Bug 2173917 (CVE-2023-24329) - CVE-2023-24329 python: urllib.parse url blocklisting bypass
Summary: CVE-2023-24329 python: urllib.parse url blocklisting bypass
Keywords:
Status: NEW
Alias: CVE-2023-24329
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2174017 2174009 2174010 2174011 2174012 2174013 2174014 2174015 2174016 2174018 2174019 2174020 2174024 2174025 2174026 2174027 2174028 2174029 2174030 2174031 2174032 2174033 2174034 2174035 2174036 2174037 2174038 2174039 2174040 2174041 2174042 2174043 2174044 2174045 2174046 2174047 2174048 2174049 2174050 2174051 2174052 2174053 2174054 2174055 2174056 2174057 2174058 2174059 2174060 2174061 2174062 2174063 2174064 2174065 2174066 2174067 2174068 2174069 2174070 2174071 2174072 2174073 2174074 2174075 2174076 2174077 2174078 2174079 2174080 2174081 2174082 2174083 2174084 2174085 2174086 2174087 2174088 2174089 2174090 2174091 2174092 2174093 2178009 2210774 2210775 2210776 2210777 2210778 2210779 2210780 2210781 2210782 2210783 2210784 2210785
Blocks: 2171900
TreeView+ depends on / blocked
 
Reported: 2023-02-28 12:13 UTC by Marian Rehak
Modified: 2024-02-07 13:40 UTC (History)
18 users (show)

