{"id":"RLSA-2024:9190","summary":"Moderate: python3.12 security update","details":"Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries.  The python3.12 package provides the \"python3.12\" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3.12-libs package, which should be installed automatically along with python3.12. The remaining parts of the Python standard library are broken out into the python3.12-tkinter and python3.12-test packages, which may need to be installed separately.  Documentation for Python is provided in the python3.12-docs package.  Packages containing additional libraries for Python are generally named with the \"python3.12-\" prefix.\n\nSecurity Fix(es):\n\n* python: The zipfile module is vulnerable to zip-bombs leading to denial of service (CVE-2024-0450)\n\n* python: incorrect IPv4 and IPv6 private ranges (CVE-2024-4032)\n\n* python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service (CVE-2024-8088)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 9.5 Release Notes linked from the References section.","modified":"2026-03-11T06:31:51.650888Z","published":"2025-03-17T20:16:45.510776Z","upstream":["CVE-2024-0450","CVE-2024-4032","CVE-2024-8088"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2024:9190"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276525"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2292921"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2307370"}],"affected":[{"package":{"name":"python3.12","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/python3.12?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.12.5-2.el9_5.2"}],"database_specific":{"yum_repository":"CRB"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:9190.json"}}],"schema_version":"1.7.5","credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}