Bug 2302255 (CVE-2024-6923) - CVE-2024-6923 cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection
Summary: CVE-2024-6923 cpython: python: email module doesn't properly quotes newlines ...
Keywords:
Status: NEW
Alias: CVE-2024-6923
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2303155 2303156 2303157 2303158 2303159 2303160 2303161 2303162 2303163 2303164
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-08-01 14:30 UTC by OSIDB Bzimport
Modified: 2024-10-21 16:11 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:6415 0 None None None 2024-09-05 09:35:37 UTC
Red Hat Product Errata RHBA-2024:6432 0 None None None 2024-09-05 15:02:10 UTC
Red Hat Product Errata RHBA-2024:6514 0 None None None 2024-09-09 18:48:53 UTC
Red Hat Product Errata RHBA-2024:6603 0 None None None 2024-09-11 14:29:58 UTC
Red Hat Product Errata RHBA-2024:6651 0 None None None 2024-09-12 14:38:03 UTC
Red Hat Product Errata RHBA-2024:6674 0 None None None 2024-09-16 05:41:59 UTC
Red Hat Product Errata RHBA-2024:6675 0 None None None 2024-09-16 05:46:16 UTC
Red Hat Product Errata RHBA-2024:6924 0 None None None 2024-09-23 08:07:48 UTC
Red Hat Product Errata RHBA-2024:7035 0 None None None 2024-09-24 08:32:00 UTC
Red Hat Product Errata RHBA-2024:7046 0 None None None 2024-09-24 11:15:10 UTC
Red Hat Product Errata RHBA-2024:7047 0 None None None 2024-09-24 11:51:37 UTC
Red Hat Product Errata RHBA-2024:7059 0 None None None 2024-09-24 14:57:45 UTC
Red Hat Product Errata RHBA-2024:7060 0 None None None 2024-09-24 14:57:51 UTC
Red Hat Product Errata RHBA-2024:7093 0 None None None 2024-09-25 02:21:04 UTC
Red Hat Product Errata RHBA-2024:7119 0 None None None 2024-09-25 14:26:32 UTC
Red Hat Product Errata RHBA-2024:7154 0 None None None 2024-09-25 21:25:15 UTC
Red Hat Product Errata RHBA-2024:7155 0 None None None 2024-09-25 21:25:30 UTC
Red Hat Product Errata RHBA-2024:7157 0 None None None 2024-09-25 23:53:45 UTC
Red Hat Product Errata RHBA-2024:7158 0 None None None 2024-09-25 23:54:00 UTC
Red Hat Product Errata RHBA-2024:7384 0 None None None 2024-09-30 13:53:52 UTC
Red Hat Product Errata RHBA-2024:7385 0 None None None 2024-09-30 14:08:30 UTC
Red Hat Product Errata RHBA-2024:7388 0 None None None 2024-09-30 14:35:33 UTC
Red Hat Product Errata RHBA-2024:7560 0 None None None 2024-10-02 21:02:20 UTC
Red Hat Product Errata RHBA-2024:7569 0 None None None 2024-10-03 00:31:52 UTC
Red Hat Product Errata RHBA-2024:7627 0 None None None 2024-10-03 12:11:51 UTC
Red Hat Product Errata RHBA-2024:7630 0 None None None 2024-10-03 13:22:45 UTC
Red Hat Product Errata RHBA-2024:7631 0 None None None 2024-10-03 13:32:03 UTC
Red Hat Product Errata RHBA-2024:7754 0 None None None 2024-10-07 13:41:59 UTC
Red Hat Product Errata RHBA-2024:7857 0 None None None 2024-10-09 12:02:05 UTC
Red Hat Product Errata RHBA-2024:8297 0 None None None 2024-10-21 16:11:26 UTC
Red Hat Product Errata RHSA-2024:5962 0 None None None 2024-08-28 18:51:56 UTC
Red Hat Product Errata RHSA-2024:6146 0 None None None 2024-09-03 02:21:12 UTC
Red Hat Product Errata RHSA-2024:6163 0 None None None 2024-09-03 17:46:41 UTC
Red Hat Product Errata RHSA-2024:6179 0 None None None 2024-09-03 19:53:56 UTC
Red Hat Product Errata RHSA-2024:6909 0 None None None 2024-09-23 01:54:53 UTC
Red Hat Product Errata RHSA-2024:6915 0 None None None 2024-09-23 01:47:41 UTC
Red Hat Product Errata RHSA-2024:6961 0 None None None 2024-09-24 00:48:31 UTC
Red Hat Product Errata RHSA-2024:6962 0 None None None 2024-09-24 00:48:50 UTC
Red Hat Product Errata RHSA-2024:6975 0 None None None 2024-09-24 02:58:33 UTC
Red Hat Product Errata RHSA-2024:7137 0 None None None 2024-09-25 18:33:21 UTC
Red Hat Product Errata RHSA-2024:7213 0 None None None 2024-09-26 13:28:34 UTC
Red Hat Product Errata RHSA-2024:7374 0 None None None 2024-09-30 10:26:17 UTC
Red Hat Product Errata RHSA-2024:7415 0 None None None 2024-10-01 02:29:27 UTC
Red Hat Product Errata RHSA-2024:8103 0 None None None 2024-10-15 00:41:43 UTC

