Bugzilla – Bug 1226448
VUL-0: CVE-2024-4032: python,python3,python310,python311,python312,python36,python39: incorrect IPv4 and IPv6 private ranges
Last modified: 2024-07-22 20:30:42 UTC
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-4032 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://github.com/python/cpython/issues/113171 https://github.com/python/cpython/pull/113179 https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/ https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml https://seclists.org/oss-sec/2024/q2/292 https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8 https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3 https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906 https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3
Fixed in 3.12.4, which we have already in Factory.
This is an autogenerated message for OBS integration: This bug (1226448) was mentioned in https://build.opensuse.org/request/show/1183503 Factory / python310 https://build.opensuse.org/request/show/1183504 Factory / python39 https://build.opensuse.org/request/show/1183507 Factory / python38 https://build.opensuse.org/request/show/1183510 Factory / python311
SUSE-SU-2024:2249-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1226447, 1226448 CVE References: CVE-2024-0397, CVE-2024-4032 Maintenance Incident: [SUSE:Maintenance:34506](https://smelt.suse.de/incident/34506/) Sources used: SUSE Linux Enterprise Micro 5.1 (src): python3-core-3.6.15-150000.3.150.1, python3-3.6.15-150000.3.150.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2254-1: An update that solves one vulnerability can now be installed. Category: security (low) Bug References: 1226448 CVE References: CVE-2024-4032 Maintenance Incident: [SUSE:Maintenance:34503](https://smelt.suse.de/incident/34503/) Sources used: openSUSE Leap 15.5 (src): python310-documentation-3.10.14-150400.4.51.1, python310-3.10.14-150400.4.51.1, python310-core-3.10.14-150400.4.51.1 openSUSE Leap 15.6 (src): python310-documentation-3.10.14-150400.4.51.1, python310-3.10.14-150400.4.51.1, python310-core-3.10.14-150400.4.51.1 openSUSE Leap 15.4 (src): python310-documentation-3.10.14-150400.4.51.1, python310-3.10.14-150400.4.51.1, python310-core-3.10.14-150400.4.51.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2274-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1226447, 1226448 CVE References: CVE-2024-0397, CVE-2024-4032 Maintenance Incident: [SUSE:Maintenance:34508](https://smelt.suse.de/incident/34508/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): python36-core-3.6.15-58.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): python36-core-3.6.15-58.1, python36-3.6.15-58.1 SUSE Linux Enterprise Server 12 SP5 (src): python36-core-3.6.15-58.1, python36-3.6.15-58.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): python36-core-3.6.15-58.1, python36-3.6.15-58.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2280-1: An update that solves two vulnerabilities can now be installed. Category: security (moderate) Bug References: 1226447, 1226448 CVE References: CVE-2024-0397, CVE-2024-4032 Maintenance Incident: [SUSE:Maintenance:34505](https://smelt.suse.de/incident/34505/) Sources used: openSUSE Leap 15.3 (src): python39-core-3.9.19-150300.4.46.1, python39-3.9.19-150300.4.46.1, python39-documentation-3.9.19-150300.4.46.1 openSUSE Leap 15.5 (src): python39-core-3.9.19-150300.4.46.1, python39-3.9.19-150300.4.46.1, python39-documentation-3.9.19-150300.4.46.1 openSUSE Leap 15.6 (src): python39-core-3.9.19-150300.4.46.1, python39-3.9.19-150300.4.46.1, python39-documentation-3.9.19-150300.4.46.1 Legacy Module 15-SP5 (src): python39-core-3.9.19-150300.4.46.1, python39-3.9.19-150300.4.46.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2414-1: An update that solves one vulnerability can now be installed. Category: security (low) Bug References: 1226448 CVE References: CVE-2024-4032 Maintenance Incident: [SUSE:Maintenance:34504](https://smelt.suse.de/incident/34504/) Sources used: Public Cloud Module 15-SP4 (src): python311-3.11.9-150400.9.29.1, python311-core-3.11.9-150400.9.29.1 Python 3 Module 15-SP5 (src): python311-3.11.9-150400.9.29.1, python311-core-3.11.9-150400.9.29.1, python311-documentation-3.11.9-150400.9.29.1 openSUSE Leap 15.4 (src): python311-3.11.9-150400.9.29.1, python311-core-3.11.9-150400.9.29.1, python311-documentation-3.11.9-150400.9.29.1 openSUSE Leap 15.5 (src): python311-3.11.9-150400.9.29.1, python311-core-3.11.9-150400.9.29.1, python311-documentation-3.11.9-150400.9.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2479-1: An update that solves four vulnerabilities and has three security fixes can now be installed. Category: security (important) Bug References: 1219559, 1220664, 1221563, 1221854, 1222075, 1226447, 1226448 CVE References: CVE-2023-52425, CVE-2024-0397, CVE-2024-0450, CVE-2024-4032 Maintenance Incident: [SUSE:Maintenance:33974](https://smelt.suse.de/incident/33974/) Sources used: openSUSE Leap 15.3 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2, python3-documentation-3.6.15-150300.10.65.1 openSUSE Leap Micro 5.3 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 openSUSE Leap Micro 5.4 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 openSUSE Leap 15.5 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2, python3-documentation-3.6.15-150300.10.65.1 openSUSE Leap 15.6 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2, python3-documentation-3.6.15-150300.10.65.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise Micro 5.3 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise Micro for Rancher 5.4 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise Micro 5.4 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise Micro 5.5 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 Basesystem Module 15-SP5 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 Basesystem Module 15-SP6 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 Development Tools Module 15-SP5 (src): python3-core-3.6.15-150300.10.65.1 Development Tools Module 15-SP6 (src): python3-core-3.6.15-150300.10.65.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Manager Proxy 4.3 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Manager Retail Branch Server 4.3 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Manager Server 4.3 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Enterprise Storage 7.1 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise Micro 5.2 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 SUSE Linux Enterprise Micro for Rancher 5.2 (src): python3-core-3.6.15-150300.10.65.1, python3-3.6.15-150300.10.65.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2572-1: An update that solves three vulnerabilities and has two security fixes can now be installed. URL: https://www.suse.com/support/update/announcement/2024/suse-su-20242572-1 Category: security (moderate) Bug References: 1225660, 1226447, 1226448, 1227152, 1227378 CVE References: CVE-2024-0397, CVE-2024-4030, CVE-2024-4032 Maintenance Incident: [SUSE:Maintenance:34718](https://smelt.suse.de/incident/34718/) Sources used: openSUSE Leap 15.6 (src): python312-core-3.12.4-150600.3.3.1, python312-documentation-3.12.4-150600.3.3.1, python312-3.12.4-150600.3.3.1 Python 3 Module 15-SP6 (src): python312-core-3.12.4-150600.3.3.1, python312-3.12.4-150600.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.