{"id":"ALSA-2024:9190","summary":"Moderate: python3.12 security update","details":"Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the \"python3.12\" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately. Documentation for Python is provided in the python3.12-docs package. Packages containing additional libraries for Python are generally named with the \"python3.12-\" prefix.  \n\nSecurity Fix(es):  \n\n  * python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)\n  * python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)\n  * python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service (CVE-2024-8088)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  \n\nAdditional Changes:  \n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.\n","modified":"2026-02-04T03:10:01.027646Z","published":"2024-11-12T00:00:00Z","related":["CVE-2024-0450","CVE-2024-4032","CVE-2024-8088"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:9190"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-0450"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-4032"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-8088"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2276525"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2292921"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2307370"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2024-9190.html"}],"affected":[{"package":{"name":"python3.12","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3.12"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.5-2.el9"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:9190.json"}},{"package":{"name":"python3.12-debug","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3.12-debug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.5-2.el9"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:9190.json"}},{"package":{"name":"python3.12-devel","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3.12-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.5-2.el9"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:9190.json"}},{"package":{"name":"python3.12-idle","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3.12-idle"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.5-2.el9"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:9190.json"}},{"package":{"name":"python3.12-libs","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3.12-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.5-2.el9"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:9190.json"}},{"package":{"name":"python3.12-test","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3.12-test"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.5-2.el9"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:9190.json"}},{"package":{"name":"python3.12-tkinter","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/python3.12-tkinter"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12.5-2.el9"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2024:9190.json"}}],"schema_version":"1.7.3"}