CVE-2022-42919: Python 3.9, 3.10, and 3.11.0rc2 on Linux may allow for a local privilege escalation attack in a non-default configuration when code uses the multiprocessing module and configures multiprocessing to use the forkserver start method. Reference: https://github.com/python/cpython/issues/97514
Created pypy3.9 tracking bugs for this issue: Affects: fedora-all [bug 2138712] Created python3.10 tracking bugs for this issue: Affects: fedora-all [bug 2138709] Created python3.11 tracking bugs for this issue: Affects: fedora-all [bug 2138710] Created python3.9 tracking bugs for this issue: Affects: fedora-all [bug 2138711]
I'd like to create a reproducer for this issue but I'm afraid it's far from easy.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2022:8492 https://access.redhat.com/errata/RHSA-2022:8492
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Red Hat Enterprise Linux 9 Via RHSA-2022:8493 https://access.redhat.com/errata/RHSA-2022:8493
FEDORA-2022-a7cad6bd22 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-42919