{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Python ist eine universelle, üblicherweise interpretierte, höhere Programmiersprache.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Python ausnutzen, um einen Denial of Service Angriff durchzuführen und Sicherheitsmaßnahmen zu umgehen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2022-1337 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1337.json" }, { "category" : "self", "summary" : "WID-SEC-2022-1337 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1337" }, { "category" : "external", "summary" : "Python Changelog - Python 3.7.14 final vom 2022-09-07", "url" : "https://docs.python.org/release/3.7.14/whatsnew/changelog.html#changelog" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2022:3473-1 vom 2022-09-30", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012460.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2022:6766 vom 2022-10-03", "url" : "https://access.redhat.com/errata/RHSA-2022:6766" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2022:3485-1 vom 2022-10-01", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012466.html" }, { "category" : "external", "summary" : "IBM Security Bulletin 6833562 vom 2022-11-01", "url" : "https://aix.software.ibm.com/aix/efixes/security/python_advisory2.asc" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2022-7323 vom 2022-11-02", "url" : "https://linux.oracle.com/errata/ELSA-2022-7323.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2022:7323 vom 2022-11-02", "url" : "https://access.redhat.com/errata/RHSA-2022:7323" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2022:3924-1 vom 2022-11-09", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012858.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2022:4251-1 vom 2022-11-28", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013125.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2022:4281-1 vom 2022-11-29", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013149.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2022:4274-1 vom 2022-11-29", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013139.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2022:4278-1 vom 2022-11-30", "url" : "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013163.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2022-1896 vom 2022-12-07", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2022-1896.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2022-212 vom 2022-12-09", "url" : "https://alas.aws.amazon.com/AL2022/ALAS-2022-212.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2023:0833 vom 2023-02-21", "url" : "https://access.redhat.com/errata/RHSA-2023:0833" }, { "category" : "external", "summary" : "Oracle Linux Security Advisory ELSA-2023-0833 vom 2023-02-22", "url" : "http://linux.oracle.com/errata/ELSA-2023-0833.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2023:1170 vom 2023-03-09", "url" : "https://access.redhat.com/errata/RHSA-2023:1170" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2023:0932 vom 2023-03-09", "url" : "https://access.redhat.com/errata/RHSA-2023:0932" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2023:0931 vom 2023-03-09", "url" : "https://access.redhat.com/errata/RHSA-2023:0931" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2023:0930 vom 2023-03-09", "url" : "https://access.redhat.com/errata/RHSA-2023:0930" }, { "category" : "external", "summary" : "IBM Security Bulletin 6989653 vom 2023-05-11", "url" : "https://www.ibm.com/support/pages/node/6989653" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2023:2763 vom 2023-05-16", "url" : "https://access.redhat.com/errata/RHSA-2023:2763" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2023:2764 vom 2023-05-16", "url" : "https://access.redhat.com/errata/RHSA-2023:2764" }, { "category" : "external", "summary" : "IBM Security Bulletin 6997507 vom 2023-05-23", "url" : "https://www.ibm.com/support/pages/node/6997507" }, { "category" : "external", "summary" : "IBM Security Bulletin 6999619 vom 2023-05-31", "url" : "https://www.ibm.com/support/pages/node/6999619" }, { "category" : "external", "summary" : "Debian Security Advisory DLA-3477 vom 2023-06-30", "url" : "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALASPYTHON3.8-2023-007 vom 2023-09-27", "url" : "https://alas.aws.amazon.com/AL2/ALASPYTHON3.8-2023-007.html" }, { "category" : "external", "summary" : "RedHat Security Advisory", "url" : "https://access.redhat.com/errata/RHSA-2024:0430" }, { "category" : "external", "summary" : "IBM Security Bulletin 7145367 vom 2024-03-27", "url" : "https://www.ibm.com/support/pages/node/7145367" }, { "category" : "external", "summary" : "Dell Security Advisory DSA-2024-198 vom 2024-05-08", "url" : "https://www.dell.com/support/kbdoc/000224827/dsa-2024-=" }, { "category" : "external", "summary" : "Debian Security Advisory DLA-3980 vom 2024-12-02", "url" : "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html" }, { "category" : "external", "summary" : "openSUSE Security Update OPENSUSE-SU-2025:14712-1 vom 2025-01-30", "url" : "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/FRICMO36O3BFBLAUZVPSBFGE736KGDNK/" }, { "category" : "external", "summary" : "openSUSE Security Update OPENSUSE-SU-2025:15713-1 vom 2025-11-08", "url" : "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/V7NUQ3GPXSJ6QCFNNBJQ5D3UZXUYCUBE/" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2023:2764 vom 2025-12-18", "url" : "https://errata.build.resf.org/RLSA-2023:2764" }, { "category" : "external", "summary" : "Rocky Linux Security Advisory RLSA-2023:2763 vom 2025-12-18", "url" : "https://errata.build.resf.org/RLSA-2023:2763" } ], "source_lang" : "en-US", "title" : "Python: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2025-12-17T23:00:00.000+00:00", "generator" : { "date" : "2025-12-18T10:35:03.454+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2022-1337", "initial_release_date" : "2022-09-07T22:00:00.000+00:00", "revision_history" : [ { "date" : "2022-09-07T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2022-09-08T22:00:00.000+00:00", "number" : "2", "summary" : "Referenz(en) aufgenommen: FEDORA-2022-B01214472E, FEDORA-2022-DD5032BEDF" }, { "date" : "2022-09-11T22:00:00.000+00:00", "number" : "3", "summary" : "Referenz(en) aufgenommen: FEDORA-2022-6D57598A23, FEDORA-2022-66B65BECCB, FEDORA-2022-4B31E33ED0, FEDORA-2022-29D436596F, FEDORA-2022-F330BBFDA2, FEDORA-2022-C072CDC3C8, FEDORA-2022-AC82A548DF, FEDORA-2022-8535093CBA" }, { "date" : "2022-09-13T22:00:00.000+00:00", "number" : "4", "summary" : "Referenz(en) aufgenommen: FEDORA-2022-F511F8F58B, FEDORA-2022-72213986B8" }, { "date" : "2022-09-14T22:00:00.000+00:00", "number" : "5", "summary" : "Referenz(en) aufgenommen: FEDORA-2022-0B3904C674" }, { "date" : "2022-09-18T22:00:00.000+00:00", "number" : "6", "summary" : "Referenz(en) aufgenommen: FEDORA-2022-141F632A6F" }, { "date" : "2022-10-03T22:00:00.000+00:00", "number" : "7", "summary" : "Neue Updates von SUSE und Red Hat aufgenommen" }, { "date" : "2022-10-09T22:00:00.000+00:00", "number" : "8", "summary" : "Referenz(en) aufgenommen: FEDORA-2022-958FD7A32E, FEDORA-2022-B8B34E62AB, FEDORA-2022-D4570FC1A6" }, { "date" : "2022-11-01T23:00:00.000+00:00", "number" : "9", "summary" : "Neue Updates von IBM und Fedora aufgenommen" }, { "date" : "2022-11-02T23:00:00.000+00:00", "number" : "10", "summary" : "Neue Updates von Oracle Linux und Red Hat aufgenommen" }, { "date" : "2022-11-09T23:00:00.000+00:00", "number" : "11", "summary" : "Neue Updates von SUSE aufgenommen" }, { "date" : "2022-11-28T23:00:00.000+00:00", "number" : "12", "summary" : "Neue Updates von SUSE aufgenommen" }, { "date" : "2022-11-29T23:00:00.000+00:00", "number" : "13", "summary" : "Neue Updates von SUSE aufgenommen" }, { "date" : "2022-11-30T23:00:00.000+00:00", "number" : "14", "summary" : "Neue Updates von SUSE aufgenommen" }, { "date" : "2022-12-06T23:00:00.000+00:00", "number" : "15", "summary" : "Neue Updates von Amazon aufgenommen" }, { "date" : "2022-12-11T23:00:00.000+00:00", "number" : "16", "summary" : "Neue Updates von Amazon aufgenommen" }, { "date" : "2023-02-21T23:00:00.000+00:00", "number" : "17", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2023-02-22T23:00:00.000+00:00", "number" : "18", "summary" : "Neue