Threats Tagged 'cve-2024-6923'

A security update for python3.9 in Red Hat Enterprise Linux addresses a vulnerability in the Python email module where newlines in email headers were not properly quoted, allowing header injection (CVE-2024-6923). This issue is rated as having moderate security impact. The update is available for multiple Red Hat Enterprise Linux 9 variants and architectures. Users are advised to apply the update as detailed in the Red Hat advisory.

A moderate severity vulnerability (CVE-2024-6923) in Python 3.11's email module allows email header injection due to improper quoting of newlines in email headers. This issue affects Red Hat Enterprise Linux 9 distributions with python3.11 packages. Red Hat has released an update to address this vulnerability.

Red Hat has issued a security advisory for python3.9 addressing two vulnerabilities: an email header injection issue (CVE-2024-6923) due to improper newline quoting in the email module, and a Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2024-6232) in the tarfile module caused by excessive backtracking while parsing header values. These issues affect Red Hat Enterprise Linux 9.2 Extended Update Support and related variants. The advisory provides updated python3.9 packages to remediate these vulnerabilities.

This advisory addresses two security vulnerabilities in Python 3.11 as packaged by Red Hat for Enterprise Linux 9.2. The first vulnerability (CVE-2024-6923) involves the email module improperly quoting newlines in email headers, which can allow header injection. The second vulnerability (CVE-2024-6232) is a Regular Expression Denial of Service (ReDoS) in the tarfile module caused by excessive backtracking while parsing header values. Red Hat has released an update for python3.11 in RHEL 9.2 Extended Update Support to fix these issues.

A memory leak vulnerability (CVE-2024-2398) exists in the curl utility and libcurl library related to HTTP/2 push headers. This issue affects curl packages provided by Red Hat Enterprise Linux 9 across multiple architectures. The vulnerability has been rated as moderate severity by Red Hat Product Security. A security update addressing this issue is available from Red Hat.

Users of service-interconnect 1.5 rhel9 container images are advised to upgrade to these updated images, which contain backported patches to correct security issues and fix bugs. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory the in Red Hat Container Catalog

A security update for python3 in Red Hat Enterprise Linux 8.6 addresses an issue where incorrect IPv4 and IPv6 private ranges were handled (CVE-2024-4032). This vulnerability is rated as low severity by Red Hat Product Security. The update corrects the handling of private IP ranges in Python, which is widely used for system and application programming. No CVSS score is provided in the advisory. The update is available through Red Hat's official channels for affected Red Hat Enterprise Linux 8.6 variants.

Users of service-interconnect 1.4 LTS rhel9 container images are advised to upgrade to these updated images, which contain backported patches to correct security issues and fix bugs. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory the in Red Hat Container Catalog

Users of service-interconnect rhel9 container images are advised to upgrade to these updated images, which contain backported patches to correct security issues and fix bugs. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory the in Red Hat Container Catalog