SUSE-SU-2023:2957-1 -- SLES python39, libpython3_9-1_0ID: oval:org.secpod.oval:def:89049139 | Date: (C)2023-08-30 (M)2024-05-22 |
Class: PATCH | Family: unix |
This update for python39 fixes the following issues: Update to 3.9.17: * urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to CVE-2023-24329 . * Fixed a security in flaw in uu.decode that could allow for directory traversal based on the input if no out_file was specified. * Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler. * trace. **main** now uses io.open_code for files to be executed instead of raw open. * CVE-2007-4559: The extraction methods in tarfile, and shutil.unpack_archive, have a new filter argument that allows limiting tar features than may be surprising or dangerous, such as creating files outside the destination directory. See Extraction filters for details . * Fixed a deadlock at shutdown when clearing thread states if any finalizer tries to acquire the runtime head lock. * Fixed a crash due to a race while iterating over thread states in clearing threading.local.
Platform: |
SUSE Linux Enterprise Server 15 SP3 |
Product: |
python39 |
libpython3_9-1_0 |