Cloudsmith - Repositories - Xenit Solutions (xenit) - open-source (open-source) - oracle-python

Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package _(implicit)
name:my-package _(explicit)

Search by package filename:
my-package.ext _(implicit)
filename:my-package.ext _(explicit)

Search by package tag:
latest _(implicit)
tag:latest _(explicit)

Search by package version:
1.0.0 _(implicit)
version:1.0.0 _(explicit)
prerelease:true _{(prereleases)}
prerelease:false _{(no prereleases)}

Search by package architecture:
architecture:x86_64

Search by package distribution:
distribution:el

Search by package license:
license:MIT

Search by package format:
format:deb

Search by package status:
status:in_progress

Search by package file checksum:
checksum:5afba

Search by package security status:
severity:critical

Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000

Search by # of package downloads:
downloads:>8
downloads:<100

Search by package type:
type:binary
type:source

Search by package size (bytes):
size:>50000
size:<10000

Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0

Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Go, Helm, Hex, LuaRocks, Maven, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial

Set Me Up

Open-Source — xenit (Xenit Solutions) / open-source — GitHub Project

A certifiably-awesome open-source package repository curated by Xenit Solutions, hosted by Cloudsmith.

Note: Packages in this repository are licensed as Apache License 2.0 (dependencies may be licensed differently).

oracle-python 476f1430ef3350576e2fb3ee6fe…

Download

One-liner (summary)

A certifiably-awesome package curated by github, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by github, hosted by Cloudsmith.

License

Unknown

Size

630.3 MB

Downloads

Tags

image amd64 linux ethsgm-57 ethsgm-57-2.1.2

Status	Completed
Checksum (MD5)	f068fa997b8373d1df2dc80c5396e563
Checksum (SHA-1)	72b9f0f33444f6ca0acf15a35a61693cf20a26c9
Checksum (SHA-256)	476f1430ef3350576e2fb3ee6feed676cbed59bc6c525e8a2ad81d597f2907fd
Checksum (SHA-512)	5414f0816c14ebe281e1d6e6312695714775da49ec9de5be037a536633446a5e38…
GPG Signature	Download
GPG Fingerprint	14470fdf36fd6dc2f943a5fad23c41a52ddef4fa
Storage Region	Frankfurt, Germany
Type	Binary (contains binaries and binary artifacts)
Uploaded At	1 week ago
Uploaded By
Slug Id	oracle-python-8axr
Unique Id	h2rEbh7TcRSJ
Version (Raw)	476f1430ef3350576e2fb3ee6feed676cbed59bc6c525e8a2ad81d597f2907fd
Version (Parsed)	Type: Unknown
	docker-specific metadata
Image Digest	sha256:476f1430ef3350576e2fb3ee6feed676cbed59bc6c525e8a2ad81d597f2907fd
Config Digest	sha256:9505a0393de4e7e5e63ecd11352a7925573bfa22564b288510a4a0caa53f3c53
V1 OCI Index Digest	sha256:b4ed2883255726328f0cac558bf69267a7dcccca6a236cfdf6ca2d4103f32874
V1 Distribution (Signed) Digest	sha256:5f3cdc42e330e9bfb6ef0db4a0623f2728f6e9214ef8f78532b9e9f466bebf10
V1 OCI Digest	sha256:5d9f8e2ee27b140fb3152a898ba6900d59c455d3a61e547c535d4660b23423e3
V2 Distribution List Digest	sha256:4de85ec2de6b6e35ced2e648082a5de1673f375535ffb0cf16129361a7fc51b9
V1 Distribution Digest	sha256:00b548a5d86e199e48dec1ccfb505cfa1ca93b6341e822d1029baa00c9173576
V2 Distribution Digest	sha256:476f1430ef3350576e2fb3ee6feed676cbed59bc6c525e8a2ad81d597f2907fd
	extended metadata
Manifest Type	V2 Distribution
Architecture	amd64
Config	Args Escaped Attach Stderr Attach Stdin Attach Stdout Cmd sqlplus -v Env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Image sha256:52e8dc8d5170c285572f7f26cad59cea1865ba0ad7380850211733aed605c042 Labels 'eu.xenit.gradle.docker.git.origin' 'https://github.com/xenit-eu/oracle-python' Labels 'eu.xenit.gradle.docker.git.commit.author' 'Wim Fabri <wim.fabri@xenit.eu>' Labels 'eu.xenit.gradle.docker.git.commit.id' '1cd22452cfe961e8fc8c24472c16c7e8216dd4e0' Labels 'eu.xenit.gradle.docker.git.commit.url' 'https://github.com/xenit-eu/oracle-python/commit/1cd22452cfe961e8fc8c24472c16c7e8216dd4e0' Labels 'eu.xenit.gradle.docker.git.branch' 'ethsgm-57' Open Stdin Stdin Once Tty
Container	6538cabf100ec38cb9242e0dcaa8b8fca8c7050f77b065a74e3b230013d130ad
Container Config	Args Escaped Attach Stderr Attach Stdin Attach Stdout Cmd /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.origin=https://github.com/xenit-eu/oracle-python Env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Hostname 6538cabf100e Image sha256:52e8dc8d5170c285572f7f26cad59cea1865ba0ad7380850211733aed605c042 Labels 'eu.xenit.gradle.docker.git.origin' 'https://github.com/xenit-eu/oracle-python' Labels 'eu.xenit.gradle.docker.git.commit.author' 'Wim Fabri <wim.fabri@xenit.eu>' Labels 'eu.xenit.gradle.docker.git.commit.id' '1cd22452cfe961e8fc8c24472c16c7e8216dd4e0' Labels 'eu.xenit.gradle.docker.git.commit.url' 'https://github.com/xenit-eu/oracle-python/commit/1cd22452cfe961e8fc8c24472c16c7e8216dd4e0' Labels 'eu.xenit.gradle.docker.git.branch' 'ethsgm-57' Open Stdin Stdin Once Tty
Created	2024-09-11 16:05:23 UTC
Docker Version	26.1.3
Os	linux