Updates von Oracle Linux aufgenommen" }, { "date" : "2023-03-08T23:00:00.000+00:00", "number" : "19", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2023-05-11T22:00:00.000+00:00", "number" : "20", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2023-05-16T22:00:00.000+00:00", "number" : "21", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2023-05-22T22:00:00.000+00:00", "number" : "22", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2023-05-31T22:00:00.000+00:00", "number" : "23", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2023-07-02T22:00:00.000+00:00", "number" : "24", "summary" : "Neue Updates von Debian aufgenommen" }, { "date" : "2023-09-27T22:00:00.000+00:00", "number" : "25", "summary" : "Neue Updates von Amazon aufgenommen" }, { "date" : "2024-01-24T23:00:00.000+00:00", "number" : "26", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2024-03-27T23:00:00.000+00:00", "number" : "27", "summary" : "Neue Updates von IBM aufgenommen" }, { "date" : "2024-05-07T22:00:00.000+00:00", "number" : "28", "summary" : "Neue Updates von Dell aufgenommen" }, { "date" : "2024-12-01T23:00:00.000+00:00", "number" : "29", "summary" : "Neue Updates von Debian aufgenommen" }, { "date" : "2025-01-30T23:00:00.000+00:00", "number" : "30", "summary" : "Neue Updates von openSUSE aufgenommen" }, { "date" : "2025-11-09T23:00:00.000+00:00", "number" : "31", "summary" : "Neue Updates von openSUSE aufgenommen" }, { "date" : "2025-12-17T23:00:00.000+00:00", "number" : "32", "summary" : "Neue Updates von Rocky Enterprise Software Foundation aufgenommen" } ], "status" : "final", "version" : "32" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Amazon Linux 2", "product" : { "name" : "Amazon Linux 2", "product_id" : "398363", "product_identification_helper" : { "cpe" : "cpe:/o:amazon:linux_2:-" } } } ], "category" : "vendor", "name" : "Amazon" }, { "branches" : [ { "category" : "product_name", "name" : "Debian Linux", "product" : { "name" : "Debian Linux", "product_id" : "2951", "product_identification_helper" : { "cpe" : "cpe:/o:debian:debian_linux:-" } } } ], "category" : "vendor", "name" : "Debian" }, { "branches" : [ { "branches" : [ { "category" : "product_version", "name" : "virtual", "product" : { "name" : "Dell NetWorker virtual", "product_id" : "T034583", "product_identification_helper" : { "cpe" : "cpe:/a:dell:networker:virtual" } } } ], "category" : "product_name", "name" : "NetWorker" } ], "category" : "vendor", "name" : "Dell" }, { "branches" : [ { "category" : "product_name", "name" : "EMC Avamar", "product" : { "name" : "EMC Avamar", "product_id" : "T014381", "product_identification_helper" : { "cpe" : "cpe:/a:emc:avamar:-" } } } ], "category" : "vendor", "name" : "EMC" }, { "branches" : [ { "branches" : [ { "category" : "product_version", "name" : "7.3", "product" : { "name" : "IBM AIX 7.3", "product_id" : "T021486", "product_identification_helper" : { "cpe" : "cpe:/o:ibm:aix:7.3" } } } ], "category" : "product_name", "name" : "AIX" }, { "branches" : [ { "category" : "product_version_range", "name" : "<7.5.0 UP8", "product" : { "name" : "IBM QRadar SIEM <7.5.0 UP8", "product_id" : "T033681" } }, { "category" : "product_version", "name" : "7.5.0 UP8", "product" : { "name" : "IBM QRadar SIEM 7.5.0 UP8", "product_id" : "T033681-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:qradar_siem:7.5.0_up8" } } } ], "category" : "product_name", "name" : "QRadar SIEM" }, { "branches" : [ { "category" : "product_version", "name" : "plus 10.1", "product" : { "name" : "IBM Spectrum Protect plus 10.1", "product_id" : "T015895", "product_identification_helper" : { "cpe" : "cpe:/a:ibm:spectrum_protect:plus_10.1" } } } ], "category" : "product_name", "name" : "Spectrum Protect" } ], "category" : "vendor", "name" : "IBM" }, { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<3.7.14", "product" : { "name" : "Open Source Python <3.7.14", "product_id" : "T024506" } }, { "category" : "product_version", "name" : "3.7.14", "product" : { "name" : "Open Source Python 