{"schema_version": "1.3.1", "id": "RLSA-2024:8836", "modified": "2024-11-08T15:59:28.124005Z", "published": "2024-11-08T15:56:47.559546Z", "related": ["CVE-2024-6232"], "summary": "Moderate: python3.12 security update", "details": "Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the \"python3.12\" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the \"python3.12-\" prefix. For the unversioned \"python\" executable, see manual page \"unversioned-python\".\n\nSecurity Fix(es):\n\n* python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "python3.12", "purl": "pkg:rpm/rocky-linux/python3.12?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:3.12.6-1.el8_10"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2024:8836"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309426"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}