{"id":"RLSA-2024:8359","summary":"Moderate: python39:3.9 and python39-devel:3.9 security update","details":"Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-05T12:15:07.926366Z","published":"2024-10-25T17:16:21.716473Z","upstream":["CVE-2024-6232"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2024:8359"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309426"}],"affected":[{"package":{"name":"Cython","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.29.21-5.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"mod_wsgi","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.7.1-7.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"numpy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.19.4-3.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"pybind11","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/pybind11?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.1-1.module+el8.9.0+1357+a3b80af7"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"pytest","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.0.2-2.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python39","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python39?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.9.20-1.module+el8.10.0+1876+829fd4e0"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python3x-pip","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:20.2.4-9.module+el8.10.0+1721+e52d6351"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python3x-pyparsing","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python3x-pyparsing?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.7-5.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python3x-setuptools","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:50.3.2-6.module+el8.10.0+1861+0f5e39ec"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python3x-six","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python3x-six?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.0-3.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-attrs","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:20.3.0-2.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-cffi","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-cffi?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.14.3-2.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-chardet","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.0.4-19.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-cryptography","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.3.1-3.module+el8.10.0+1697+7e517775"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-idna","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.10-4.module+el8.10.0+1809+41195054"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-iniconfig","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-iniconfig?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.1.1-2.module+el8.9.0+1332+dd574197"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-lxml","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.6.5-1.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-more-itertools","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-more-itertools?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.5.0-2.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-packaging","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-packaging?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:20.4-4.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-pluggy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.13.1-3.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-ply","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-ply?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.11-10.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-psutil","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.8.0-4.module+el8.9.0+1357+a3b80af7"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-psycopg2","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8.6-3.module+el8.10.0+1660+b5b6f004"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-py","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.10.0-1.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-pycparser","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pycparser?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.20-3.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-PyMySQL","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.1-2.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-pysocks","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.1-4.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-requests","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.25.0-3.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-toml","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-toml?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.1-5.module+el8.9.0+1332+dd574197"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-urllib3","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.25.10-5.module+el8.10.0+1545+03246da9"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-wcwidth","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-wcwidth?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.2.5-3.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"PowerTools"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"python-wheel","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.35.1-4.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"PyYAML","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.4.1-1.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}},{"package":{"name":"scipy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.4-5.module+el8.10.0+1582+bc278001"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:8359.json"}}],"schema_version":"1.7.3","credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}