This package was uploaded with the following V2 Distribution manifest:

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 4493,
      "digest": "sha256:f4471563f442042e844c5c0ec160d53097495e0ec2921a20d16dc1c9331db607"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 100715124,
         "digest": "sha256:adaa90b6e671c8dbb4f88a663eaaed9a3ddd87cbc357d4e20b81dbd79ad86375"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 87337795,
         "digest": "sha256:549f5fee1e60d8da1d45060a8d79dac3230541bb47fc56c3ccda0d872b99c37b"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 453281917,
         "digest": "sha256:771b2772b160f235e09faaa0f1dea4ee46a9029911d7bfc388b948bb0a5271c6"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 19583175,
         "digest": "sha256:9497240b32245452bb9553b617b38e367e691668c244d4106947ab8f5c5d796e"
      }
   ]
}

	Digest: sha256:adaa90b6e671c8dbb4f88a663eaaed9a3ddd87cbc357d4e20b81dbd79ad86375 Command: /bin/sh -c #(nop) ADD file:0a3a9e560f49471ac4b4a04d79e5a1656dcd3d69171fba02bbe289545bb48815 in /	96.0 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) CMD ["/bin/bash"]	32 bytes
	Digest: sha256:549f5fee1e60d8da1d45060a8d79dac3230541bb47fc56c3ccda0d872b99c37b Command: RUN /bin/sh -c dnf -y install oracle-instantclient-release-el8 && dnf -y install oracle-instantclient-basic oracle-instantclient-devel oracle-instantclient-sqlplus && rm -rf /var/cache/dnf # buildkit	83.3 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: CMD ["sqlplus" "-v"]	32 bytes
	Digest: sha256:771b2772b160f235e09faaa0f1dea4ee46a9029911d7bfc388b948bb0a5271c6 Command: /bin/sh -c yum install -y oracle-epel-release-el8 && yum install -y python3.11 python3.11-devel python3.11-pip gcc-c++	432.3 MB
	Digest: sha256:9497240b32245452bb9553b617b38e367e691668c244d4106947ab8f5c5d796e Command: /bin/sh -c pip3.11 install cx_Oracle requests sqlalchemy records==0.6.0 && yum remove -y gcc-c++ && rm -rf /root/.cache /usr/lib/python3*/__pycache && rm -rf /var/cache/yum	18.7 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.branch=ethsgm-57	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.commit.author=Wim Fabri <wim.fabri@xenit.eu>	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.commit.id=1cd22452cfe961e8fc8c24472c16c7e8216dd4e0	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.commit.url=https://github.com/xenit-eu/oracle-python/commit/1cd22452cfe961e8fc8c24472c16c7e8216dd4e0	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.origin=https://github.com/xenit-eu/oracle-python	32 bytes

oracle-python 1411216b8dc290c861ef96c8eeb06d6d2ed7e04…	image amd64 linux main-2.1.2 main 630.3 MB — 1 week ago	6
oracle-python 1411216b8dc290c861ef96c8eeb06d6d2ed7e04…	image amd64 linux main-2.1.2 main 630.3 MB — 1 week ago	6
oracle-python 60e38f540d432ad3b52472df7dc37796761aac1…	image amd64 linux 628.0 MB — 1 week ago	1
oracle-python 37c52bcb34904f1eab6b345d10495a71e2674f6…	image amd64 linux renovate_configure renovate_configure-… 565.9 MB — 9 months ago	0
oracle-python 37c52bcb34904f1eab6b345d10495a71e2674f6…	image amd64 linux renovate_configure renovate_configure-… 565.9 MB — 9 months ago	0
oracle-python fe0c5f9d5e4e930b76c648e571ddac5ca6ca274…	image amd64 linux main-2.1.1 538.8 MB — 1 year ago	114
oracle-python 2531afd718a762a171894fc73beae8cfb3bda4b…	image amd64 linux main-2.1.0 461.6 MB — 1 year ago	3
oracle-python 1941b0ba38db77b4b790f7fbdc3506c4ec09125…	image amd64 linux main-2.0.0 430.9 MB — 1 year, 1 month ago	66
oracle-python d9e6a4671f62b6ab36b46c278c052f81915aeb6…	image amd64 linux 4_merge-2.0.0 4_merge 430.9 MB — 1 year, 1 month ago	0
oracle-python d9e6a4671f62b6ab36b46c278c052f81915aeb6…	image amd64 linux 4_merge-2.0.0 4_merge 430.9 MB — 1 year, 1 month ago	0
oracle-python 71f67715312b37f0e4a2aa580d6bf2fb2bdbf99…	image amd64 linux ethsgm-12 ethsgm-12-2.0.0 430.9 MB — 1 year, 1 month ago	0
oracle-python 71f67715312b37f0e4a2aa580d6bf2fb2bdbf99…	image amd64 linux ethsgm-12 ethsgm-12-2.0.0 430.9 MB — 1 year, 1 month ago	0
oracle-python 94baa841d0023c369d002a8119e559d3dc33df5…	image amd64 linux main-1.0.0 145.9 MB — 1 year, 10 months ago	16
oracle-python 476f1430ef3350576e2fb3ee6feed676cbed59b…	image amd64 linux ethsgm-57 ethsgm-57-2.1.2 630.3 MB — 1 week ago	0
oracle-python 1411216b8dc290c861ef96c8eeb06d6d2ed7e04…	image amd64 linux main-2.1.2 main 630.3 MB — 1 week ago	6
oracle-python 1411216b8dc290c861ef96c8eeb06d6d2ed7e04…	image amd64 linux main-2.1.2 main 630.3 MB — 1 week ago	6
oracle-python 37c52bcb34904f1eab6b345d10495a71e2674f6…	image amd64 linux renovate_configure renovate_configure-… 565.9 MB — 9 months ago	0
oracle-python 37c52bcb34904f1eab6b345d10495a71e2674f6…	image amd64 linux renovate_configure renovate_configure-… 565.9 MB — 9 months ago	0
oracle-python 2531afd718a762a171894fc73beae8cfb3bda4b…	image amd64 linux main-2.1.0 461.6 MB — 1 year ago	3
oracle-python 1941b0ba38db77b4b790f7fbdc3506c4ec09125…	image amd64 linux main-2.0.0 430.9 MB — 1 year, 1 month ago	66

Only packages within the same repository are displayed. The current package you're viewing is highlighted.

