Lucene search
AmazonALAS2-2023-2317HistoryOct 25, 2023 - 9:40 p.m.
Important: python3
2023-10-2521:40:00
alas.aws.amazon.com
13
xml vulnerability
python3
plistlib
entity declaration
cve-2022-48565
yum update
aarch64
i686
src
x86_64
red hat
mitre
unix
0.001 Low
EPSS
Percentile
48.1%
Issue Overview:
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. (CVE-2022-48565)
Affected Packages:
python3
Issue Correction:
Run yum update python3 to update your system.
New Packages:
aarch64:
python3-3.7.10-1.amzn2.0.1.aarch64
python3-libs-3.7.10-1.amzn2.0.1.aarch64
python3-devel-3.7.10-1.amzn2.0.1.aarch64
python3-tools-3.7.10-1.amzn2.0.1.aarch64
python3-tkinter-3.7.10-1.amzn2.0.1.aarch64
python3-test-3.7.10-1.amzn2.0.1.aarch64
python3-debug-3.7.10-1.amzn2.0.1.aarch64
python3-debuginfo-3.7.10-1.amzn2.0.1.aarch64
i686:
python3-3.7.10-1.amzn2.0.1.i686
python3-libs-3.7.10-1.amzn2.0.1.i686
python3-devel-3.7.10-1.amzn2.0.1.i686
python3-tools-3.7.10-1.amzn2.0.1.i686
python3-tkinter-3.7.10-1.amzn2.0.1.i686
python3-test-3.7.10-1.amzn2.0.1.i686
python3-debug-3.7.10-1.amzn2.0.1.i686
python3-debuginfo-3.7.10-1.amzn2.0.1.i686
src:
python3-3.7.10-1.amzn2.0.1.src
x86_64:
python3-3.7.10-1.amzn2.0.1.x86_64
python3-libs-3.7.10-1.amzn2.0.1.x86_64
python3-devel-3.7.10-1.amzn2.0.1.x86_64
python3-tools-3.7.10-1.amzn2.0.1.x86_64
python3-tkinter-3.7.10-1.amzn2.0.1.x86_64
python3-test-3.7.10-1.amzn2.0.1.x86_64
python3-debug-3.7.10-1.amzn2.0.1.x86_64
python3-debuginfo-3.7.10-1.amzn2.0.1.x86_64
Additional References
Red Hat: CVE-2022-48565
Mitre: CVE-2022-48565
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | python3 | < 3.7.10-1.amzn2.0.1 | python3-3.7.10-1.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-libs | < 3.7.10-1.amzn2.0.1 | python3-libs-3.7.10-1.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-devel | < 3.7.10-1.amzn2.0.1 | python3-devel-3.7.10-1.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-tools | < 3.7.10-1.amzn2.0.1 | python3-tools-3.7.10-1.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-tkinter | < 3.7.10-1.amzn2.0.1 | python3-tkinter-3.7.10-1.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-test | < 3.7.10-1.amzn2.0.1 | python3-test-3.7.10-1.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-debug | < 3.7.10-1.amzn2.0.1 | python3-debug-3.7.10-1.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | python3-debuginfo | < 3.7.10-1.amzn2.0.1 | python3-debuginfo-3.7.10-1.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | i686 | python3 | < 3.7.10-1.amzn2.0.1 | python3-3.7.10-1.amzn2.0.1.i686.rpm |
| Amazon Linux | 2 | i686 | python3-libs | < 3.7.10-1.amzn2.0.1 | python3-libs-3.7.10-1.amzn2.0.1.i686.rpm |
Related
prion
prion
Xxe
2023-08-22 19:16:00
nessus
nessus
Fedora 37 : python2.7 (2023-e47078af3e)
2023-10-21 00:00:00
Fedora 40 : python2.7 (2023-de99cdb793)
2024-04-29 00:00:00
EulerOS Virtualization 3.0.6.0 : python3 (EulerOS-SA-2024-1698)
2024-05-17 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1698)
2024-05-17 00:00:00
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2024-1291)
2024-03-12 00:00:00
Fedora: Security Advisory for python2.7 (FEDORA-2023-348a0dbcf3)
2023-10-22 00:00:00
ubuntu
ubuntu
Python vulnerability
2023-09-07 00:00:00
osv
osv
CVE-2022-48565
2023-08-22 19:16:32
python2.7, python3.5 vulnerability
2023-09-07 16:00:44
BIT-python-2022-48565
2024-03-06 11:04:23
cloudlinux
cloudlinux
python: Fix of CVE-2022-48565
2023-10-09 19:03:14
amazon
amazon
Important: python27
2023-10-30 23:31:00
Important: python
2023-10-30 23:59:00
Important: python3
2023-10-25 21:40:00
cve
cve
CVE-2022-48565
2023-08-22 19:16:32
veracode
veracode
XML External Entity (XXE)
2023-08-30 22:31:01
ubuntucve
ubuntucve
CVE-2022-48565
2023-08-22 00:00:00
redhatcve
redhatcve
CVE-2022-48565
2023-09-21 15:54:42
cvelist
cvelist
CVE-2022-48565
2023-08-22 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: python2.7-2.7.18-35.fc37
2023-10-21 01:26:15
[SECURITY] Fedora 38 Update: python2.7-2.7.18-35.fc38
2023-10-21 01:29:59
[SECURITY] Fedora 39 Update: python2.7-2.7.18-35.fc39
2023-11-03 18:57:04
debiancve
debiancve
CVE-2022-48565
2023-08-22 19:16:32
nvd
nvd
CVE-2022-48565
2023-08-22 19:16:32
ibm
ibm
Security Bulletin: Vulnerability in Python affects IBM Process Mining . Multiple CVEs
2023-10-09 10:43:31
Security Bulletin: Vulnerabilities in Watson NLP and WebSphere Liberty may affect IBM Robotic Process Automation for Cloud Pak
2024-01-03 21:45:33
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-03-27 19:39:32
redos
redos
ROS-20240409-02
2024-04-09 00:00:00
f5
f5
oraclelinux
oraclelinux
python27:2.7 security update
2024-05-24 00:00:00
redhat
redhat
(RHSA-2024:2987) Moderate: python27:2.7 security update
2024-05-22 06:35:16
almalinux
almalinux
Moderate: python27:2.7 security update
2024-05-22 00:00:00
debian
debian
[SECURITY] [DLA 3614-1] python3.7 security update
2023-10-11 19:33:59
[SECURITY] [DLA 3575-1] python2.7 security update
2023-09-20 19:13:38
mageia
mageia
Updated python python3 packages fix security vulnerabilities
2024-03-23 04:00:08
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0646
2023-09-09 00:00:00