[RLSA-2021:4162] python38:3.8 and python38-devel:3.8 security update
Severity
Moderate
Affected Packages
50
CVEs
11
An update is available for python-more-itertools, pytest, python-psycopg2, python-lxml, python-PyMySQL, python3x-six, python-urllib3, PyYAML, python-attrs, python-jinja2, python-requests, python-atomicwrites, mod_wsgi, python3x-pip, python38, python-asn1crypto, python-chardet, python-markupsafe, python-pluggy, python-py, Cython, python-psutil, python-wcwidth, babel, python-ply, python-wheel, python3x-pyparsing, python-pysocks, python-pycparser, python3x-setuptools, python-cffi, pytz, python-cryptography, scipy, python-idna, numpy, python-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
python-psutil: Double free because of refcount mishandling (CVE-2019-18874)
python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)
python: Information disclosure via pydoc (CVE-2021-3426)
python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)
python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336)
python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)
python-ipaddress: Improper input validation of octal strings (CVE-2021-29921)
python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503)
python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.
- ID
- RLSA-2021:4162
- Severity
- moderate
- URL
- https://errata.rockylinux.org/RLSA-2021:4162
- Published
-
2021-11-09T12:47:54
(2 years ago) - Modified
-
2023-02-02T13:32:17
(19 months ago) - Rights
- Copyright 2023 Rocky Enterprise Software Foundation
- Other Advisories
-
-
ALAS-2021-1498
-
ALAS-2021-1500
-
ALAS-2021-1504
-
ALAS-2022-1593
-
ALAS-2023-1720
-
ALAS2-2021-1640
-
ALAS2-2021-1670
-
ALAS2-2021-1688
-
ALAS2-2022-1742
-
ALAS2-2022-1802
-
ALAS2-2023-2010
-
ALAS2-2023-2317
-
ALAS2-2024-2620
-
ALPINE:CVE-2019-18874
-
ALPINE:CVE-2020-28493
-
ALPINE:CVE-2021-23336
-
ALPINE:CVE-2021-28957
-
ALPINE:CVE-2021-29921
-
ALPINE:CVE-2021-3426
-
ALPINE:CVE-2021-42771
-
ALSA-2021:1633
-
ALSA-2021:4151
-
ALSA-2021:4158
-
ALSA-2021:4160
-
ALSA-2021:4161
-
ALSA-2021:4162
-
ALSA-2021:4201
-
ALSA-2021:4324
-
ALSA-2021:4399
-
ALSA-2021:4455
-
ASA-202102-19
-
ASA-202102-28
-
ASA-202102-37
-
ASA-202105-15
-
ASA-202106-25
-
DSA-4880-1
-
DSA-5018-1
-
ELSA-2021-1633
-
ELSA-2021-4151
-
ELSA-2021-4160
-
ELSA-2021-4162
-
ELSA-2021-4201
-
ELSA-2021-4324
-
ELSA-2021-4399
-
ELSA-2021-4455
-
ELSA-2021-9562
-
ELSA-2022-9341
-
ELSA-2023-12349
-
FEDORA-2020-021fb887ac
-
FEDORA-2020-a06ebafad8
-
FEDORA-2021-067c9deff1
-
FEDORA-2021-0a8f3ffbc0
-
FEDORA-2021-12df7f7382
-
FEDORA-2021-1769a23935
-
FEDORA-2021-1bb399a5af