3.7.14", "product_id" : "T024506-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:python:python:3.7.14" } } }, { "category" : "product_version_range", "name" : "<3.8.14", "product" : { "name" : "Open Source Python <3.8.14", "product_id" : "T024507" } }, { "category" : "product_version", "name" : "3.8.14", "product" : { "name" : "Open Source Python 3.8.14", "product_id" : "T024507-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:python:python:3.8.14" } } }, { "category" : "product_version_range", "name" : "<3.9.14", "product" : { "name" : "Open Source Python <3.9.14", "product_id" : "T024508" } }, { "category" : "product_version", "name" : "3.9.14", "product" : { "name" : "Open Source Python 3.9.14", "product_id" : "T024508-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:python:python:3.9.14" } } }, { "category" : "product_version_range", "name" : "<3.10.7", "product" : { "name" : "Open Source Python <3.10.7", "product_id" : "T024509" } }, { "category" : "product_version", "name" : "3.10.7", "product" : { "name" : "Open Source Python 3.10.7", "product_id" : "T024509-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:python:python:3.10.7" } } } ], "category" : "product_name", "name" : "Python" } ], "category" : "vendor", "name" : "Open Source" }, { "branches" : [ { "category" : "product_name", "name" : "Oracle Linux", "product" : { "name" : "Oracle Linux", "product_id" : "T004914", "product_identification_helper" : { "cpe" : "cpe:/o:oracle:linux:-" } } } ], "category" : "vendor", "name" : "Oracle" }, { "branches" : [ { "category" : "product_name", "name" : "RESF Rocky Linux", "product" : { "name" : "RESF Rocky Linux", "product_id" : "T032255", "product_identification_helper" : { "cpe" : "cpe:/o:resf:rocky_linux:-" } } } ], "category" : "vendor", "name" : "RESF" }, { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux", "product" : { "name" : "Red Hat Enterprise Linux", "product_id" : "67646", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches" : [ { "category" : "product_version", "name" : "5 Logging Subsystem", "product" : { "name" : "Red Hat OpenShift 5 Logging Subsystem", "product_id" : "T026681", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift:5::logging_subsystem" } } }, { "category" : "product_version", "name" : "Logging Subsystem 5.4.12", "product" : { "name" : "Red Hat OpenShift Logging Subsystem 5.4.12", "product_id" : "T026682", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift:5.4.12::logging_subsystem" } } }, { "category" : "product_version", "name" : "Logging Subsystem 5.6.3", "product" : { "name" : "Red Hat OpenShift Logging Subsystem 5.6.3", "product_id" : "T026683", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift:5.6.3::logging_subsystem" } } }, { "category" : "product_version", "name" : "Data Foundation 4", "product" : { "name" : "Red Hat OpenShift Data Foundation 4", "product_id" : "T026684", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift:4::data_foundation" } } } ], "category" : "product_name", "name" : "OpenShift" } ], "category" : "vendor", "name" : "Red Hat" }, { "branches" : [ { "category" : "product_name", "name" : "SUSE Linux", "product" : { "name" : "SUSE Linux", "product_id" : "T002207", "product_identification_helper" : { "cpe" : "cpe:/o:suse:suse_linux:-" } } }, { "category" : "product_name", "name" : "SUSE openSUSE", "product" : { "name" : "SUSE openSUSE", "product_id" : "T027843", "product_identification_helper" : { "cpe" : "cpe:/o:suse:opensuse:-" } } } ], "category" : "vendor", "name" : "SUSE" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2020-10735", "product_status" : { "known_affected" : [ "T026681", "67646", "T034583", "T033681", "T015895", "T004914", "T032255", "T024509", "T024506", "T024508", "T014381", "T024507", "2951", "T002207", "T027843", "398363", "T021486", "T026684", "T026682", "T026683" ] }, "release_date" : "2022-09-07T22:00:00.000+00:00", "title" : "CVE-2020-10735" }, { "product_status" : { "known_affected" : [ "T026681", "67646", "T034583", "T033681", "T015895", "T004914", "T032255", "T024509", "T024506", "T024508", "T014381", "T024507", "2951", "T002207", "T027843", "398363", "T021486", "T026684", "T026682", "T026683" ] }, "release_date" : "2022-09-07T22:00:00.000+00:00" } ] }