First published: Tue Mar 19 2024(Updated: )
An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Credit: cna@python.org cna@python.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/pypy3 | <=7.3.5+dfsg-2+deb11u2 | 7.3.11+dfsg-2+deb12u2 7.3.17+dfsg-2 |
debian/python2.7 | 2.7.18-8+deb11u1 | |
debian/python3.11 | 3.11.2-6+deb12u2 3.11.2-6+deb12u3 | |
debian/python3.12 | 3.12.6-1 3.12.7-1 | |
debian/python3.9 | <=3.9.2-1 |
allenpthuang> https://bugs.python.org/issue26660
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.