[RLSA-2021:4162] python38:3.8 and python38-devel:3.8 security update
An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe, python-pluggy, python-py, Cython, python-psutil, python-wcwidth, babel, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
python-psutil: Double free because of refcount mishandling (CVE-2019-18874)
python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)
python: Information disclosure via pydoc (CVE-2021-3426)
python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)
python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336)
python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)
python-ipaddress: Improper input validation of octal strings (CVE-2021-29921)
python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503)
python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.
- ID
- RLSA-2021:4162
- Severity
- moderate
- URL
- https://errata.rockylinux.org/RLSA-2021:4162
- Published
-
2021-11-09T12:47:54
(2 years ago) - Modified
-
2023-02-02T13:32:17
(19 months ago) - Rights
- Copyright 2023 Rocky Enterprise Software Foundation
- Other Advisories
-
- ALAS-2021-1498
- ALAS-2021-1500
- ALAS-2021-1504
- ALAS-2022-1593
- ALAS-2023-1720
- ALAS2-2021-1640
- ALAS2-2021-1670
- ALAS2-2021-1688
- ALAS2-2022-1742
- ALAS2-2022-1802
- ALAS2-2023-2010
- ALAS2-2023-2317
- ALAS2-2024-2620
- ALPINE:CVE-2019-18874
- ALPINE:CVE-2020-28493
- ALPINE:CVE-2021-23336
- ALPINE:CVE-2021-28957
- ALPINE:CVE-2021-29921
- ALPINE:CVE-2021-3426
- ALPINE:CVE-2021-42771
- ALSA-2021:1633
- ALSA-2021:4151
- ALSA-2021:4158
- ALSA-2021:4160
- ALSA-2021:4161
- ALSA-2021:4162
- ALSA-2021:4201
- ALSA-2021:4324
- ALSA-2021:4399
- ALSA-2021:4455
- ASA-202102-19
- ASA-202102-28
- ASA-202102-37
- ASA-202105-15
- ASA-202106-25
- DSA-4880-1
- DSA-5018-1
- ELSA-2021-1633
- ELSA-2021-4151
- ELSA-2021-4160
- ELSA-2021-4162
- ELSA-2021-4201
- ELSA-2021-4324
- ELSA-2021-4399
- ELSA-2021-4455
- ELSA-2021-9562
- ELSA-2022-9341
- ELSA-2023-12349
- FEDORA-2020-021fb887ac
- FEDORA-2020-a06ebafad8
- FEDORA-2021-067c9deff1
- FEDORA-2021-0a8f3ffbc0
- FEDORA-2021-12df7f7382
- FEDORA-2021-1769a23935
- FEDORA-2021-1bb399a5af
- FEDORA-2021-28723f9670
- FEDORA-2021-2897f5366c
- FEDORA-2021-2ab6f060d9
- FEDORA-2021-2ab8ebcabc
- FEDORA-2021-309bc2e727
- FEDORA-2021-3352c1c802
- FEDORA-2021-4cdb0f68c7
- FEDORA-2021-5a09621ebb
- FEDORA-2021-7547ad987f
- FEDORA-2021-7c1bb32d13
- FEDORA-2021-7d3a9004e2
- FEDORA-2021-7e2a143808
- FEDORA-2021-907f3bacae
- FEDORA-2021-98720f3785
- FEDORA-2021-9c5f3b8aae
- FEDORA-2021-a26257ccf5
- FEDORA-2021-a311bf10d4
- FEDORA-2021-a499f89369
- FEDORA-2021-a6bde7ab18
- FEDORA-2021-b14975e43d
- FEDORA-2021-b1843407ca
- FEDORA-2021-b326fcb83f
- FEDORA-2021-b6b6093b3a
- FEDORA-2021-b76ede8f4d
- FEDORA-2021-e22bb0e548
- FEDORA-2021-e525e48886
- FEDORA-2021-ef83e8525a
- FEDORA-2021-f4fd9372c7
- FREEBSD:374793AD-2720-4C4A-B86C-FC4A1780DEAC
- FREEBSD:F671C282-95EF-11EB-9C34-080027F515EA
- GLSA-202104-04
- GLSA-202107-19
- GLSA-202107-36
- GLSA-202208-03
- GLSA-202208-06
- GLSA-202305-02
- GLSA-202402-04
- MS:CVE-2019-18874
- MS:CVE-2020-27619
- MS:CVE-2020-28493
- MS:CVE-2021-23336
- MS:CVE-2021-28957
- MS:CVE-2021-33503
- MS:CVE-2021-3572
- MS:CVE-2021-42771
- openSUSE-SU-2020:2332-1
- openSUSE-SU-2020:2333-1
- openSUSE-SU-2021:0435-1
- openSUSE-SU-2021:1553-1
- openSUSE-SU-2021:1598-1
- openSUSE-SU-2021:2012-1
- openSUSE-SU-2021:3945-1
- openSUSE-SU-2021:4001-1
- openSUSE-SU-2021:4002-1
- openSUSE-SU-2021:4104-1
- openSUSE-SU-2022:0064-1
- openSUSE-SU-2022:0803-1
- openSUSE-SU-2022:0942-1
- openSUSE-SU-2022:1091-1
- PYSEC-2019-41
- PYSEC-2021-108
- PYSEC-2021-19
- PYSEC-2021-421
- PYSEC-2021-437
- PYSEC-2021-66
- RHSA-2021:1633
- RHSA-2021:4151
- RHSA-2021:4158
- RHSA-2021:4160
- RHSA-2021:4161
- RHSA-2021:4162
- RHSA-2021:4201
- RHSA-2021:4324
- RHSA-2021:4399
- RHSA-2021:4455
- RLSA-2021:4151
- RLSA-2021:4160
- RLSA-2021:4161
- RLSA-2021:4201
- RLSA-2021:4324
- SUSE-SU-2019:3068-1
- SUSE-SU-2020:1901-1
- SUSE-SU-2020:3865-1
- SUSE-SU-2020:3930-1
- SUSE-SU-2021:0601-1
- SUSE-SU-2021:0602-1
- SUSE-SU-2021:0603-1
- SUSE-SU-2021:0607-1
- SUSE-SU-2021:0654-1
- SUSE-SU-2021:0768-1
- SUSE-SU-2021:0794-1
