Anolis OS update for python39:3.9 module

Published: 2025-03-28

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-6232
CWE-ID	CWE-185
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Anolis OS Operating systems & Components / Operating system python39-setuptools-wheel Operating systems & Components / Operating system package or component python39-setuptools Operating systems & Components / Operating system package or component python39-rpm-macros Operating systems & Components / Operating system package or component python39-tkinter Operating systems & Components / Operating system package or component python39-test Operating systems & Components / Operating system package or component python39-libs Operating systems & Components / Operating system package or component python39-idle Operating systems & Components / Operating system package or component python39-devel Operating systems & Components / Operating system package or component python39-debug Operating systems & Components / Operating system package or component python39 Operating systems & Components / Operating system package or component python39-pip-wheel Operating systems & Components / Operating system package or component python39-pip Operating systems & Components / Operating system package or component python39-idna Operating systems & Components / Operating system package or component python39-psycopg2-tests Operating systems & Components / Operating system package or component python39-psycopg2-doc Operating systems & Components / Operating system package or component python39-psycopg2 Operating systems & Components / Operating system package or component python39-cryptography Operating systems & Components / Operating system package or component python39-urllib3 Operating systems & Components / Operating system package or component python39-requests Operating systems & Components / Operating system package or component python39-pytest Operating systems & Components / Operating system package or component python39-scipy Operating systems & Components / Operating system package or component python39-mod_wsgi Operating systems & Components / Operating system package or component python39-numpy-doc Operating systems & Components / Operating system package or component python39-numpy-f2py Operating systems & Components / Operating system package or component python39-numpy Operating systems & Components / Operating system package or component python39-wheel-wheel Operating systems & Components / Operating system package or component python39-wheel Operating systems & Components / Operating system package or component python39-wcwidth Operating systems & Components / Operating system package or component python39-toml Operating systems & Components / Operating system package or component python39-six Operating systems & Components / Operating system package or component python39-pysocks Operating systems & Components / Operating system package or component python39-pyparsing Operating systems & Components / Operating system package or component python39-pycparser Operating systems & Components / Operating system package or component python39-py Operating systems & Components / Operating system package or component python39-ply Operating systems & Components / Operating system package or component python39-pluggy Operating systems & Components / Operating system package or component python39-packaging Operating systems & Components / Operating system package or component python39-more-itertools Operating systems & Components / Operating system package or component python39-iniconfig Operating systems & Components / Operating system package or component python39-chardet Operating systems & Components / Operating system package or component python39-attrs Operating systems & Components / Operating system package or component python39-PyMySQL Operating systems & Components / Operating system package or component python39-pyyaml Operating systems & Components / Operating system package or component python39-pybind11-devel Operating systems & Components / Operating system package or component python39-pybind11 Operating systems & Components / Operating system package or component python39-psutil Operating systems & Components / Operating system package or component python39-lxml Operating systems & Components / Operating system package or component python39-cffi Operating systems & Components / Operating system package or component python39-Cython Operating systems & Components / Operating system package or component
Vendor	OpenAnolis

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Incorrect Regular Expression

EUVDB-ID: #VU96745

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-6232

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of .tar archives when processing it with regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python39-setuptools-wheel: before 50.3.2-6

python39-setuptools: before 50.3.2-6

python39-rpm-macros: before 3.9.20-1.0.1

python39-tkinter: before 3.9.20-1.0.1

python39-test: before 3.9.20-1.0.1

python39-libs: before 3.9.20-1.0.1

python39-idle: before 3.9.20-1.0.1

python39-devel: before 3.9.20-1.0.1

python39-debug: before 3.9.20-1.0.1

python39: before 3.9.20-1.0.1

python39-pip-wheel: before 20.2.4-9

python39-pip: before 20.2.4-9

python39-idna: before 2.10-4

python39-psycopg2-tests: before 2.8.6-3.0.1

python39-psycopg2-doc: before 2.8.6-3.0.1

python39-psycopg2: before 2.8.6-3.0.1

python39-cryptography: before 3.3.1-3

python39-urllib3: before 1.25.10-5

python39-requests: before 2.25.0-3

python39-pytest: before 6.0.2-2.0.1

python39-scipy: before 1.5.4-5.0.1

python39-mod_wsgi: before 4.7.1-7

python39-numpy-doc: before 1.19.4-3.0.1

python39-numpy-f2py: before 1.19.4-3.0.1

python39-numpy: before 1.19.4-3.0.1

python39-wheel-wheel: before 0.35.1-4

python39-wheel: before 0.35.1-4

python39-wcwidth: before 0.2.5-3

python39-toml: before 0.10.1-5

python39-six: before 1.15.0-3

python39-pysocks: before 1.7.1-4

python39-pyparsing: before 2.4.7-5

python39-pycparser: before 2.20-3

python39-py: before 1.10.0-1

python39-ply: before 3.11-10

python39-pluggy: before 0.13.1-3

python39-packaging: before 20.4-4

python39-more-itertools: before 8.5.0-2

python39-iniconfig: before 1.1.1-2

python39-chardet: before 3.0.4-19

python39-attrs: before 20.3.0-2

python39-PyMySQL: before 0.10.1-2

python39-pyyaml: before 5.4.1-1

python39-pybind11-devel: before 2.7.1-1

python39-pybind11: before 2.7.1-1

python39-psutil: before 5.8.0-4.0.1

python39-lxml: before 4.6.5-1

python39-cffi: before 1.14.3-2

python39-Cython: before 0.29.21-5

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0980

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.