Description OSIDB Bzimport 2024-08-01 14:30:31 UTC 
There is a MEDIUM severity vulnerability affecting CPython.

The 
email module didn’t properly quote newlines for email headers when 
serializing an email message allowing for header injection when an email
 is serialized.
Comment 2 errata-xmlrpc 2024-08-28 18:51:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:5962 https://access.redhat.com/errata/RHSA-2024:5962
Comment 3 errata-xmlrpc 2024-09-03 02:21:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6146 https://access.redhat.com/errata/RHSA-2024:6146
Comment 4 errata-xmlrpc 2024-09-03 17:46:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6163 https://access.redhat.com/errata/RHSA-2024:6163
Comment 5 errata-xmlrpc 2024-09-03 19:53:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6179 https://access.redhat.com/errata/RHSA-2024:6179
Comment 6 errata-xmlrpc 2024-09-23 01:47:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:6915 https://access.redhat.com/errata/RHSA-2024:6915
Comment 7 errata-xmlrpc 2024-09-23 01:54:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:6909 https://access.redhat.com/errata/RHSA-2024:6909
Comment 8 errata-xmlrpc 2024-09-24 00:48:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6961 https://access.redhat.com/errata/RHSA-2024:6961
Comment 9 errata-xmlrpc 2024-09-24 00:48:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6962 https://access.redhat.com/errata/RHSA-2024:6962
Comment 10 errata-xmlrpc 2024-09-24 02:58:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6975 https://access.redhat.com/errata/RHSA-2024:6975
Comment 11 errata-xmlrpc 2024-09-25 18:33:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:7137 https://access.redhat.com/errata/RHSA-2024:7137
Comment 12 errata-xmlrpc 2024-09-26 13:28:33 UTC 
This issue has been addressed in the following products:

  Service Interconnect 1.4 for RHEL 9

Via RHSA-2024:7213 https://access.redhat.com/errata/RHSA-2024:7213
Comment 13 errata-xmlrpc 2024-09-30 10:26:16 UTC 
This issue has been addressed in the following products:

  Service Interconnect 1 for RHEL 9

Via RHSA-2024:7374 https://access.redhat.com/errata/RHSA-2024:7374
Comment 14 errata-xmlrpc 2024-10-01 02:29:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:7415 https://access.redhat.com/errata/RHSA-2024:7415
Comment 16 errata-xmlrpc 2024-10-15 00:41:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:8103 https://access.redhat.com/errata/RHSA-2024:8103
Note You need to log in before you can comment on or make changes to this bug.