Those CVEs were announced here: https://www.openwall.com/lists/oss-security/2024/03/20/5 The link above provides fixed versions and patches. Versions 3.12.x are said to be affected too. Mageia 9 is also affected.
Status comment: (none) => Patches available from upstreamSource RPM: (none) => python3-3.12.2-1.mga10.src.rpmCVE: (none) => CVE-2023-6597, CVE-2024-0450Whiteboard: (none) => MGA9TOO
There is a lot of info on that page, and various versions mentioned.
Assignee: bugsquad => python
Debian has issued an advisory on March 24: https://lwn.net/Articles/966564/ Python 2.7 is affected by CVE-2024-0450.
Summary: python3 new security issues CVE-2023-6597 and CVE-2024-0450 => python3 and python new security issues CVE-2023-6597 and CVE-2024-0450Status comment: Patches available from upstream => Patches available from Debian and upstreamSource RPM: python3-3.12.2-1.mga10.src.rpm => python3-3.12.2-1.mga10.src.rpm, python-2.7.18-16.mga10.src.rpm
Those CVEs are already fixed in version 3.12.2 so python3 in Cauldron is not affected.
Suggested advisory: ======================== The updated packages fix security vulnerabilities: The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. (CVE-2023-6597) The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. (CVE-2024-0450) References: https://www.openwall.com/lists/oss-security/2024/03/20/5 https://lwn.net/Articles/966564/ ======================== Updated packages in core/updates_testing: ======================== lib(64)python2.7-2.7.18-15.2.mga9 lib(64)python2.7-stdlib-2.7.18-15.2.mga9 lib(64)python2.7-testsuite-2.7.18-15.2.mga9 lib(64)python-devel-2.7.18-15.2.mga9 python-2.7.18-15.2.mga9 python-docs-2.7.18-15.2.mga9 lib(64)python3.10-3.10.11-1.2.mga9 lib(64)python3.10-stdlib-3.10.11-1.2.mga9 lib(64)python3.10-testsuite-3.10.11-1.2.mga9 lib(64)python3-devel-3.10.11-1.2.mga9 python3-3.10.11-1.2.mga9 python3-docs-3.10.11-1.2.mga9 tkinter3-3.10.11-1.2.mga9 tkinter3-apps-3.10.11-1.2.mga9 from SRPMS: python-2.7.18-15.2.mga9.src.rpm python3-3.10.11-1.2.mga9.src.rpm
Assignee: python => qa-bugsStatus comment: Patches available from Debian and upstream => (none)Whiteboard: MGA9TOO => (none)Version: Cauldron => 9Status: NEW => ASSIGNEDSource RPM: python3-3.12.2-1.mga10.src.rpm, python-2.7.18-16.mga10.src.rpm => python3-3.10.11-1.1.mga9.src.rpm, python-2.7.18-15.1.mga9.src.rpm
Keywords: (none) => advisory
RH mageia 9 x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing python3-3.10.11-1.2.mga9.x86_64.rpm lib64python3.10-stdlib-3.10.11-1.2.mga9.x86_64.rpm tkinter3-3.10.11-1.2.mga9.x86_64.rpm lib64python3.10-3.10.11-1.2.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/4: lib64python3.10 ################################################################################################## 2/4: python3 ################################################################################################## 3/4: lib64python3.10-stdlib ################################################################################################## 4/4: tkinter3 ################################################################################################## 1/4: removing tkinter3-3.10.11-1.1.mga9.x86_64 ################################################################################################## 2/4: removing lib64python3.10-stdlib-3.10.11-1.1.mga9.x86_64 ################################################################################################## 3/4: removing python3-3.10.11-1.1.mga9.x86_64 ################################################################################################## 4/4: removing lib64python3.10-3.10.11-1.1.mga9.x86_64 ################################################################################################## Test 3 python3 applications without issues
RH mageia 9 x86_64 Test install current, update to testing and remove python packages LC_ALL=C urpmi python lib64python2.7-testsuite lib64python-devel lib64python2.7-stdlib python-docs To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release (distrib1)") python2-rpm-macros 3.10 6.mga9 noarch (medium "Core Updates (distrib3)") lib64python-devel 2.7.18 15.1.mga9 x86_64 lib64python2.7 2.7.18 15.1.mga9 x86_64 lib64python2.7-stdlib 2.7.18 15.1.mga9 x86_64 lib64python2.7-testsuite 2.7.18 15.1.mga9 x86_64 python 2.7.18 15.1.mga9 x86_64 python-docs 2.7.18 15.1.mga9 noarch 93MB of additional disk space will be used. 17MB of packages will be retrieved. Proceed with the installation of the 7 packages? (Y/n) y https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/python2-rpm-macros-3.10-6.mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/python-2.7.18-15.1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/lib64python2.7-stdlib-2.7.18-15.1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/lib64python2.7-testsuite-2.7.18-15.1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/lib64python-devel-2.7.18-15.1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/python-docs-2.7.18-15.1.mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/lib64python2.7-2.7.18-15.1.mga9.x86_64.rpm installing lib64python2.7-testsuite-2.7.18-15.1.mga9.x86_64.rpm lib64python2.7-stdlib-2.7.18-15.1.mga9.x86_64.rpm python2-rpm-macros-3.10-6.mga9.noarch.rpm python-2.7.18-15.1.mga9.x86_64.rpm lib64python2.7-2.7.18-15.1.mga9.x86_64.rpm python-docs-2.7.18-15.1.mga9.noarch.rpm lib64python-devel-2.7.18-15.1.mga9.