Fixed In Version: python 3.11
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:3601 0 None None None 2023-06-14 16:14:51 UTC
Red Hat Product Errata RHBA-2023:3602 0 None None None 2023-06-14 16:25:15 UTC
Red Hat Product Errata RHBA-2023:3668 0 None None None 2023-06-19 18:01:24 UTC
Red Hat Product Errata RHBA-2023:3669 0 None None None 2023-06-19 18:07:25 UTC
Red Hat Product Errata RHBA-2023:3670 0 None None None 2023-06-19 18:29:52 UTC
Red Hat Product Errata RHBA-2023:3671 0 None None None 2023-06-19 18:31:08 UTC
Red Hat Product Errata RHBA-2023:3672 0 None None None 2023-06-19 18:31:20 UTC
Red Hat Product Errata RHBA-2023:3673 0 None None None 2023-06-19 18:32:03 UTC
Red Hat Product Errata RHBA-2023:3674 0 None None None 2023-06-19 18:36:43 UTC
Red Hat Product Errata RHBA-2023:3676 0 None None None 2023-06-20 06:46:52 UTC
Red Hat Product Errata RHBA-2023:3678 0 None None None 2023-06-20 09:44:32 UTC
Red Hat Product Errata RHBA-2023:3680 0 None None None 2023-06-20 11:49:29 UTC
Red Hat Product Errata RHBA-2023:3682 0 None None None 2023-06-20 12:46:05 UTC
Red Hat Product Errata RHBA-2023:3688 0 None None None 2023-06-20 15:39:28 UTC
Red Hat Product Errata RHBA-2023:3689 0 None None None 2023-06-20 16:24:38 UTC
Red Hat Product Errata RHBA-2023:3690 0 None None None 2023-06-20 18:32:20 UTC
Red Hat Product Errata RHBA-2023:3691 0 None None None 2023-06-20 18:35:38 UTC
Red Hat Product Errata RHBA-2023:3692 0 None None None 2023-06-20 18:35:48 UTC
Red Hat Product Errata RHBA-2023:3693 0 None None None 2023-06-20 18:36:34 UTC
Red Hat Product Errata RHBA-2023:3695 0 None None None 2023-06-21 06:39:46 UTC
Red Hat Product Errata RHBA-2023:3696 0 None None None 2023-06-21 08:16:35 UTC
Red Hat Product Errata RHBA-2023:3697 0 None None None 2023-06-21 08:24:54 UTC
Red Hat Product Errata RHBA-2023:3698 0 None None None 2023-06-21 08:32:02 UTC
Red Hat Product Errata RHBA-2023:3699 0 None None None 2023-06-21 08:33:49 UTC
Red Hat Product Errata RHBA-2023:3700 0 None None None 2023-06-21 08:34:13 UTC
Red Hat Product Errata RHBA-2023:3701 0 None None None 2023-06-21 08:37:00 UTC
Red Hat Product Errata RHBA-2023:3702 0 None None None 2023-06-21 08:37:45 UTC
Red Hat Product Errata RHBA-2023:3703 0 None None None 2023-06-21 08:39:07 UTC
Red Hat Product Errata RHBA-2023:3704 0 None None None 2023-06-21 08:40:58 UTC
Red Hat Product Errata RHBA-2023:3706 0 None None None 2023-06-21 09:00:49 UTC
Red Hat Product Errata RHBA-2023:3735 0 None None None 2023-06-21 14:14:54 UTC
Red Hat Product Errata RHBA-2023:3736 0 None None None 2023-06-21 14:15:04 UTC
Red Hat Product Errata RHBA-2023:3739 0 None None None 2023-06-21 14:28:36 UTC
Red Hat Product Errata RHBA-2023:3767 0 None None None 2023-06-21 18:02:19 UTC
Red Hat Product Errata RHBA-2023:3768 0 None None None 2023-06-21 19:19:00 UTC
Red Hat Product Errata RHBA-2023:3769 0 None None None 2023-06-21 18:47:42 UTC
Red Hat Product Errata RHBA-2023:3770 0 None None None 2023-06-21 18:58:44 UTC
Red Hat Product Errata RHBA-2023:3773 0 None None None 2023-06-22 07:04:17 UTC
Red Hat Product Errata RHBA-2023:3775 0 None None None 2023-06-22 09:07:47 UTC
Red Hat Product Errata RHBA-2023:3779 0 None None None 2023-06-22 13:13:27 UTC
Red Hat Product Errata RHBA-2023:3787 0 None None None 2023-06-22 21:32:42 UTC
Red Hat Product Errata RHBA-2023:3788 0 None None None 2023-06-26 01:11:00 UTC
Red Hat Product Errata RHBA-2023:3789 0 None None None 2023-06-26 01:19:35 UTC
Red Hat Product Errata RHBA-2023:3791 0 None None None 2023-06-26 08:47:52 UTC
Red Hat Product Errata RHBA-2023:3793 0 None None None 2023-06-26 08:55:10 UTC
Red Hat Product Errata RHBA-2023:3797 0 None None None 2023-06-26 11:11:49 UTC
Red Hat Product Errata RHBA-2023:3798 0 None None None 2023-06-26 11:12:08 UTC
Red Hat Product Errata RHBA-2023:3802 0 None None None 2023-06-26 15:27:53 UTC
Red Hat Product Errata RHBA-2023:3807 0 None None None 2023-06-26 20:13:59 UTC
Red Hat Product Errata RHBA-2023:3816 0 None None None 2023-06-27 11:49:01 UTC
Red Hat Product Errata RHBA-2023:3817 0 None None None 2023-06-27 12:24:17 UTC
Red Hat Product Errata RHBA-2023:3818 0 None None None 2023-06-27 12:30:39 UTC
Red Hat Product Errata RHBA-2023:3856 0 None None None 2023-06-27 15:03:15 UTC
Red Hat Product Errata RHBA-2023:3898 0 None None None 2023-06-28 09:12:20 UTC
Red Hat Product Errata RHBA-2023:3907 0 None None None 2023-06-28 17:06:21 UTC
