Bug 2276518 (CVE-2023-6597) - CVE-2023-6597 python: Path traversal on tempfile.TemporaryDirectory
Summary: CVE-2023-6597 python: Path traversal on tempfile.TemporaryDirectory
Keywords:
Status: NEW
Alias: CVE-2023-6597
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2276519
TreeView+ depends on / blocked
 
Reported: 2024-04-22 20:19 UTC by Marco Benatto
Modified: 2024-10-10 13:47 UTC (History)
31 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:3356 0 None None None 2024-05-28 08:27:09 UTC
Red Hat Product Errata RHBA-2024:3357 0 None None None 2024-05-28 08:23:37 UTC
Red Hat Product Errata RHBA-2024:3359 0 None None None 2024-05-28 08:33:11 UTC
Red Hat Product Errata RHBA-2024:3374 0 None None None 2024-05-28 09:28:41 UTC
Red Hat Product Errata RHBA-2024:3384 0 None None None 2024-05-28 09:28:57 UTC
Red Hat Product Errata RHBA-2024:3387 0 None None None 2024-05-28 12:16:34 UTC
Red Hat Product Errata RHBA-2024:3388 0 None None None 2024-05-28 12:17:30 UTC
Red Hat Product Errata RHBA-2024:3394 0 None None None 2024-05-28 12:59:40 UTC
Red Hat Product Errata RHBA-2024:3395 0 None None None 2024-05-28 12:58:17 UTC
Red Hat Product Errata RHBA-2024:3396 0 None None None 2024-05-28 13:00:32 UTC
Red Hat Product Errata RHBA-2024:3446 0 None None None 2024-05-29 07:59:18 UTC
Red Hat Product Errata RHBA-2024:3447 0 None None None 2024-05-29 07:59:14 UTC
Red Hat Product Errata RHBA-2024:3478 0 None None None 2024-05-29 20:03:32 UTC
Red Hat Product Errata RHBA-2024:3548 0 None None None 2024-06-03 11:34:50 UTC
Red Hat Product Errata RHBA-2024:3556 0 None None None 2024-06-03 14:55:40 UTC
Red Hat Product Errata RHBA-2024:4060 0 None None None 2024-06-24 07:35:33 UTC
Red Hat Product Errata RHBA-2024:4085 0 None None None 2024-06-25 08:24:51 UTC
Red Hat Product Errata RHBA-2024:4086 0 None None None 2024-06-25 08:26:36 UTC
Red Hat Product Errata RHBA-2024:4087 0 None None None 2024-06-25 08:31:56 UTC
Red Hat Product Errata RHBA-2024:4089 0 None None None 2024-06-25 09:23:42 UTC
Red Hat Product Errata RHBA-2024:4090 0 None None None 2024-06-25 09:23:56 UTC
Red Hat Product Errata RHBA-2024:4091 0 None None None 2024-06-25 09:25:04 UTC
Red Hat Product Errata RHBA-2024:4111 0 None None None 2024-06-26 01:39:42 UTC
Red Hat Product Errata RHBA-2024:4117 0 None None None 2024-06-26 09:17:57 UTC
Red Hat Product Errata RHBA-2024:4141 0 None None None 2024-06-26 17:39:13 UTC
Red Hat Product Errata RHBA-2024:4143 0 None None None 2024-06-26 18:56:03 UTC
Red Hat Product Errata RHBA-2024:4168 0 None None None 2024-06-27 14:26:20 UTC
Red Hat Product Errata RHBA-2024:4175 0 None None None 2024-07-01 00:21:39 UTC
Red Hat Product Errata RHBA-2024:4176 0 None None None 2024-07-01 00:26:59 UTC
Red Hat Product Errata RHBA-2024:4177 0 None None None 2024-07-01 00:27:49 UTC
Red Hat Product Errata RHBA-2024:4178 0 None None None 2024-07-01 00:26:00 UTC
Red Hat Product Errata RHBA-2024:4182 0 None None None 2024-07-01 05:09:32 UTC
Red Hat Product Errata RHBA-2024:4183 0 None None None 2024-07-01 05:13:04 UTC
Red Hat Product Errata RHBA-2024:4187 0 None None None 2024-07-01 07:23:48 UTC
Red Hat Product Errata RHBA-2024:4188 0 None None None 2024-07-01 07:35:11 UTC
Red Hat Product Errata RHBA-2024:4189 0 None None None 2024-07-01 07:35:15 UTC
Red Hat Product Errata RHBA-2024:4190 0 None None None 2024-07-01 07:35:05 UTC
Red Hat Product Errata RHBA-2024:4191 0 None None None 2024-07-01 07:34:54 UTC
Red Hat Product Errata RHBA-2024:4192 0 None None None 2024-07-01 07:34:40 UTC
Red Hat Product Errata RHBA-2024:4193 0 None None None 2024-07-01 07:34:35 UTC
Red Hat Product Errata RHBA-2024:4194 0 None None None 2024-07-01 07:34:28 UTC
Red Hat Product Errata RHBA-2024:4202 0 None None None 2024-07-01 12:29:17 UTC
Red Hat Product Errata RHBA-2024:4203 0 None None None 2024-07-01 12:14:39 UTC
Red Hat Product Errata RHBA-2024:4206 0 None None None 2024-07-01 13:09:45 UTC
Red Hat Product Errata RHBA-2024:4218 0 None None None 2024-07-02 11:52:22 UTC
Red Hat Product Errata RHBA-2024:4539 0 None None None 2024-07-15 15:13:40 UTC
Red Hat Product Errata RHBA-2024:4658 0 None None None 2024-07-18 18:10:33 UTC
Red Hat Product Errata RHBA-2024:5556 0 None None None 2024-08-19 07:57:43 UTC
Red Hat Product Errata RHBA-2024:5841 0 None None None 2024-08-26 09:00:29 UTC
Red Hat Product Errata RHBA-2024:5921 0 None None None 2024-08-28 06:36:25 UTC
Red Hat Product Errata RHBA-2024:6506 0 None None None 2024-09-09 17:01:06 UTC
Red Hat Product Errata RHBA-2024:6507 0 None None None 2024-09-09 17:01:16 UTC
Red Hat Product Errata RHBA-2024:6771 0 None None None 2024-09-18 17:32:02 UTC
Red Hat Product Errata RHSA-2024:3347 0 None None None 2024-05-23 16:17:07 UTC
Red Hat Product Errata RHSA-2024:3391 0 None None None 2024-05-28 13:02:40 UTC
Red Hat Product Errata RHSA-2024:3466 0 None None None 2024-05-29 13:20:09 UTC
Red Hat Product Errata RHSA-2024:4058 0 None None None 2024-06-24 04:45:18 UTC
Red Hat Product Errata RHSA-2024:4077 0 None None None 2024-06-25 05:20:28 UTC
Red Hat Product Errata RHSA-2024:4078 0 None None None 2024-06-25 05:39:56 UTC
Red Hat Product Errata RHSA-2024:4166 0 None None None 2024-06-27 14:05:45 UTC
Red Hat Product Errata RHSA-2024:4370 0 None None None 2024-07-08 11:40:08 UTC
Red Hat Product Errata RHSA-2024:4406 0 None None None 2024-07-09 08:48:48 UTC
Red Hat Product Errata RHSA-2024:4456 0 None None None 2024-07-10 13:20:53 UTC
Red Hat Product Errata RHSA-2024:4865 0 None None None 2024-07-25 10:41:34 UTC
Red Hat Product Errata RHSA-2024:4871 0 None None None 2024-07-25 14:29:23 UTC
Red Hat Product Errata RHSA-2024:4896 0 None None None 2024-07-29 07:01:25 UTC
Red Hat Product Errata RHSA-2024:5535 0 None None None 2024-08-19 06:49:55 UTC
Red Hat Product Errata RHSA-2024:5689 0 None None None 2024-08-21 11:29:25 UTC