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ################################################################################################## 1/7: python2-rpm-macros ################################################################################################## 2/7: python ################################################################################################## 3/7: lib64python2.7 ################################################################################################## 4/7: lib64python2.7-stdlib ################################################################################################## 5/7: lib64python2.7-testsuite ################################################################################################## 6/7: python-docs ################################################################################################## 7/7: lib64python-devel ################################################################################################## LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date medium "BDK-Free-x86_64" is up-to-date medium "BDK-Free-noarch" is up-to-date medium "BDK-NonFree-x86_64" is up-to-date medium "MLO_core (MLO1)" is up-to-date medium "MLO_nonfree (MLO2)" is up-to-date medium "MLO_tainted (MLO3)" is up-to-date installing python-2.7.18-15.2.mga9.x86_64.rpm lib64python2.7-stdlib-2.7.18-15.2.mga9.x86_64.rpm lib64python2.7-testsuite-2.7.18-15.2.mga9.x86_64.rpm lib64python2.7-2.7.18-15.2.mga9.x86_64.rpm python-docs-2.7.18-15.2.mga9.noarch.rpm lib64python-devel-2.7.18-15.2.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/6: lib64python2.7 ################################################################################################## 2/6: python ################################################################################################## 3/6: lib64python2.7-stdlib ################################################################################################## 4/6: lib64python2.7-testsuite ################################################################################################## 5/6: python-docs ################################################################################################## 6/6: lib64python-devel ################################################################################################## 1/6: removing lib64python-devel-2.7.18-15.1.mga9.x86_64 ################################################################################################## 2/6: removing python-docs-2.7.18-15.1.mga9.noarch ################################################################################################## 3/6: removing lib64python2.7-testsuite-2.7.18-15.1.mga9.x86_64 ################################################################################################## 4/6: removing lib64python2.7-stdlib-2.7.18-15.1.mga9.x86_64 ################################################################################################## 5/6: removing python-2.7.18-15.1.mga9.x86_64 ################################################################################################## 6/6: removing lib64python2.7-2.7.18-15.1.mga9.x86_64 ################################################################################################## LC_ALL=C urpme $(rpm -qa|grep 2.7.18-15.2) removing lib64python-devel-2.7.18-15.2.mga9.x86_64 lib64python2.7-2.7.18-15.2.mga9.x86_64 lib64python2.7-stdlib-2.7.18-15.2.mga9.x86_64 lib64python2.7-testsuite-2.7.18-15.2.mga9.x86_64 python-2.7.18-15.2.mga9.x86_64 python-docs-2.7.18-15.2.mga9.noarch removing package lib64python-devel-2.7.18-15.2.mga9.x86_64 1/6: removing lib64python-devel-2.7.18-15.2.mga9.x86_64 ################################################################################################## removing package python-docs-2.7.18-15.2.mga9.noarch 2/6: removing python-docs-2.7.18-15.2.mga9.noarch ################################################################################################## removing package lib64python2.7-testsuite-2.7.18-15.2.mga9.x86_64 3/6: removing lib64python2.7-testsuite-2.7.18-15.2.mga9.x86_64 ################################################################################################## removing package lib64python2.7-stdlib-2.7.18-15.2.mga9.x86_64 4/6: removing lib64python2.7-stdlib-2.7.18-15.2.mga9.x86_64 ################################################################################################## removing package python-2.7.18-15.2.mga9.x86_64 5/6: removing python-2.7.18-15.2.mga9.x86_64 ################################################################################################## removing package lib64python2.7-2.7.18-15.2.mga9.x86_64 6/6: removing lib64python2.7-2.7.18-15.2.mga9.x86_64 ################################################################################################## writing /var/lib/rpm/installed-through-deps.list The following package: python2-rpm-macros-3.10-6.mga9.noarch is now orphaned, if you wish to remove it, you can use "urpme --auto-orphans" LC_ALL=C urpme python2-rpm-macros removing python2-rpm-macros-3.10-6.mga9.noarch removing package python2-rpm-macros-3.10-6.mga9.noarch 1/1: removing python2-rpm-macros-3.10-6.mga9.noarch ##################################################################################################
MGA9-64 Plasma wayland on HP-Pavillion No installation issues. Following wiki with the remark the files have been moved. $ python /usr/share/doc/python3-pyparsing/examples/SimpleCalc.py Type in the string to be parsed or 'quit' to exit the program > 123 + 456 579 > a=2 2 > b=3 3 > a*b 6 > quit Good bye! $ python3 /usr/share/doc/python3-pyparsing/examples/SimpleCalc.py Type in the string to be parsed or 'quit' to exit the program > 123 + 456 579 > a=2 2 > b=3 3 > a*b 6 > quit Good bye! OK for me.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0096.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED