CVE-2023-6597: 
Rocky Linux vulnerability analysis and mitigation

A vulnerability was discovered in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The issue involves the class dereferencing symlinks during cleanup of permissions-related errors (Python Security, NVD).

The vulnerability occurs in the tempfile.TemporaryDirectory class's cleanup functionality. When handling permission-related errors during cleanup, the class would incorrectly dereference symbolic links instead of operating on the symlinks themselves. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N (Red Hat CVE).

Users who can run privileged programs are potentially able to modify permissions of files referenced by symlinks in certain circumstances. This could lead to unauthorized permission modifications of files that are linked to by symlinks within temporary directories (Python Security).

The issue has been fixed in multiple Python versions through security updates. The fix ensures that the tempfile.TemporaryDirectory class no longer dereferences symlinks when working around file system permission errors. Updates are available for Python versions 3.12, 3.11, 3.10, 3.9, and 3.8 (Python Commits).