-linux-upgrade-python3-11-rpm-macros
- oracle-linux-upgrade-python3-11-test
- oracle-linux-upgrade-python3-11-tkinter
- oracle-linux-upgrade-python3-12
- oracle-linux-upgrade-python3-12-debug
- oracle-linux-upgrade-python3-12-devel
- oracle-linux-upgrade-python3-12-idle
- oracle-linux-upgrade-python3-12-libs
- oracle-linux-upgrade-python3-12-rpm-macros
- oracle-linux-upgrade-python3-12-test
- oracle-linux-upgrade-python3-12-tkinter
- oracle-linux-upgrade-python39-cffi
- oracle-linux-upgrade-python39-chardet
- oracle-linux-upgrade-python39-cryptography
- oracle-linux-upgrade-python39-idna
- oracle-linux-upgrade-python39-lxml
- oracle-linux-upgrade-python39-mod-wsgi
- oracle-linux-upgrade-python39-numpy
- oracle-linux-upgrade-python39-numpy-doc
- oracle-linux-upgrade-python39-numpy-f2py
- oracle-linux-upgrade-python39-pip
- oracle-linux-upgrade-python39-pip-wheel
- oracle-linux-upgrade-python39-ply
- oracle-linux-upgrade-python39-psutil
- oracle-linux-upgrade-python39-psycopg2
- oracle-linux-upgrade-python39-psycopg2-doc
- oracle-linux-upgrade-python39-psycopg2-tests
- oracle-linux-upgrade-python39-pycparser
- oracle-linux-upgrade-python39-pymysql
- oracle-linux-upgrade-python39-pysocks
- oracle-linux-upgrade-python39-pyyaml
- oracle-linux-upgrade-python39-requests
- oracle-linux-upgrade-python39-scipy
- oracle-linux-upgrade-python39-setuptools
- oracle-linux-upgrade-python39-setuptools-wheel
- oracle-linux-upgrade-python39-six
- oracle-linux-upgrade-python39-toml
- oracle-linux-upgrade-python39-urllib3
- oracle-linux-upgrade-python39-wheel
- oracle-linux-upgrade-python39-wheel-wheel
- oracle-linux-upgrade-python3-debug
- oracle-linux-upgrade-python3-devel
- oracle-linux-upgrade-python3-idle
- oracle-linux-upgrade-python3-libs
- oracle-linux-upgrade-python3-test
- oracle-linux-upgrade-python3-tkinter
- oracle-linux-upgrade-python-unversioned-command
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center