Main Vulnerability Database SB2023062863

SB2023062863 - Anolis OS update for python39:3.9 module

Published: June 28, 2023 Updated: March 28, 2025

Security Bulletin ID SB2023062863

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2023-24329)

The vulnerability allows a remote attacker to bypass implemented filters.

The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2023:0322

Vulnerable Software

Anolis OS: 8
python39-rpm-macros: before 3.9.16-2.0.2
python39-tkinter: before 3.9.16-2.0.2
python39-test: before 3.9.16-2.0.2
python39-mod_wsgi: before 4.7.1-5
python39-libs: before 3.9.16-2.0.2
python39-idle: before 3.9.16-2.0.2
python39-devel: before 3.9.16-2.0.2
python39-debug: before 3.9.16-2.0.2
python39: before 3.9.16-2.0.2
python39-numpy-doc: before 1.19.4-3.0.1
python39-numpy-f2py: before 1.19.4-3.0.1
python39-numpy: before 1.19.4-3.0.1
python39-wheel-wheel: before 0.35.1-4
python39-wheel: before 0.35.1-4
python39-wcwidth: before 0.2.5-3
python39-urllib3: before 1.25.10-4
python39-toml: before 0.10.1-5
python39-six: before 1.15.0-3
python39-setuptools-wheel: before 50.3.2-4
python39-setuptools: before 50.3.2-4
python39-requests: before 2.25.0-2
python39-pytest: before 6.0.2-2
python39-pysocks: before 1.7.1-4
python39-pyparsing: before 2.4.7-5
python39-pycparser: before 2.20-3
python39-py: before 1.10.0-1
python39-ply: before 3.11-10
python39-pluggy: before 0.13.1-3
python39-pip-wheel: before 20.2.4-7
python39-pip: before 20.2.4-7
python39-packaging: before 20.4-4
python39-more-itertools: before 8.5.0-2
python39-iniconfig: before 1.1.1-2
python39-idna: before 2.10-3
python39-chardet: before 3.0.4-19
python39-attrs: before 20.3.0-2
python39-PyMySQL: before 0.10.1-2
python39-scipy: before 1.5.4-3
python39-pyyaml: before 5.4.1-1
python39-pybind11-devel: before 2.7.1-1
python39-pybind11: before 2.7.1-1
python39-psycopg2-tests: before 2.8.6-2.0.1
python39-psycopg2-doc: before 2.8.6-2.0.1
python39-psycopg2: before 2.8.6-2.0.1
python39-psutil: before 5.8.0-4.0.1
python39-lxml: before 4.6.5-1
python39-cryptography: before 3.3.1-2
python39-cffi: before 1.14.3-2
python39-Cython: before 0.29.21-5