Last scanned

1 week ago

Scan result

Vulnerable

Vulnerability count

Max. severity

High

Target:	. (oracle 8.10)
HIGH	CVE-2024-1737: bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. Package Name: bind-export-libs Installed Version: 32:9.11.36-14.el8_10 Fixed Version: 32:9.11.36-16.el8_10.2 References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org kb.isc.org kb.isc.org linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2024-1975: bind9: bind: SIG(0) can be used to exhaust CPU resources If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1. Package Name: bind-export-libs Installed Version: 32:9.11.36-14.el8_10 Fixed Version: 32:9.11.36-16.el8_10.2 References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org kb.isc.org linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2021-40528: libgcrypt: ElGamal implementation allows plaintext recovery The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. Package Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: 10:1.8.5-7.el8_6_fips References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org dev.gnupg.org eprint.iacr.org errata.almalinux.org errata.rockylinux.org git.gnupg.org ibm.github.io ibm.github.io linux.oracle.com linux.oracle.com nvd.nist.gov security.gentoo.org ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-2398: curl: HTTP/2 push headers memory-leak When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application. Package Name: curl Installed Version: 7.61.1-34.el8 Fixed Version: 7.61.1-34.el8_10.2 References: seclists.org seclists.org seclists.org www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com curl.se curl.se errata.almalinux.org hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2021-20231: gnutls: Use after free in client key_share extension A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. Package Name: gnutls Installed Version: 3.6.16-8.el8_9.3 Fixed Version: 10:3.6.16-4.0.1.el8_fips References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.gnutls.org
MEDIUM	CVE-2021-20232: gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. Package Name: gnutls Installed Version: 3.6.16-8.el8_9.3 Fixed Version: 10:3.6.16-4.0.1.el8_fips References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.gnutls.org
MEDIUM	CVE-2021-3580: nettle: Remote crash in RSA decryption via manipulated ciphertext A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. Package Name: gnutls Installed Version: 3.6.16-8.el8_9.3 Fixed Version: 10:3.6.16-4.0.1.el8_fips References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-0553: gnutls: incomplete fix for CVE-2023-5981 A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. Package Name: gnutls Installed Version: 3.6.16-8.el8_9.3 Fixed Version: 10:3.6.16-8.el8_9.1_fips References: www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.com gnutls.org linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.gnupg.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-37370: krb5: GSS message token handling In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. Package Name: krb5-libs Installed Version: 1.18.2-27.0.1.el8_10 Fixed Version: 1.18.2-29.0.1.el8_10 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com web.mit.edu web.mit.edu www.cve.org
MEDIUM	CVE-2024-37371: krb5: GSS message token handling In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. Package Name: krb5-libs Installed Version: 1.18.2-27.0.1.el8_10 Fixed Version: 1.18.2-29.0.1.el8_10 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com web.mit.edu web.mit.edu www.cve.org
MEDIUM	CVE-2024-2398: curl: HTTP/2 push headers memory-leak When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application. Package Name: libcurl Installed Version: 7.61.1-34.el8 Fixed Version: 7.61.1-34.el8_10.2 References: seclists.org seclists.org seclists.org www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com curl.se curl.se errata.almalinux.org hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2021-33560: libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. Package Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: 10:1.8.5-6.el8_fips References: access.redhat.com access.redhat.com dev.gnupg.org dev.gnupg.org dev.gnupg.org dev.gnupg.org eprint.iacr.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org ubuntu.com ubuntu.com www.cve.org www.oracle.com www.oracle.com www.oracle.com www.oracle.com
MEDIUM	CVE-2024-28182: nghttp2: CONTINUATION frames DoS nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability. Package Name: libnghttp2 Installed Version: 1.33.0-5.el8_9 Fixed Version: 1.33.0-6.el8_10.1 References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nowotarski.info nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.kb.cert.org
MEDIUM	CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Package Name: platform-python-setuptools Installed Version: 39.2.0-7.el8 Fixed Version: 39.2.0-8.el8_10 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com huntr.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Package Name: python3-setuptools-wheel Installed Version: 39.2.0-7.el8 Fixed Version: 39.2.0-8.el8_10 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com huntr.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
LOW	CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Package Name: openldap Installed Version: 2.4.46-18.el8 Fixed Version: 2.4.46-19.el8_10 References: seclists.org seclists.org seclists.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org

These instructions assume you have setup the repository first (or read it).

To pull oracle-python @ reference/tag ethsgm-57-2.1.2:

docker pull open-source.docker.xenit.eu/oracle-python:ethsgm-57-2.1.2

You can also pull the latest version of this image (if it exists):

docker pull open-source.docker.xenit.eu/oracle-python:latest

To refer to this image after pulling in a Dockerfile, specify the following:

FROM open-source.docker.xenit.eu/oracle-python:ethsgm-57-2.1.2

Note: You should replace ethsgm-57-2.1.2 with an alternative reference to pull, such as: ethsgm-57.

Still stuck? Need help? Don't panic. Just contact us for help (even if you're not a customer).

Previous Version: 1411216b8dc290c861e…

Next Version: 94baa841d0023c369d0…

oracle-python 476f1430ef3350576e2fb3ee6fe…

One-liner (summary)

Description

License

Size

Downloads

Tags

Last scanned

Scan result

Vulnerability count

Max. severity

CVE-2024-1737: bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam

CVE-2024-1975: bind9: bind: SIG(0) can be used to exhaust CPU resources

CVE-2021-40528: libgcrypt: ElGamal implementation allows plaintext recovery

CVE-2024-2398: curl: HTTP/2 push headers memory-leak

CVE-2021-20231: gnutls: Use after free in client key_share extension

CVE-2021-20232: gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c

CVE-2021-3580: nettle: Remote crash in RSA decryption via manipulated ciphertext

CVE-2024-0553: gnutls: incomplete fix for CVE-2023-5981

CVE-2024-37370: krb5: GSS message token handling

CVE-2024-37371: krb5: GSS message token handling

CVE-2024-2398: curl: HTTP/2 push headers memory-leak

CVE-2021-33560: libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm

CVE-2024-28182: nghttp2: CONTINUATION frames DoS

CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function