Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Python to 3.11 #1110

Open
sl0wtyper opened this issue Jul 19, 2024 · 1 comment
Open

Update Python to 3.11 #1110

sl0wtyper opened this issue Jul 19, 2024 · 1 comment
Labels
❔ discussion Further discussion is needed

Comments

@sl0wtyper
Copy link

Details

Hello Maintainers - I am hoping to mitigate CVE-2023-24329 present in python3 versions prior to 3.11.4. The python3.vm.nuspec file prevents the updates > 3.11.0.

Info at NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-24329
and at MITRE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24329

PS C:\temp> choco upgrade python3 --version=3.11.9
Chocolatey v2.3.0
Upgrading the following packages:
python3
By upgrading, you accept licenses for the packages.

You have python3 v3.10.11 installed. Version 3.11.9 is available based on your source(s).
[NuGet] One or more unresolved package dependency constraints detected in the Chocolatey lib folder. All dependency constraints must be resolved to add or update packages. If these packages are being updated this message may be ignored, if not the following error(s) may be blocking the current package operation: 'python3.vm 0.0.0.20231019 constraint: python3 (>= 3.10.0 && < 3.11.0)'
Re-attempting package dependency resolution using additional available package information...
[NuGet] One or more unresolved package dependency constraints detected in the Chocolatey lib folder. All dependency constraints must be resolved to add or update packages. If these packages are being updated this message may be ignored, if not the following error(s) may be blocking the current package operation: 'python3.vm 0.0.0.20231019 constraint: python3 (>= 3.10.0 && < 3.11.0)'
Unable to resolve dependency 'python3': Unable to resolve dependencies. 'python3 3.11.9' is not compatible with 'python3.vm 0.0.0.20231019 constraint: python3 (>= 3.10.0 && < 3.11.0)'.

Chocolatey upgraded 0/1 packages. 1 packages failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures
 - python3 - Unable to resolve dependency 'python3': Unable to resolve dependencies. 'python3 3.11.9' is not compatible with 'python3.vm 0.0.0.20231019 constraint: python3 (>= 3.10.0 && < 3.11.0)'.
PS C:\temp>
@Ana06 Ana06 added the ❔ discussion Further discussion is needed label Jul 22, 2024
@Ana06
Copy link
Member

Ana06 commented Jul 22, 2024

Note our packages should only be installed in a virtual machine. In the case of FLARE-VM, I prefer not to install security patches as it ensures that malware exploiting them work, which normally makes the analysis easier.

Note also that in order to update to Python 3.11 we need to ensure all Python libraries and tools we install currently work in Python 3.11 as well.

@Ana06 Ana06 changed the title Allow updating python3 > 3.11.0 Update Python to 3.11 Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
❔ discussion Further discussion is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Ana06 @sl0wtyper