[RHSA-2021:4158] python-lxml security update
Severity
Moderate
Affected Packages
4
CVEs
1
lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API.
Security Fix(es):
- python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Package | Affected Version |
---|---|
pkg:rpm/redhat/python3-lxml?arch=x86_64&distro=redhat-8 | < 4.2.3-3.el8 |
pkg:rpm/redhat/python3-lxml?arch=s390x&distro=redhat-8 | < 4.2.3-3.el8 |
pkg:rpm/redhat/python3-lxml?arch=ppc64le&distro=redhat-8 | < 4.2.3-3.el8 |
pkg:rpm/redhat/python3-lxml?arch=aarch64&distro=redhat-8 | < 4.2.3-3.el8 |
- ID
- RHSA-2021:4158
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2021:4158
- Published
-
2021-11-09T00:00:00
(2 years ago) - Modified
-
2021-11-09T00:00:00
(2 years ago) - Rights
- Copyright 2021 Red Hat, Inc.
- Other Advisories
-
- ALAS2-2024-2620
- ALPINE:CVE-2021-28957
- ALSA-2021:4151
- ALSA-2021:4158
- ALSA-2021:4160
- ALSA-2021:4162
- DSA-4880-1
- ELSA-2021-4151
- ELSA-2021-4160
- ELSA-2021-4162
- ELSA-2022-9341
- FEDORA-2021-28723f9670
- FEDORA-2021-4cdb0f68c7
- GLSA-202208-06
- MS:CVE-2021-28957
- openSUSE-SU-2022:0803-1
- PYSEC-2021-19
- RHSA-2021:4151
- RHSA-2021:4160
- RHSA-2021:4162
- RLSA-2021:4151
- RLSA-2021:4160
- RLSA-2021:4162
- SUSE-SU-2022:0803-1
- SUSE-SU-2022:0895-1
- SUSE-SU-2022:1536-1
- SUSE-SU-2022:1729-1
- SUSE-SU-2022:3836-1
- SUSE-SU-2022:3934-1
- SUSE-SU-2022:3937-1
- USN-4896-1
- USN-4896-2
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1941534 | https://bugzilla.redhat.com/1941534 | |
RHSA | RHSA-2021:4158 | https://access.redhat.com/errata/RHSA-2021:4158 | |
CVE | CVE-2021-28957 | https://access.redhat.com/security/cve/CVE-2021-28957 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/python3-lxml?arch=x86_64&distro=redhat-8 | redhat | python3-lxml | < 4.2.3-3.el8 | redhat-8 | x86_64 | |
Affected | pkg:rpm/redhat/python3-lxml?arch=s390x&distro=redhat-8 | redhat | python3-lxml | < 4.2.3-3.el8 | redhat-8 | s390x | |
Affected | pkg:rpm/redhat/python3-lxml?arch=ppc64le&distro=redhat-8 | redhat | python3-lxml | < 4.2.3-3.el8 | redhat-8 | ppc64le | |
Affected | pkg:rpm/redhat/python3-lxml?arch=aarch64&distro=redhat-8 | redhat | python3-lxml | < 4.2.3-3.el8 | redhat-8 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |