| Description: | Summary:
The remote host is missing an update for the Huawei EulerOS 'python3' package(s) announced via the EulerOS-SA-2025-1280 advisory.
Vulnerability Insight:
The 'ipaddress' module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as 'globally reachable' or 'private'. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.(CVE-2024-4032)
A defect was discovered in the Python 'ssl' module where there is a memory race condition with the ssl.SSLContext methods 'cert_store_stats()' and 'get_ca_certs()'. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext,such as during the TLS handshake with a certificate directory configured.This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.(CVE-2024-0397)
Affected Software/OS:
'python3' package(s) on Huawei EulerOS V2.0SP9.
Solution:
Please install the updated package(s).
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
