Cloudsmith - Repositories - Xenit Solutions (xenit) - open-source (open-source) - oracle-python

Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package _(implicit)
name:my-package _(explicit)

Search by package filename:
my-package.ext _(implicit)
filename:my-package.ext _(explicit)

Search by package tag:
latest _(implicit)
tag:latest _(explicit)

Search by package version:
1.0.0 _(implicit)
version:1.0.0 _(explicit)
prerelease:true _{(prereleases)}
prerelease:false _{(no prereleases)}

Search by package architecture:
architecture:x86_64

Search by package distribution:
distribution:el

Search by package license:
license:MIT

Search by package format:
format:deb

Search by package status:
status:in_progress

Search by package file checksum:
checksum:5afba

Search by package security status:
severity:critical

Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000

Search by # of package downloads:
downloads:>8
downloads:<100

Search by package type:
type:binary
type:source

Search by package size (bytes):
size:>50000
size:<10000

Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0

Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Go, Helm, Hex, LuaRocks, Maven, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial

Set Me Up

Open-Source — xenit (Xenit Solutions) / open-source — GitHub Project

A certifiably-awesome open-source package repository curated by Xenit Solutions, hosted by Cloudsmith.

Note: Packages in this repository are licensed as Apache License 2.0 (dependencies may be licensed differently).

oracle-python 60e38f540d432ad3b52472df7dc…

Download

One-liner (summary)

A certifiably-awesome package curated by github, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by github, hosted by Cloudsmith.

License

Unknown

Size

628.0 MB

Downloads

Tags

image amd64 linux

Status	Completed
Checksum (MD5)	b540caf77497e6a921505c84727e99e2
Checksum (SHA-1)	dbae3c9e0a596ab74b40260f4fdd45c1ca5bd719
Checksum (SHA-256)	60e38f540d432ad3b52472df7dc37796761aac10c8f7ce07ac77f3fed2e06082
Checksum (SHA-512)	518e1bb2e16aa0c914ceecc652e89b8553c90a343ad21f696fcaf314abac28643d…
GPG Signature	Download
GPG Fingerprint	14470fdf36fd6dc2f943a5fad23c41a52ddef4fa
Storage Region	Frankfurt, Germany
Type	Binary (contains binaries and binary artifacts)
Uploaded At	1 week, 1 day ago
Uploaded By
Slug Id	oracle-python-fdy3
Unique Id	1fmXahPoNXGh
Version (Raw)	60e38f540d432ad3b52472df7dc37796761aac10c8f7ce07ac77f3fed2e06082
Version (Parsed)	Type: Unknown
	docker-specific metadata
Image Digest	sha256:60e38f540d432ad3b52472df7dc37796761aac10c8f7ce07ac77f3fed2e06082
Config Digest	sha256:9c951bbc421cd4624ab34b9417601d2a722819b46d67c474d75c574c87332a2e
V1 OCI Index Digest	sha256:be7e65f3220d8f79a2c1ee80831defafb2b2b2e82faa6dde32d8dbc00ca73299
V1 Distribution (Signed) Digest	sha256:043af287e34d87caa5c64a3c24b8499692782ce23efa75511394abe6fb2fc799
V1 OCI Digest	sha256:fd3f792c5a60d921598dd8b77336fe0e616c669d165fd5ae90b022064a6404ca
V2 Distribution List Digest	sha256:990f196abbddef37c62af6e50d5994e94722e23ed2bb7b3e960588f3960a37a4
V1 Distribution Digest	sha256:1fd465cd6c4729fd8414350b68da93e7b62af599400f2e293443e4d6108fbf90
V2 Distribution Digest	sha256:60e38f540d432ad3b52472df7dc37796761aac10c8f7ce07ac77f3fed2e06082
	extended metadata
Manifest Type	V2 Distribution
Architecture	amd64
Config	Args Escaped Attach Stderr Attach Stdin Attach Stdout Cmd sqlplus -v Env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Image sha256:adb06cef1abf55b5c775a09cbd218fd7971f9d04332da39baf48b57457a3489c Labels 'eu.xenit.gradle.docker.git.origin' 'https://github.com/xenit-eu/oracle-python' Labels 'eu.xenit.gradle.docker.git.commit.author' 'Wim Fabri <wim.fabri@xenit.eu>' Labels 'eu.xenit.gradle.docker.git.commit.id' '352c36320fe43d3a84411132ea1f9bb1f3f46ec0' Labels 'eu.xenit.gradle.docker.git.commit.url' 'https://github.com/xenit-eu/oracle-python/commit/352c36320fe43d3a84411132ea1f9bb1f3f46ec0' Labels 'eu.xenit.gradle.docker.git.branch' 'main' Open Stdin Stdin Once Tty
Container	dad8f78ebdf67ec485758a296b56336bb17a6fe4dba2414057d1b02c5cf3111e
Container Config	Args Escaped Attach Stderr Attach Stdin Attach Stdout Cmd /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.origin=https://github.com/xenit-eu/oracle-python Env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Hostname dad8f78ebdf6 Image sha256:adb06cef1abf55b5c775a09cbd218fd7971f9d04332da39baf48b57457a3489c Labels 'eu.xenit.gradle.docker.git.origin' 'https://github.com/xenit-eu/oracle-python' Labels 'eu.xenit.gradle.docker.git.commit.author' 'Wim Fabri <wim.fabri@xenit.eu>' Labels 'eu.xenit.gradle.docker.git.commit.id' '352c36320fe43d3a84411132ea1f9bb1f3f46ec0' Labels 'eu.xenit.gradle.docker.git.commit.url' 'https://github.com/xenit-eu/oracle-python/commit/352c36320fe43d3a84411132ea1f9bb1f3f46ec0' Labels 'eu.xenit.gradle.docker.git.branch' 'main' Open Stdin Stdin Once Tty
Created	2024-09-11 15:47:32 UTC
Docker Version	26.1.3
Os	linux

This package was uploaded with the following V2 Distribution manifest:

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 4486,
      "digest": "sha256:c3c942664424c4fcb7fc219d9a6a68e1fa9b73aca7a88593f17e52f35ffd90bf"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 100715124,
         "digest": "sha256:adaa90b6e671c8dbb4f88a663eaaed9a3ddd87cbc357d4e20b81dbd79ad86375"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 87337795,
         "digest": "sha256:549f5fee1e60d8da1d45060a8d79dac3230541bb47fc56c3ccda0d872b99c37b"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 453281529,
         "digest": "sha256:4699d25e2d7fa7f81992cdf7540fbf7c01d0bf629f26b3be69b956c8c09582b5"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 17219323,
         "digest": "sha256:07764087102640b78d4e482c77c0f6a7da00388f65252fd7e234ca98f0c683dc"
      }
   ]
}

	Digest: sha256:adaa90b6e671c8dbb4f88a663eaaed9a3ddd87cbc357d4e20b81dbd79ad86375 Command: /bin/sh -c #(nop) ADD file:0a3a9e560f49471ac4b4a04d79e5a1656dcd3d69171fba02bbe289545bb48815 in /	96.0 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) CMD ["/bin/bash"]	32 bytes
	Digest: sha256:549f5fee1e60d8da1d45060a8d79dac3230541bb47fc56c3ccda0d872b99c37b Command: RUN /bin/sh -c dnf -y install oracle-instantclient-release-el8 && dnf -y install oracle-instantclient-basic oracle-instantclient-devel oracle-instantclient-sqlplus && rm -rf /var/cache/dnf # buildkit	83.3 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: CMD ["sqlplus" "-v"]	32 bytes
	Digest: sha256:4699d25e2d7fa7f81992cdf7540fbf7c01d0bf629f26b3be69b956c8c09582b5 Command: /bin/sh -c yum install -y oracle-epel-release-el8 && yum install -y python3.11 python3.11-devel python3.11-pip gcc-c++	432.3 MB
	Digest: sha256:07764087102640b78d4e482c77c0f6a7da00388f65252fd7e234ca98f0c683dc Command: /bin/sh -c pip3.11 install cx_Oracle requests 'sqlalchemy<2.0.0' records && yum remove -y gcc-c++ && rm -rf /root/.cache /usr/lib/python3*/__pycache && rm -rf /var/cache/yum	16.4 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.branch=main	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.commit.author=Wim Fabri <wim.fabri@xenit.eu>	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.commit.id=352c36320fe43d3a84411132ea1f9bb1f3f46ec0	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.commit.url=https://github.com/xenit-eu/oracle-python/commit/352c36320fe43d3a84411132ea1f9bb1f3f46ec0	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL eu.xenit.gradle.docker.git.origin=https://github.com/xenit-eu/oracle-python	32 bytes

oracle-python 37c52bcb34904f1eab6b345d10495a71e2674f6…	image amd64 linux renovate_configure renovate_configure-… 565.9 MB — 9 months ago	0
oracle-python 37c52bcb34904f1eab6b345d10495a71e2674f6…	image amd64 linux renovate_configure renovate_configure-… 565.9 MB — 9 months ago	0
oracle-python fe0c5f9d5e4e930b76c648e571ddac5ca6ca274…	image amd64 linux main-2.1.1 538.8 MB — 1 year ago	114
oracle-python 2531afd718a762a171894fc73beae8cfb3bda4b…	image amd64 linux main-2.1.0 461.6 MB — 1 year ago	3
oracle-python 1941b0ba38db77b4b790f7fbdc3506c4ec09125…	image amd64 linux main-2.0.0 430.9 MB — 1 year, 1 month ago	66
oracle-python d9e6a4671f62b6ab36b46c278c052f81915aeb6…	image amd64 linux 4_merge-2.0.0 4_merge 430.9 MB — 1 year, 1 month ago	0
oracle-python d9e6a4671f62b6ab36b46c278c052f81915aeb6…	image amd64 linux 4_merge-2.0.0 4_merge 430.9 MB — 1 year, 1 month ago	0
oracle-python 71f67715312b37f0e4a2aa580d6bf2fb2bdbf99…	image amd64 linux ethsgm-12 ethsgm-12-2.0.0 430.9 MB — 1 year, 1 month ago	0
oracle-python 71f67715312b37f0e4a2aa580d6bf2fb2bdbf99…	image amd64 linux ethsgm-12 ethsgm-12-2.0.0 430.9 MB — 1 year, 1 month ago	0
oracle-python 94baa841d0023c369d002a8119e559d3dc33df5…	image amd64 linux main-1.0.0 145.9 MB — 1 year, 10 months ago	16
oracle-python 60e38f540d432ad3b52472df7dc37796761aac1…	image amd64 linux 628.0 MB — 1 week, 1 day ago	1
oracle-python 1411216b8dc290c861ef96c8eeb06d6d2ed7e04…	image amd64 linux main-2.1.2 main 630.3 MB — 1 week ago	6
oracle-python 1411216b8dc290c861ef96c8eeb06d6d2ed7e04…	image amd64 linux main-2.1.2 main 630.3 MB — 1 week ago	6
oracle-python 476f1430ef3350576e2fb3ee6feed676cbed59b…	image amd64 linux ethsgm-57 ethsgm-57-2.1.2 630.3 MB — 1 week, 1 day ago	0
oracle-python 476f1430ef3350576e2fb3ee6feed676cbed59b…	image amd64 linux ethsgm-57 ethsgm-57-2.1.2 630.3 MB — 1 week, 1 day ago	0
oracle-python 37c52bcb34904f1eab6b345d10495a71e2674f6…	image amd64 linux renovate_configure renovate_configure-… 565.9 MB — 9 months ago	0
oracle-python 37c52bcb34904f1eab6b345d10495a71e2674f6…	image amd64 linux renovate_configure renovate_configure-… 565.9 MB — 9 months ago	0
oracle-python 2531afd718a762a171894fc73beae8cfb3bda4b…	image amd64 linux main-2.1.0 461.6 MB — 1 year ago	3
oracle-python 1941b0ba38db77b4b790f7fbdc3506c4ec09125…	image amd64 linux main-2.0.0 430.9 MB — 1 year, 1 month ago	66
oracle-python d9e6a4671f62b6ab36b46c278c052f81915aeb6…	image amd64 linux 4_merge-2.0.0 4_merge 430.9 MB — 1 year, 1 month ago	0

Only packages within the same repository are displayed. The current package you're viewing is highlighted.

Last scanned

1 week, 1 day ago

Scan result

Vulnerable

Vulnerability count

Max. severity

High

Target:	. (oracle 8.10)
HIGH	CVE-2024-1737: bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. Package Name: bind-export-libs Installed Version: 32:9.11.36-14.el8_10 Fixed Version: 32:9.11.36-16.el8_10.2 References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org kb.isc.org kb.isc.org linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2024-1975: bind9: bind: SIG(0) can be used to exhaust CPU resources If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1. Package Name: bind-export-libs Installed Version: 32:9.11.36-14.el8_10 Fixed Version: 32:9.11.36-16.el8_10.2 References: www.openwall.com www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org kb.isc.org linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2021-40528: libgcrypt: ElGamal implementation allows plaintext recovery The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP. Package Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: 10:1.8.5-7.el8_6_fips References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org dev.gnupg.org eprint.iacr.org errata.almalinux.org errata.rockylinux.org git.gnupg.org ibm.github.io ibm.github.io linux.oracle.com linux.oracle.com nvd.nist.gov security.gentoo.org ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-2398: curl: HTTP/2 push headers memory-leak When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application. Package Name: curl Installed Version: 7.61.1-34.el8 Fixed Version: 7.61.1-34.el8_10.2 References: seclists.org seclists.org seclists.org www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com curl.se curl.se errata.almalinux.org hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2021-20231: gnutls: Use after free in client key_share extension A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences. Package Name: gnutls Installed Version: 3.6.16-8.el8_9.3 Fixed Version: 10:3.6.16-4.0.1.el8_fips References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.gnutls.org
MEDIUM	CVE-2021-20232: gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences. Package Name: gnutls Installed Version: 3.6.16-8.el8_9.3 Fixed Version: 10:3.6.16-4.0.1.el8_fips References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.com linux.oracle.com linux.oracle.com lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.apache.org lists.fedoraproject.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.gnutls.org
MEDIUM	CVE-2021-3580: nettle: Remote crash in RSA decryption via manipulated ciphertext A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. Package Name: gnutls Installed Version: 3.6.16-8.el8_9.3 Fixed Version: 10:3.6.16-4.0.1.el8_fips References: access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-0553: gnutls: incomplete fix for CVE-2023-5981 A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. Package Name: gnutls Installed Version: 3.6.16-8.el8_9.3 Fixed Version: 10:3.6.16-8.el8_9.1_fips References: www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.com gnutls.org linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.gnupg.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2024-37370: krb5: GSS message token handling In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. Package Name: krb5-libs Installed Version: 1.18.2-27.0.1.el8_10 Fixed Version: 1.18.2-29.0.1.el8_10 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com web.mit.edu web.mit.edu www.cve.org
MEDIUM	CVE-2024-37371: krb5: GSS message token handling In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields. Package Name: krb5-libs Installed Version: 1.18.2-27.0.1.el8_10 Fixed Version: 1.18.2-29.0.1.el8_10 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com web.mit.edu web.mit.edu www.cve.org
MEDIUM	CVE-2024-2398: curl: HTTP/2 push headers memory-leak When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application. Package Name: libcurl Installed Version: 7.61.1-34.el8 Fixed Version: 7.61.1-34.el8_10.2 References: seclists.org seclists.org seclists.org www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com curl.se curl.se errata.almalinux.org hackerone.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2021-33560: libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. Package Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: 10:1.8.5-6.el8_fips References: access.redhat.com access.redhat.com dev.gnupg.org dev.gnupg.org dev.gnupg.org dev.gnupg.org eprint.iacr.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org ubuntu.com ubuntu.com www.cve.org www.oracle.com www.oracle.com www.oracle.com www.oracle.com
MEDIUM	CVE-2024-28182: nghttp2: CONTINUATION frames DoS nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability. Package Name: libnghttp2 Installed Version: 1.33.0-5.el8_9 Fixed Version: 1.33.0-6.el8_10.1 References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nowotarski.info nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.kb.cert.org
MEDIUM	CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Package Name: platform-python-setuptools Installed Version: 39.2.0-7.el8 Fixed Version: 39.2.0-8.el8_10 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com huntr.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Package Name: python3-setuptools-wheel Installed Version: 39.2.0-7.el8 Fixed Version: 39.2.0-8.el8_10 References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com huntr.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
LOW	CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Package Name: openldap Installed Version: 2.4.46-18.el8 Fixed Version: 2.4.46-19.el8_10 References: seclists.org seclists.org seclists.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org

These instructions assume you have setup the repository first (or read it).

To pull oracle-python @ reference/tag sha256:60e38f540d432ad3b52472df7dc37796761aac10c8f7ce07ac77f3fed2e06082:

docker pull open-source.docker.xenit.eu/oracle-python@sha256:60e38f540d432ad3b52472df7dc37796761aac10c8f7ce07ac77f3fed2e06082

You can also pull the latest version of this image (if it exists):

docker pull open-source.docker.xenit.eu/oracle-python:latest

To refer to this image after pulling in a Dockerfile, specify the following:

FROM open-source.docker.xenit.eu/oracle-python@sha256:60e38f540d432ad3b52472df7dc37796761aac10c8f7ce07ac77f3fed2e06082

Still stuck? Need help? Don't panic. Just contact us for help (even if you're not a customer).

Previous Version: 1411216b8dc290c861e…

Next Version: 94baa841d0023c369d0…

oracle-python 60e38f540d432ad3b52472df7dc…

One-liner (summary)

Description

License

Size

Downloads

Tags

Last scanned

Scan result

Vulnerability count

Max. severity

CVE-2024-1737: bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam

CVE-2024-1975: bind9: bind: SIG(0) can be used to exhaust CPU resources

CVE-2021-40528: libgcrypt: ElGamal implementation allows plaintext recovery

CVE-2024-2398: curl: HTTP/2 push headers memory-leak

CVE-2021-20231: gnutls: Use after free in client key_share extension

CVE-2021-20232: gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c

CVE-2021-3580: nettle: Remote crash in RSA decryption via manipulated ciphertext

CVE-2024-0553: gnutls: incomplete fix for CVE-2023-5981

CVE-2024-37370: krb5: GSS message token handling

CVE-2024-37371: krb5: GSS message token handling

CVE-2024-2398: curl: HTTP/2 push headers memory-leak

CVE-2021-33560: libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm

CVE-2024-28182: nghttp2: CONTINUATION frames DoS

CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function