- SUSE-SU-2021:0886-1
- SUSE-SU-2021:0887-1
- SUSE-SU-2021:0947-1
- SUSE-SU-2021:1490-1
- SUSE-SU-2021:1557-1
- SUSE-SU-2021:1621-1
- SUSE-SU-2021:1962-1
- SUSE-SU-2021:2012-1
- SUSE-SU-2021:2195-1
- SUSE-SU-2021:2304-1
- SUSE-SU-2021:2441-1
- SUSE-SU-2021:2554-1
- SUSE-SU-2021:2940-1
- SUSE-SU-2021:3486-1
- SUSE-SU-2021:3945-1
- SUSE-SU-2021:4001-1
- SUSE-SU-2021:4002-1
- SUSE-SU-2021:4015-1
- SUSE-SU-2021:4015-2
- SUSE-SU-2021:4051-1
- SUSE-SU-2021:4104-1
- SUSE-SU-2021:4161-1
- SUSE-SU-2022:0028-1
- SUSE-SU-2022:0029-1
- SUSE-SU-2022:0060-1
- SUSE-SU-2022:0064-1
- SUSE-SU-2022:0803-1
- SUSE-SU-2022:0895-1
- SUSE-SU-2022:0942-1
- SUSE-SU-2022:0942-2
- SUSE-SU-2022:1044-1
- SUSE-SU-2022:1091-1
- SUSE-SU-2022:1094-1
- SUSE-SU-2022:1485-1
- SUSE-SU-2022:1536-1
- SUSE-SU-2022:1729-1
- SUSE-SU-2022:2351-1
- SUSE-SU-2022:3590-1
- SUSE-SU-2022:3836-1
- SUSE-SU-2022:3934-1
- SUSE-SU-2022:3937-1
- USN-4204-1
- USN-4742-1
- USN-4754-1
- USN-4754-3
- USN-4896-1
- USN-4896-2
- USN-4961-2
- USN-4962-1
- USN-4973-1
- USN-4973-2
- USN-5342-1
- USN-5342-3
- USN-5701-1
- USN-5812-1
- USN-6599-1
- USN-6891-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/rockylinux/python38-wheel?arch=noarch&distro=rockylinux-8.5 | rockylinux | python38-wheel | < 0.33.6-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/python38-wheel-wheel?arch=noarch&distro=rockylinux-8.5 | rockylinux | python38-wheel-wheel | < 0.33.6-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/python38-wcwidth?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-wcwidth | < 0.1.7-16.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-urllib3?arch=noarch&distro=rockylinux-8.5 | rockylinux | python38-urllib3 | < 1.25.7-5.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/python38-six?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-six | < 1.12.0-10.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-setuptools?arch=noarch&distro=rockylinux-8.5 | rockylinux | python38-setuptools | < 41.6.0-5.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/python38-setuptools-wheel?arch=noarch&distro=rockylinux-8.5 | rockylinux | python38-setuptools-wheel | < 41.6.0-5.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/python38-scipy?arch=x86_64&distro=rockylinux-8.5 | rockylinux | python38-scipy | < 1.3.1-4.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-scipy?arch=aarch64&distro=rockylinux-8.5 | rockylinux | python38-scipy | < 1.3.1-4.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-requests?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-requests | < 2.22.0-9.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-pyyaml?arch=x86_64&distro=rockylinux-8.5 | rockylinux | python38-pyyaml | < 5.4.1-1.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-pyyaml?arch=aarch64&distro=rockylinux-8.5 | rockylinux | python38-pyyaml | < 5.4.1-1.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-pytz?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-pytz | < 2019.3-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-pytest?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-pytest | < 4.6.6-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-pysocks?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-pysocks | < 1.7.1-4.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-pyparsing?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-pyparsing | < 2.4.5-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-PyMySQL?arch=noarch&distro=rockylinux-8.5 | rockylinux | python38-PyMySQL | < 0.10.1-1.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/python38-pycparser?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-pycparser | < 2.19-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-py?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-py | < 1.8.0-8.