Red Hat Product Errata RHBA-2023:3909 0 None None None 2023-06-28 19:14:51 UTC
Red Hat Product Errata RHBA-2023:3919 0 None None None 2023-06-29 02:28:10 UTC
Red Hat Product Errata RHBA-2023:3929 0 None None None 2023-06-29 11:13:08 UTC
Red Hat Product Errata RHBA-2023:3930 0 None None None 2023-06-29 11:13:14 UTC
Red Hat Product Errata RHBA-2023:3933 0 None None None 2023-06-29 12:55:28 UTC
Red Hat Product Errata RHBA-2023:3957 0 None None None 2023-07-03 03:22:10 UTC
Red Hat Product Errata RHBA-2023:3960 0 None None None 2023-07-03 11:52:52 UTC
Red Hat Product Errata RHBA-2023:3962 0 None None None 2023-07-03 16:21:19 UTC
Red Hat Product Errata RHBA-2023:3963 0 None None None 2023-07-03 16:59:55 UTC
Red Hat Product Errata RHBA-2023:3965 0 None None None 2023-07-04 00:51:31 UTC
Red Hat Product Errata RHBA-2023:3967 0 None None None 2023-07-05 14:18:47 UTC
Red Hat Product Errata RHBA-2023:3972 0 None None None 2023-07-06 13:52:28 UTC
Red Hat Product Errata RHBA-2023:3973 0 None None None 2023-07-06 13:14:32 UTC
Red Hat Product Errata RHBA-2023:3974 0 None None None 2023-07-06 13:14:42 UTC
Red Hat Product Errata RHBA-2023:4001 0 None None None 2023-07-10 01:44:05 UTC
Red Hat Product Errata RHBA-2023:4010 0 None None None 2023-07-10 13:56:28 UTC
Red Hat Product Errata RHBA-2023:4011 0 None None None 2023-07-10 13:58:27 UTC
Red Hat Product Errata RHBA-2023:4012 0 None None None 2023-07-10 14:01:43 UTC
Red Hat Product Errata RHBA-2023:4013 0 None None None 2023-07-10 14:53:50 UTC
Red Hat Product Errata RHBA-2023:4014 0 None None None 2023-07-10 15:44:09 UTC
Red Hat Product Errata RHBA-2023:4015 0 None None None 2023-07-10 16:10:19 UTC
Red Hat Product Errata RHBA-2023:4016 0 None None None 2023-07-10 16:08:24 UTC
Red Hat Product Errata RHBA-2023:4096 0 None None None 2023-07-17 06:50:09 UTC
Red Hat Product Errata RHBA-2023:4285 0 None None None 2023-07-26 13:29:29 UTC
Red Hat Product Errata RHBA-2023:4316 0 None None None 2023-07-27 19:27:35 UTC
Red Hat Product Errata RHBA-2023:4317 0 None None None 2023-07-27 19:27:39 UTC
Red Hat Product Errata RHBA-2023:4866 0 None None None 2023-08-29 18:26:42 UTC
Red Hat Product Errata RHBA-2023:5036 0 None None None 2023-09-11 08:39:51 UTC
Red Hat Product Errata RHBA-2023:6800 0 None None None 2023-11-08 09:36:11 UTC
Red Hat Product Errata RHSA-2023:3550 0 None None None 2023-06-08 11:52:45 UTC
Red Hat Product Errata RHSA-2023:3555 0 None None None 2023-06-09 07:57:44 UTC
Red Hat Product Errata RHSA-2023:3556 0 None None None 2023-06-09 07:57:39 UTC
Red Hat Product Errata RHSA-2023:3585 0 None None None 2023-06-14 08:42:21 UTC
Red Hat Product Errata RHSA-2023:3591 0 None None None 2023-06-14 09:06:51 UTC
Red Hat Product Errata RHSA-2023:3594 0 None None None 2023-06-14 09:48:39 UTC
Red Hat Product Errata RHSA-2023:3595 0 None None None 2023-06-14 09:46:55 UTC
Red Hat Product Errata RHSA-2023:3776 0 None None None 2023-06-22 11:47:15 UTC
Red Hat Product Errata RHSA-2023:3777 0 None None None 2023-06-22 12:57:04 UTC
Red Hat Product Errata RHSA-2023:3780 0 None None None 2023-06-22 14:29:16 UTC
Red Hat Product Errata RHSA-2023:3781 0 None None None 2023-06-22 14:39:15 UTC
Red Hat Product Errata RHSA-2023:3796 0 None None None 2023-06-26 10:44:45 UTC
Red Hat Product Errata RHSA-2023:3810 0 None None None 2023-06-27 09:45:18 UTC
Red Hat Product Errata RHSA-2023:3811 0 None None None 2023-06-27 09:49:58 UTC
Red Hat Product Errata RHSA-2023:3931 0 None None None 2023-06-29 11:34:27 UTC
Red Hat Product Errata RHSA-2023:3932 0 None None None 2023-06-29 12:10:05 UTC
Red Hat Product Errata RHSA-2023:3934 0 None None None 2023-06-29 12:28:59 UTC
Red Hat Product Errata RHSA-2023:3935 0 None None None 2023-06-29 12:45:17 UTC
Red Hat Product Errata RHSA-2023:3936 0 None None None 2023-06-29 13:01:57 UTC
Red Hat Product Errata RHSA-2023:4004 0 None None None 2023-07-10 08:57:44 UTC
Red Hat Product Errata RHSA-2023:4008 0 None None None 2023-07-10 12:22:11 UTC
Red Hat Product Errata RHSA-2023:4032 0 None None None 2023-07-12 08:26:14 UTC
Red Hat Product Errata RHSA-2023:4038 0 None None None 2023-07-12 08:24:06 UTC
Red Hat Product Errata RHSA-2023:4203 0 None None None 2023-07-18 14:52:53 UTC
Red Hat Product Errata RHSA-2023:4282 0 None None None 2023-07-26 09:55:21 UTC
Red Hat Product Errata RHSA-2023:6793 0 None None None 2023-11-08 08:17:17 UTC

