安全公告详情

NS-SA-2025-0238

2025-09-30 16:49:52

简介

moderate: python3@11 security update

严重级别

moderate

主题

An update for python3@11 is now available for NewStart CGSL MAIN 6.06.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

python3@11:


Security Fix(es):
python3@11: Python 3.11 os.path.normpath() function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may result in bypass of allow lists if implemented before the verification of the path.(CVE-2023-41105)
python3@11: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.06.08B4.

影响组件

  • python3@11

影响产品

  • CGSL MAIN 6.06

更新包

{"fix":[{"product":"CGSL MAIN 6.06","pkgs":[{"binary":["python3.11-devel-3.11.7-1.zncgsl6.t1.0.x86_64.rpm","python3.11-rpm-macros-3.11.7-1.zncgsl6.t1.0.noarch.rpm","python3.11-idle-3.11.7-1.zncgsl6.t1.0.x86_64.rpm","python3.11-tkinter-3.11.7-1.zncgsl6.t1.0.x86_64.rpm","python3.11-test-3.11.7-1.zncgsl6.t1.0.x86_64.rpm","python3.11-libs-3.11.7-1.zncgsl6.t1.0.x86_64.rpm","python3.11-3.11.7-1.zncgsl6.t1.0.x86_64.rpm"],"source":"python3@11-3.11.7-1.zncgsl6.t1.0.src.rpm"}]}]}

CVE

参考