Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2022-250-01
HistorySep 07, 2022 - 6:45 p.m.

[slackware-security] python3

2022-09-0718:45:50
Slackware Linux Project
www.slackware.com
27
slackware
python3
security issue
upgrade
patch
cve-2020-10735
algorithmic complexity
denial of service
ftp
rsync
hosting

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.006

Percentile

77.9%

JSON

New python3 packages are available for Slackware 15.0 and -current to fix
a security issue.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/python3-3.9.14-i586-1_slack15.0.txz: Upgraded.
This is a security and bugfix release.
gh-95778: Converting between int and str in bases other than 2 (binary), 4,
8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now raises a
ValueError if the number of digits in string form is above a limit to avoid
potential denial of service attacks due to the algorithmic complexity.
For more information, see:
https://pythoninsider.blogspot.com/2022/09/python-releases-3107-3914-3814-and-3714.html
https://vulners.com/cve/CVE-2020-10735
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/python3-3.9.14-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/python3-3.9.14-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/python3-3.9.14-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/python3-3.9.14-x86_64-1.txz

MD5 signatures:

Slackware 15.0 package:
7d7081d3330dc5689f3fe5e82ae29d1e python3-3.9.14-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
829a5fb5ab12594a6864d5211aeda6d9 python3-3.9.14-x86_64-1_slack15.0.txz

Slackware -current package:
5a0be4fea2015a3ec28606bd68249825 d/python3-3.9.14-i586-1.txz

Slackware x86_64 -current package:
88568701eb29700fe01833eec6a1e997 d/python3-3.9.14-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg python3-3.9.14-i586-1_slack15.0.txz

Related

fedora 24
nessus 51
osv 18
openvas 44
rocky 2
nvd 1
cbl_mariner 1
prion 1
ibm 13
debiancve 1
redhat 18
wolfi 1
ubuntucve 1
redos 1
cgr 1
redhatcve 1
veracode 1
amazon 1
almalinux 4
cve 1
freebsd 1
oraclelinux 4
cvelist 1
aix 1
suse 2
mageia 1
photon 2
debian 1
fedora
fedora
[SECURITY] Fedora 35 Update: python3.8-3.8.14-1.fc35
2022-09-14 01:43:00
[SECURITY] Fedora 35 Update: python3-docs-3.10.7-1.fc35
2022-09-25 01:43:47
[SECURITY] Fedora 37 Update: python3.6-3.6.15-13.fc37
2022-11-10 22:40:39
nessus
nessus
EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2023-1172)
2023-01-10 00:00:00
Fedora 36 : python3.6 (2022-d4570fc1a6)
2022-12-23 00:00:00
FreeBSD : Python -- multiple vulnerabilities (80e057e7-2f0a-11ed-978f-fcaa147e860e)
2022-09-08 00:00:00
osv
osv
CVE-2020-10735
2022-09-09 14:15:08
python39-3.9.14-1.1 on GA media
2024-06-15 00:00:00
CGA-mpgv-5mmh-8xrq
2024-06-06 12:28:33
openvas
openvas
Fedora: Security Advisory for python3.11 (FEDORA-2022-0b3904c674)
2022-09-24 00:00:00
Fedora: Security Advisory for python3-docs (FEDORA-2022-ac82a548df)
2022-09-26 00:00:00
Fedora: Security Advisory for python3.9 (FEDORA-2022-6d57598a23)
2022-09-15 00:00:00
rocky
rocky
python3.9 security update
2022-11-02 13:53:37
python3 security update
2023-02-22 01:08:44
nvd
nvd
CVE-2020-10735
2022-09-09 14:15:08
cbl_mariner
cbl_mariner
CVE-2020-10735 affecting package python3 3.7.13-6
2023-06-13 20:02:41
prion
prion
Design/Logic Flaw
2022-09-09 14:15:00
ibm
ibm
Security Bulletin: This Power System update is being released to address CVE 2020-10735
2024-03-27 20:42:56
Security Bulletin: Vulnerabilities in Python may affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift
2023-05-22 23:42:14
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Python (CVE-2020-10735)
2023-05-03 14:08:15
debiancve
debiancve
CVE-2020-10735
2022-09-09 14:15:08
redhat
redhat
(RHSA-2022:7323) Moderate: python3.9 security update
2022-11-02 13:53:37
(RHSA-2023:2763) Moderate: python38:3.8 and python38-devel:3.8 security update
2023-05-16 05:54:00
(RHSA-2022:6766) Moderate: rh-python38-python security update
2022-10-03 15:00:33
wolfi
wolfi
CVE-2020-10735 vulnerabilities
2024-09-30 03:53:08
ubuntucve
ubuntucve
CVE-2020-10735
2022-09-09 00:00:00
redos
redos
ROS-20240614-02
2024-06-14 00:00:00
cgr
cgr
CVE-2020-10735 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2020-10735
2022-09-05 05:58:38
veracode
veracode
Denial Of Service (DoS)
2022-09-19 16:12:15
amazon
amazon
Medium: python3
2022-12-01 20:31:00
almalinux
almalinux
Moderate: python3.9 security update
2022-11-02 00:00:00
Moderate: python39:3.9 and python39-devel:3.9 security update
2023-05-16 00:00:00
Moderate: python38:3.8 and python38-devel:3.8 security update
2023-05-16 00:00:00
cve
cve
CVE-2020-10735
2022-09-09 14:15:08
freebsd
freebsd
Python -- multiple vulnerabilities
2020-03-20 00:00:00
oraclelinux
oraclelinux
python3.9 security update
2022-11-02 00:00:00
python38:3.8 and python38-devel:3.8 security update
2023-05-23 00:00:00
python3 security update
2023-02-22 00:00:00
cvelist
cvelist
CVE-2020-10735
2022-09-09 00:00:00
aix
aix
AIX is affected by arbitrary code execution and denial of service due to Python
2022-11-01 10:11:15
suse
suse
Security update for python39 (important)
2022-10-01 00:00:00
Security update for python310 (important)
2022-09-30 00:00:00
mageia
mageia
Updated python3 packages fix security vulnerability
2022-10-08 23:22:22
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0329
2023-02-08 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0528
2023-02-08 00:00:00
debian
debian
[SECURITY] [DLA 3477-1] python3.7 security update
2023-06-30 20:52:04

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.006

Percentile

77.9%

JSON
Related for SSA-2022-250-01
fedora24nessus51osv18openvas44rocky2nvd1cbl_mariner1prion1ibm13debiancve1redhat18wolfi1ubuntucve1redos1cgr1redhatcve1veracode1amazon1almalinux4cve1freebsd1oraclelinux4cvelist1aix1suse2mageia1photon2debian1