CVE-2023-3899

Support for security such as Firewalls and securing linux
Post Reply
vvprasadj
Posts: 7
Joined: 2023/07/28 17:12:44

CVE-2023-3899

Post by vvprasadj » 2023/09/15 08:07:06

Does the fix for CVE-2023-3899 already available for CentOS?
If so what is the rpm version exact name?
I have python-syspurpose-1.24.52-2.el7.centos.x86_64 installed, but some scanner tools reporting this as vulnerability.

User avatar
jlehtone
Posts: 4512
Joined: 2007/12/11 08:17:33
Location: Finland

Re: CVE-2023-3899

Post by jlehtone » 2023/09/15 10:14:43

The rpm -q --changelog python-syspurpose | grep -i cve shows nothing,
but rpm -qi python-syspurpose tells:

Code: Select all

Version     : 1.24.52
Release     : 2.el7.centos
Build Date  : Wed 23 Aug 2023
The https://access.redhat.com/errata/RHSA-2023:4701 shows that Red Hat has released
Tue 22 Aug 2023 errata that includes package python-syspurpose-1.24.52-2.el7_9.

Version "1.24.52-2" of package built after RHEL 7 version "1.24.52-2" was released
is very likely equivalent content, i.e. with a fix included.

The latest changelog entry in the CentOS version of the package is after all:

Code: Select all

* Tue Aug 08 2023 Jiri Hnidek <jhnidek@redhat.com> 1.24.52-2
- 2229752: Fix D-Bus policy (jhnidek@redhat.com)
and the CVE-2023-3899 is about D-Bus.

Post Reply