Description Marian Rehak 2023-02-28 12:13:06 UTC 
An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

https://pointernull.com/security/python-url-parse-problem.html
https://github.com/python/cpython/pull/99421
Comment 1 Marian Rehak 2023-02-28 16:59:28 UTC 
Created mingw-python3 tracking bugs for this issue:

Affects: fedora-all [bug 2174012]


Created pypy tracking bugs for this issue:

Affects: epel-7 [bug 2174017]
Affects: fedora-all [bug 2174018]


Created pypy3.8 tracking bugs for this issue:

Affects: fedora-all [bug 2174019]


Created pypy3.9 tracking bugs for this issue:

Affects: fedora-all [bug 2174020]


Created python2.7 tracking bugs for this issue:

Affects: fedora-all [bug 2174011]


Created python3.10 tracking bugs for this issue:

Affects: fedora-all [bug 2174010]


Created python3.6 tracking bugs for this issue:

Affects: fedora-all [bug 2174013]


Created python3.7 tracking bugs for this issue:

Affects: fedora-all [bug 2174014]


Created python3.8 tracking bugs for this issue:

Affects: fedora-all [bug 2174015]


Created python3.9 tracking bugs for this issue:

Affects: fedora-all [bug 2174016]


Created python34 tracking bugs for this issue:

Affects: epel-all [bug 2174009]
Comment 4 Charalampos Stratakis 2023-03-02 01:43:12 UTC 
There are still discussions upstream about the issue here: https://github.com/python/cpython/issues/102153
Comment 6 Chris Mays 2023-04-01 15:06:38 UTC 
This bug is currently listed as being fixed in 3.11, however the link above (https://github.com/python/cpython/issues/102153) indicates that the alleged fix had zero affect.  Can/Should this be updated?
Comment 7 gabriele.gattari 2023-04-12 13:17:48 UTC 
affects RHEL 8.7
Comment 8 Lumír Balhar 2023-04-14 10:26:25 UTC 
I'm sorry it takes so long. There is no easy way out. The problem is very similar to the tarfile CVE (CVE-2007-4559). The behavior of urlparse and urlsplit functions is documented well and those functions are not intended to validate URLs. Therefore the upstream point of view is that the vulnerability is not in Python but might be in apps using these functions incorrectly.

Because the urllib module does not strictly follow any standard or RFC, it's almost impossible to do any backward-incompatible changes there.

We are trying to come up with a plan how to improve urllib module in Python in a way that would be future-proof, won't break backward compatibility, will be easily backportable into our systems and components and will be acceptable to upstream.