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-psycopg2?arch=x86_64&distro=rockylinux-8.6 | rockylinux | python38-psycopg2 | < 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-psycopg2?arch=aarch64&distro=rockylinux-8.6 | rockylinux | python38-psycopg2 | < 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-psycopg2-tests?arch=x86_64&distro=rockylinux-8.6 | rockylinux | python38-psycopg2-tests | < 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-psycopg2-tests?arch=aarch64&distro=rockylinux-8.6 | rockylinux | python38-psycopg2-tests | < 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-psycopg2-doc?arch=x86_64&distro=rockylinux-8.6 | rockylinux | python38-psycopg2-doc | < 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-psycopg2-doc?arch=aarch64&distro=rockylinux-8.6 | rockylinux | python38-psycopg2-doc | < 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-psutil?arch=x86_64&distro=rockylinux-8.5 | rockylinux | python38-psutil | < 5.6.4-4.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-psutil?arch=aarch64&distro=rockylinux-8.5 | rockylinux | python38-psutil | < 5.6.4-4.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-ply?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-ply | < 3.11-10.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-pluggy?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-pluggy | < 0.13.0-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-packaging?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-packaging | < 19.2-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-numpy?arch=x86_64&distro=rockylinux-8.5 | rockylinux | python38-numpy | < 1.17.3-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-numpy?arch=aarch64&distro=rockylinux-8.5 | rockylinux | python38-numpy | < 1.17.3-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-numpy-f2py?arch=x86_64&distro=rockylinux-8.5 | rockylinux | python38-numpy-f2py | < 1.17.3-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-numpy-f2py?arch=aarch64&distro=rockylinux-8.5 | rockylinux | python38-numpy-f2py | < 1.17.3-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-numpy-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux | python38-numpy-doc | < 1.17.3-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/python38-more-itertools?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-more-itertools | < 7.2.0-5.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-markupsafe?arch=x86_64&distro=rockylinux-8.4 | rockylinux | python38-markupsafe | < 1.1.1-6.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-markupsafe?arch=aarch64&distro=rockylinux-8.4 | rockylinux | python38-markupsafe | < 1.1.1-6.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-idna?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-idna | < 2.8-6.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-Cython?arch=x86_64&distro=rockylinux-8.4 | rockylinux | python38-Cython | < 0.29.14-4.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-Cython?arch=aarch64&distro=rockylinux-8.4 | rockylinux | python38-Cython | < 0.29.14-4.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-cryptography?arch=x86_64&distro=rockylinux-8.5 | rockylinux | python38-cryptography | < 2.8-3.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-cryptography?arch=aarch64&distro=rockylinux-8.5 | rockylinux | python38-cryptography | < 2.8-3.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-chardet?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-chardet | < 3.0.4-19.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-cffi?arch=x86_64&distro=rockylinux-8.4 | rockylinux | python38-cffi | < 1.13.2-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | x86_64 | |
Affected | pkg:rpm/rockylinux/python38-cffi?arch=aarch64&distro=rockylinux-8.4 | rockylinux | python38-cffi | < 1.13.2-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | aarch64 | |
Affected | pkg:rpm/rockylinux/python38-babel?arch=noarch&distro=rockylinux-8.5 | rockylinux | python38-babel | < 2.7.0-11.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
Affected | pkg:rpm/rockylinux/python38-attrs?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-attrs | < 19.3.0-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-atomicwrites?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-atomicwrites | < 1.3.0-8.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
Affected | pkg:rpm/rockylinux/python38-asn1crypto?arch=noarch&distro=rockylinux-8.4 | rockylinux | python38-asn1crypto | < 1.2.0-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |