![]() ![]() This was a potential privilege escalation. This prevents Linux CVE-2022-42919 (potential privilege escalation) as abstract sockets have no permissions and could allow any user on the system in the same network namespace (often the whole system) to inject code into the multiprocessing forkserver process. Only code that chooses to use the “forkserver” start method is affected. gh-97514: On Linux the multiprocessing module returns to using filesystem backed unix domain sockets for communication with the forkserver process instead of the Linux abstract socket namespace. ![]() Some protocols such as urllib http 3xx redirects potentially allow for an attacker to supply such a name. This prevents a potential CPU denial of service if an out-of-spec excessive length hostname involving bidirectional characters were decoded. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |