[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Change by Steve Dower : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___ ___

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Łukasz Langa added the comment: New changeset 2b97cfdce8df9d0d455f65a22b1e0d34a29dc200 by Miss Islington (bot) in branch '3.8': bpo-46948: Fix launcher installer build failure due to first part of fix (GH-31920) (GH-31924)

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Ned Deily added the comment: New changeset 4a1d65fe8528c3a6e0cf2f4f9d4b58249164589d by Miss Islington (bot) in branch '3.7': bpo-46948: Fix launcher installer build failure due to first part of fix (GH-31920) (GH-31925)

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

miss-islington added the comment: New changeset 70eb9db39817a8f9abef801a2a4a7bb2c7411654 by Miss Islington (bot) in branch '3.9': bpo-46948: Fix launcher installer build failure due to first part of fix (GH-31920)

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

miss-islington added the comment: New changeset 58d30b992d67c8471f79a7307e4c1cda64311e3b by Miss Islington (bot) in branch '3.10': bpo-46948: Fix launcher installer build failure due to first part of fix (GH-31920)

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Change by miss-islington : -- pull_requests: +30016 pull_request: https://github.com/python/cpython/pull/31925 ___ Python tracker ___

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Change by miss-islington : -- pull_requests: +30015 pull_request: https://github.com/python/cpython/pull/31924 ___ Python tracker ___

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Change by miss-islington : -- pull_requests: +30014 pull_request: https://github.com/python/cpython/pull/31923 ___ Python tracker ___

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Change by miss-islington : -- nosy: +miss-islington nosy_count: 8.0 -> 9.0 pull_requests: +30013 pull_request: https://github.com/python/cpython/pull/31922 ___ Python tracker

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Steve Dower added the comment: New changeset 708812085355c92f32e547d1f1d1f29aefbbc27e by Steve Dower in branch 'main': bpo-46948: Fix launcher installer build failure due to first part of fix (GH-31920) https://github.com/python/cpython/commit/708812085355c92f32e547d1f1d1f29aefbbc27e

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Change by Steve Dower : -- pull_requests: +30011 stage: needs patch -> patch review pull_request: https://github.com/python/cpython/pull/31920 ___ Python tracker ___

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Steve Dower added the comment: The fix for this regressed the installer for the py.exe launcher, which breaks our release builds. I'm patching it now. It's going under the same issue number because it will be needed for anyone applying this patch directly and then building the installer

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Steve Dower added the comment: > Is there anything on our end we can do to prevent this kind of issue in the > future? Probably not, I think it's just a lesson learned about the capabilities of the MSI format and its integration with Windows (well, we could hurry up moving everyone to the

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Łukasz Langa added the comment: New changeset cff1b78c1dfb2a62b1e16fabc5f43bc3634d9de7 by Steve Dower in branch '3.8': bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair (GH-31729)

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Gregory P. Smith added the comment: Is there anything on our end we can do to prevent this kind of issue in the future? Am I wrong to see this as just fixing our package to avoid a design flaw in Windows OS level package management? Certainly other packages in the world must run into

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Ned Deily added the comment: New changeset 97476271275a4bd1340230677b7301d7b78b3317 by Steve Dower in branch '3.7': bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair (GH-31730)

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Steve Dower added the comment: New changeset 101a1bee1953b82339115c5e648e1717359c78eb by Steve Dower in branch '3.9': bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair (GH-31728)

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Steve Dower added the comment: New changeset 77446d2aa56e9e3262d9d22473420ff5e907 by Steve Dower in branch 'main': bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair (GH-31726)

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Steve Dower added the comment: New changeset 136842c91b5783e205e217c4855baa9dadd4ad41 by Steve Dower in branch '3.10': bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair (GH-31727)

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Steve Dower added the comment: Yeah, this is fine to still be in alpha 6. Very unlikely that anyone is making it a system-wide default anyway, and certainly not in secure/production systems. -- ___ Python tracker

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Pablo Galindo Salgado added the comment: The 3.11.0a6 release is ongoing. I assume is ok to not block this release on this issue, given that an alpha is inherently unsafe -- ___ Python tracker

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Change by Steve Dower : -- pull_requests: +29847 pull_request: https://github.com/python/cpython/pull/31730 ___ Python tracker ___

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Change by Steve Dower : -- pull_requests: +29846 pull_request: https://github.com/python/cpython/pull/31729 ___ Python tracker ___

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Change by Steve Dower : -- pull_requests: +29845 pull_request: https://github.com/python/cpython/pull/31728 ___ Python tracker ___

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Change by Steve Dower : -- pull_requests: +29844 pull_request: https://github.com/python/cpython/pull/31727 ___ Python tracker ___

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

Change by Steve Dower : -- keywords: +patch pull_requests: +29843 stage: needs patch -> patch review pull_request: https://github.com/python/cpython/pull/31726 ___ Python tracker

[issue46948] [CVE-2022-26488] Escalation of privilege via Windows Installer

New submission from Steve Dower : CVE-2022-26488 is an escalation of privilege vulnerability in the Windows installer for the following releases of CPython: * 3.11.0a6 and earlier * 3.10.2 and earlier * 3.9.10 and earlier * 3.8.12 and earlier * All end-of-life releases of 3.5, 3.6 and 3.7