Anolis OS update for python27:2.7 module

Published: 2023-06-25 | Updated: 2025-03-28

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2022-45061
CWE-ID	CWE-400
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Anolis OS Operating systems & Components / Operating system python2-pip-wheel Operating systems & Components / Operating system package or component python2-pip Operating systems & Components / Operating system package or component python2-numpy-doc Operating systems & Components / Operating system package or component python2-tools Operating systems & Components / Operating system package or component python2-tkinter Operating systems & Components / Operating system package or component python2-test Operating systems & Components / Operating system package or component python2-numpy-f2py Operating systems & Components / Operating system package or component python2-numpy Operating systems & Components / Operating system package or component python2-libs Operating systems & Components / Operating system package or component python2-devel Operating systems & Components / Operating system package or component python2-debug Operating systems & Components / Operating system package or component python2 Operating systems & Components / Operating system package or component python2-wheel-wheel Operating systems & Components / Operating system package or component python2-wheel Operating systems & Components / Operating system package or component python2-virtualenv Operating systems & Components / Operating system package or component python2-urllib3 Operating systems & Components / Operating system package or component python2-six Operating systems & Components / Operating system package or component python2-setuptools_scm Operating systems & Components / Operating system package or component python2-setuptools-wheel Operating systems & Components / Operating system package or component python2-setuptools Operating systems & Components / Operating system package or component python2-rpm-macros Operating systems & Components / Operating system package or component python2-requests Operating systems & Components / Operating system package or component python2-pytz Operating systems & Components / Operating system package or component python2-pytest-mock Operating systems & Components / Operating system package or component python2-pytest Operating systems & Components / Operating system package or component python2-pysocks Operating systems & Components / Operating system package or component python2-pygments Operating systems & Components / Operating system package or component python2-py Operating systems & Components / Operating system package or component python2-pluggy Operating systems & Components / Operating system package or component python2-nose Operating systems & Components / Operating system package or component python2-mock Operating systems & Components / Operating system package or component python2-jinja2 Operating systems & Components / Operating system package or component python2-ipaddress Operating systems & Components / Operating system package or component python2-idna Operating systems & Components / Operating system package or component python2-funcsigs Operating systems & Components / Operating system package or component python2-docutils Operating systems & Components / Operating system package or component python2-docs-info Operating systems & Components / Operating system package or component python2-docs Operating systems & Components / Operating system package or component python2-dns Operating systems & Components / Operating system package or component python2-chardet Operating systems & Components / Operating system package or component python2-backports-ssl_match_hostname Operating systems & Components / Operating system package or component python2-babel Operating systems & Components / Operating system package or component python2-attrs Operating systems & Components / Operating system package or component python2-PyMySQL Operating systems & Components / Operating system package or component python-sqlalchemy-doc Operating systems & Components / Operating system package or component python-nose-docs Operating systems & Components / Operating system package or component babel Operating systems & Components / Operating system package or component python2-sqlalchemy Operating systems & Components / Operating system package or component python2-scipy Operating systems & Components / Operating system package or component python2-pyyaml Operating systems & Components / Operating system package or component python2-pymongo-gridfs Operating systems & Components / Operating system package or component python2-pymongo Operating systems & Components / Operating system package or component python2-psycopg2-tests Operating systems & Components / Operating system package or component python2-psycopg2-debug Operating systems & Components / Operating system package or component python2-psycopg2 Operating systems & Components / Operating system package or component python2-markupsafe Operating systems & Components / Operating system package or component python2-lxml Operating systems & Components / Operating system package or component python2-coverage Operating systems & Components / Operating system package or component python2-bson Operating systems & Components / Operating system package or component python2-backports Operating systems & Components / Operating system package or component python2-Cython Operating systems & Components / Operating system package or component python-psycopg2-doc Operating systems & Components / Operating system package or component
Vendor	OpenAnolis

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Resource exhaustion

EUVDB-ID: #VU69392

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-45061

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an unnecessary quadratic algorithm in one path when processing some inputs to the IDNA (RFC 3490) decoder. A remote attacker can pass a specially crafted name to he decoder, trigger resource excessive CPU consumption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python2-pip-wheel: before 9.0.3-19.0.1

python2-pip: before 9.0.3-19.0.1

python2-numpy-doc: before 1.14.2-16.0.1

python2-tools: before 2.7.18-12.0.1

python2-tkinter: before 2.7.18-12.0.1

python2-test: before 2.7.18-12.0.1

python2-numpy-f2py: before 1.14.2-16.0.1

python2-numpy: before 1.14.2-16.0.1

python2-libs: before 2.7.18-12.0.1

python2-devel: before 2.7.18-12.0.1

python2-debug: before 2.7.18-12.0.1

python2: before 2.7.18-12.0.1

python2-wheel-wheel: before 0.31.1-3

python2-wheel: before 0.31.1-3

python2-virtualenv: before 15.1.0-21

python2-urllib3: before 1.24.2-3

python2-six: before 1.11.0-6

python2-setuptools_scm: before 1.15.7-6

python2-setuptools-wheel: before 39.0.1-13

python2-setuptools: before 39.0.1-13

python2-rpm-macros: before 3-38

python2-requests: before 2.20.0-3

python2-pytz: before 2017.2-12

python2-pytest-mock: before 1.9.0-4

python2-pytest: before 3.4.2-13

python2-pysocks: before 1.6.8-6

python2-pygments: before 2.2.0-22

python2-py: before 1.5.3-6

python2-pluggy: before 0.6.0-8

python2-nose: before 1.3.7-31

python2-mock: before 2.0.0-13

python2-jinja2: before 2.10-9

python2-ipaddress: before 1.0.18-6

python2-idna: before 2.5-7

python2-funcsigs: before 1.0.2-13

python2-docutils: before 0.14-12

python2-docs-info: before 2.7.16-2

python2-docs: before 2.7.16-2

python2-dns: before 1.15.0-10

python2-chardet: before 3.0.4-10

python2-backports-ssl_match_hostname: before 3.5.0.1-12

python2-babel: before 2.5.1-10

python2-attrs: before 17.4.0-10

python2-PyMySQL: before 0.8.0-10

python-sqlalchemy-doc: before 1.3.2-2

python-nose-docs: before 1.3.7-31

babel: before 2.5.1-10

python2-sqlalchemy: before 1.3.2-2

python2-scipy: before 1.0.0-21

python2-pyyaml: before 3.12-16

python2-pymongo-gridfs: before 3.7.0-1.0.1

python2-pymongo: before 3.7.0-1.0.1

python2-psycopg2-tests: before 2.7.5-7.0.1

python2-psycopg2-debug: before 2.7.5-7.0.1

python2-psycopg2: before 2.7.5-7.0.1

python2-markupsafe: before 0.23-19

python2-lxml: before 4.2.3-6

python2-coverage: before 4.5.1-4

python2-bson: before 3.7.0-1.0.1

python2-backports: before 1.0-16

python2-Cython: before 0.28.1-7

python-psycopg2-doc: before 2.7.5-7.0.1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2023:0314

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.