I'm also gonna open a discussion with the product security team about the severity and our point of view.
Comment 12 Lumír Balhar 2023-05-22 10:10:50 UTC 
The fix is available in:

3.12 (merged, will be part of the first beta release): https://github.com/python/cpython/commit/2f630e1ce18ad2e07428296532a68b11dc66ad10
3.11 (merged, bugfix release 3.11.4 expected in June): https://github.com/python/cpython/commit/610cc0ab1b760b2abaac92bd256b96191c46b941
3.10 (merged, security release 3.10.12 without date assigned): https://github.com/python/cpython/commit/f48a96a28012d28ae37a2f4587a780a5eb779946
3.9: (WIP): https://github.com/python/cpython/pull/104593
Comment 17 errata-xmlrpc 2023-06-08 11:52:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2023:3550 https://access.redhat.com/errata/RHSA-2023:3550
Comment 18 errata-xmlrpc 2023-06-09 07:57:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3556 https://access.redhat.com/errata/RHSA-2023:3556
Comment 19 errata-xmlrpc 2023-06-09 07:57:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3555 https://access.redhat.com/errata/RHSA-2023:3555
Comment 20 errata-xmlrpc 2023-06-14 08:42:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3585 https://access.redhat.com/errata/RHSA-2023:3585
Comment 21 errata-xmlrpc 2023-06-14 09:06:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3591 https://access.redhat.com/errata/RHSA-2023:3591
Comment 22 errata-xmlrpc 2023-06-14 09:46:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3595 https://access.redhat.com/errata/RHSA-2023:3595
Comment 23 errata-xmlrpc 2023-06-14 09:48:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3594 https://access.redhat.com/errata/RHSA-2023:3594
Comment 24 errata-xmlrpc 2023-06-22 11:47:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3776 https://access.redhat.com/errata/RHSA-2023:3776
Comment 25 errata-xmlrpc 2023-06-22 12:57:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3777 https://access.redhat.com/errata/RHSA-2023:3777
Comment 26 errata-xmlrpc 2023-06-22 14:29:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3780 https://access.redhat.com/errata/RHSA-2023:3780
Comment 27 errata-xmlrpc 2023-06-22 14:39:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3781 https://access.redhat.com/errata/RHSA-2023:3781
Comment 28 errata-xmlrpc 2023-06-26 10:44:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3796 https://access.redhat.com/errata/RHSA-2023:3796
Comment 29 errata-xmlrpc 2023-06-27 09:45:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3810 https://access.redhat.com/errata/RHSA-2023:3810
Comment 30 errata-xmlrpc 2023-06-27 09:49:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3811 https://access.redhat.com/errata/RHSA-2023:3811
Comment 31 errata-xmlrpc 2023-06-29 11:34:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:3931 https://access.redhat.com/errata/RHSA-2023:3931
Comment 32 errata-xmlrpc 2023-06-29 12:10:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3932 https://access.redhat.com/errata/RHSA-2023:3932
Comment 33 errata-xmlrpc 2023-06-29 12:28:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:3934 https://access.redhat.com/errata/RHSA-2023:3934
Comment 34 errata-xmlrpc 2023-06-29 12:45:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3935 https://access.redhat.com/errata/RHSA-2023:3935
Comment 35 errata-xmlrpc 2023-06-29 13:01:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3936 https://access.redhat.com/errata/RHSA-2023:3936
Comment 37 errata-xmlrpc 2023-07-10 08:57:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4004 https://access.redhat.com/errata/RHSA-2023:4004
Comment 38 errata-xmlrpc 2023-07-10 12:22:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4008 https://access.redhat.com/errata/RHSA-2023:4008
Comment 39 errata-xmlrpc 2023-07-12 08:24:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4038 https://access.redhat.com/errata/RHSA-2023:4038
Comment 40 errata-xmlrpc 2023-07-12 08:26:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4032 https://access.redhat.com/errata/RHSA-2023:4032
Comment 41 errata-xmlrpc 2023-07-18 14:52:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4203 https://access.redhat.com/errata/RHSA-2023:4203
Comment 42 errata-xmlrpc 2023-07-26 09:55:19 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2023:4282 https://access.redhat.com/errata/RHSA-2023:4282
Comment 45 errata-xmlrpc 2023-11-08 08:17:14 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:6793 https://access.redhat.com/errata/RHSA-2023:6793
Note You need to log in before you can comment on or make changes to this bug.