Bugzilla – Bug 1214693
VUL-0: CVE-2023-41105: python311: os.path.normpath truncates input on null bytes in 3.11, but not 3.10
Last modified: 2024-06-13 15:45:42 UTC
CVE-2023-41105 An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41105 https://www.cve.org/CVERecord?id=CVE-2023-41105 https://github.com/python/cpython/issues/106242 https://github.com/python/cpython/pull/107981 https://github.com/python/cpython/pull/107982 https://github.com/python/cpython/pull/107983 https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/
Affected: - SUSE:ALP:Source:Standard:1.0/python311 3.11.2 - SUSE:SLE-15-SP4:Update/python311 3.11.4 - openSUSE:Factory/python311 3.11.4 Not affected: - SUSE:SLE-11-SP1:Update/python 2.6.9 - SUSE:SLE-11-SP1:Update/python-base 2.6.9 - SUSE:SLE-12-SP1:Update/python 2.7.18 - SUSE:SLE-12-SP1:Update/python-base 2.7.18 - SUSE:SLE-12-SP4:Update/python 2.7.18 - SUSE:SLE-12-SP4:Update/python-base 2.7.18 - SUSE:SLE-15:Update/python 2.7.18 - SUSE:SLE-15:Update/python-base 2.7.18 - openSUSE:Factory/python 2.7.18 - SUSE:SLE-12:Update/python3 3.4.10 - SUSE:SLE-12-SP3:Update:Products:Teradata:Update/python36 3.6.15 - SUSE:SLE-12-SP5:Update/python36 3.6.15 - SUSE:SLE-15-SP3:Update/python39 3.9.17 - openSUSE:Factory/python39 3.9.17 - SUSE:ALP:Source:Standard:1.0/python310 3.10.10 - SUSE:SLE-15-SP4:Update/python310 3.10.12 - openSUSE:Factory/python310 3.10.12
This has been fixed in 3.11.5, which is already in Factory (and the update of changelog is in https://build.opensuse.org/request/show/1112994).
Sorry, it is https://build.opensuse.org/request/show/1113067
SUSE-SU-2023:3939-1: An update that solves two vulnerabilities can now be installed. Category: security (important) Bug References: 1214692, 1214693 CVE References: CVE-2023-40217, CVE-2023-41105 Sources used: Web and Scripting Module 12 (src): python3-3.4.10-25.116.1, python3-base-3.4.10-25.116.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): python3-3.4.10-25.116.1, python3-base-3.4.10-25.116.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): python3-3.4.10-25.116.1, python3-base-3.4.10-25.116.1 SUSE Linux Enterprise Server 12 SP5 (src): python3-3.4.10-25.116.1, python3-base-3.4.10-25.116.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): python3-3.4.10-25.116.1, python3-base-3.4.10-25.116.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3943-1: An update that solves two vulnerabilities can now be installed. Category: security (important) Bug References: 1214692, 1214693 CVE References: CVE-2023-40217, CVE-2023-41105 Sources used: openSUSE Leap 15.4 (src): python311-documentation-3.11.5-150400.9.20.2, python311-3.11.5-150400.9.20.1, python311-core-3.11.5-150400.9.20.2 openSUSE Leap 15.5 (src): python311-documentation-3.11.5-150400.9.20.2, python311-3.11.5-150400.9.20.1, python311-core-3.11.5-150400.9.20.2 Python 3 Module 15-SP4 (src): python311-documentation-3.11.5-150400.9.20.2, python311-3.11.5-150400.9.20.1, python311-core-3.11.5-150400.9.20.2 Python 3 Module 15-SP5 (src): python311-documentation-3.11.5-150400.9.20.2, python311-3.11.5-150400.9.20.1, python311-core-3.11.5-150400.9.20.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing