Advisories » MGASA-2024-0299

Updated python-tqdm package fixes security vulnerability

Publication date: 13 Sep 2024
Modification date: 13 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-34062

Description

Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`,
`--manpath`) are passed through python's `eval`, allowing arbitrary code
execution. This issue is only locally exploitable.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33533
• https://lists.suse.com/pipermail/sle-security-updates/2024-August/019257.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34062

SRPMS

9/core

• python-tqdm-4.64.1-2.1.mga9