Comment 2 Lumír Balhar 2024-04-22 20:48:04 UTC
The fix is in these upstream releases: 3.12.1, 3.11.8, 3.10.14, 3.9.19 and 3.8.19

Comment 12 errata-xmlrpc 2024-05-23 16:17:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3347 https://access.redhat.com/errata/RHSA-2024:3347

Comment 13 errata-xmlrpc 2024-05-28 13:02:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:3391 https://access.redhat.com/errata/RHSA-2024:3391

Comment 14 errata-xmlrpc 2024-05-29 13:20:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:3466 https://access.redhat.com/errata/RHSA-2024:3466

Comment 16 errata-xmlrpc 2024-06-24 04:45:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:4058 https://access.redhat.com/errata/RHSA-2024:4058

Comment 17 errata-xmlrpc 2024-06-25 05:20:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4077 https://access.redhat.com/errata/RHSA-2024:4077

Comment 18 errata-xmlrpc 2024-06-25 05:39:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:4078 https://access.redhat.com/errata/RHSA-2024:4078

Comment 19 errata-xmlrpc 2024-06-27 14:05:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:4166 https://access.redhat.com/errata/RHSA-2024:4166

Comment 20 errata-xmlrpc 2024-07-08 11:40:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:4370 https://access.redhat.com/errata/RHSA-2024:4370

Comment 21 errata-xmlrpc 2024-07-09 08:48:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:4406 https://access.redhat.com/errata/RHSA-2024:4406

Comment 22 errata-xmlrpc 2024-07-10 13:20:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:4456 https://access.redhat.com/errata/RHSA-2024:4456

Comment 23 errata-xmlrpc 2024-07-25 10:41:30 UTC
This issue has been addressed in the following products:

  Service Interconnect 1.4 for RHEL 9

Via RHSA-2024:4865 https://access.redhat.com/errata/RHSA-2024:4865

Comment 24 errata-xmlrpc 2024-07-25 14:29:19 UTC
This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 9

Via RHSA-2024:4871 https://access.redhat.com/errata/RHSA-2024:4871

Comment 25 errata-xmlrpc 2024-07-29 07:01:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:4896 https://access.redhat.com/errata/RHSA-2024:4896

Comment 26 errata-xmlrpc 2024-08-19 06:49:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:5535 https://access.redhat.com/errata/RHSA-2024:5535

Comment 27 errata-xmlrpc 2024-08-21 11:29:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:5689 https://access.redhat.com/errata/RHSA-2024:5689


Note You need to log in before you can comment on or make changes to this bug.