-
FEDORA-2021-28723f9670
-
FEDORA-2021-2897f5366c
-
FEDORA-2021-2ab6f060d9
-
FEDORA-2021-2ab8ebcabc
-
FEDORA-2021-309bc2e727
-
FEDORA-2021-3352c1c802
-
FEDORA-2021-4cdb0f68c7
-
FEDORA-2021-5a09621ebb
-
FEDORA-2021-7547ad987f
-
FEDORA-2021-7c1bb32d13
-
FEDORA-2021-7d3a9004e2
-
FEDORA-2021-7e2a143808
-
FEDORA-2021-907f3bacae
-
FEDORA-2021-98720f3785
-
FEDORA-2021-9c5f3b8aae
-
FEDORA-2021-a26257ccf5
-
FEDORA-2021-a311bf10d4
-
FEDORA-2021-a499f89369
-
FEDORA-2021-a6bde7ab18
-
FEDORA-2021-b14975e43d
-
FEDORA-2021-b1843407ca
-
FEDORA-2021-b326fcb83f
-
FEDORA-2021-b6b6093b3a
-
FEDORA-2021-b76ede8f4d
-
FEDORA-2021-e22bb0e548
-
FEDORA-2021-e525e48886
-
FEDORA-2021-ef83e8525a
-
FEDORA-2021-f4fd9372c7
-
FREEBSD:374793AD-2720-4C4A-B86C-FC4A1780DEAC
-
FREEBSD:F671C282-95EF-11EB-9C34-080027F515EA
-
GLSA-202104-04
-
GLSA-202107-19
-
GLSA-202107-36
-
GLSA-202208-03
-
GLSA-202208-06
-
GLSA-202305-02
-
GLSA-202402-04
-
MS:CVE-2019-18874
-
MS:CVE-2020-27619
-
MS:CVE-2020-28493
-
MS:CVE-2021-23336
-
MS:CVE-2021-28957
-
MS:CVE-2021-33503
-
MS:CVE-2021-3572
-
MS:CVE-2021-42771
-
openSUSE-SU-2020:2332-1
-
openSUSE-SU-2020:2333-1
-
openSUSE-SU-2021:0435-1
-
openSUSE-SU-2021:1553-1
-
openSUSE-SU-2021:1598-1
-
openSUSE-SU-2021:2012-1
-
openSUSE-SU-2021:3945-1
-
openSUSE-SU-2021:4001-1
-
openSUSE-SU-2021:4002-1
-
openSUSE-SU-2021:4104-1
-
openSUSE-SU-2022:0064-1
-
openSUSE-SU-2022:0803-1
-
openSUSE-SU-2022:0942-1
-
openSUSE-SU-2022:1091-1
-
PYSEC-2019-41
-
PYSEC-2021-108
-
PYSEC-2021-19
-
PYSEC-2021-421
-
PYSEC-2021-437
-
PYSEC-2021-66
-
RHSA-2021:1633
-
RHSA-2021:4151
-
RHSA-2021:4158
-
RHSA-2021:4160
-
RHSA-2021:4161
-
RHSA-2021:4162
-
RHSA-2021:4201
-
RHSA-2021:4324
-
RHSA-2021:4399
-
RHSA-2021:4455
-
RLSA-2021:4151
-
RLSA-2021:4160
-
RLSA-2021:4161
-
RLSA-2021:4201
-
RLSA-2021:4324
-
SUSE-SU-2019:3068-1
-
SUSE-SU-2020:1901-1
-
SUSE-SU-2020:3865-1
-
SUSE-SU-2020:3930-1
-
SUSE-SU-2021:0601-1
-
SUSE-SU-2021:0602-1
-
SUSE-SU-2021:0603-1
-
SUSE-SU-2021:0607-1
-
SUSE-SU-2021:0654-1
-
SUSE-SU-2021:0768-1
-
SUSE-SU-2021:0794-1
-
SUSE-SU-2021:0886-1
-
SUSE-SU-2021:0887-1
-
SUSE-SU-2021:0947-1
-
SUSE-SU-2021:1490-1
-
SUSE-SU-2021:1557-1
-
SUSE-SU-2021:1621-1
-
SUSE-SU-2021:1962-1
-
SUSE-SU-2021:2012-1
-
SUSE-SU-2021:2195-1
-
SUSE-SU-2021:2304-1
-
SUSE-SU-2021:2441-1
-
SUSE-SU-2021:2554-1
-
SUSE-SU-2021:2940-1
-
SUSE-SU-2021:3486-1
-
SUSE-SU-2021:3945-1
-
SUSE-SU-2021:4001-1
-
SUSE-SU-2021:4002-1
-
SUSE-SU-2021:4015-1
-
SUSE-SU-2021:4015-2
-
SUSE-SU-2021:4051-1
-
SUSE-SU-2021:4104-1
-
SUSE-SU-2021:4161-1
-
SUSE-SU-2022:0028-1
-
SUSE-SU-2022:0029-1
-
SUSE-SU-2022:0060-1
-
SUSE-SU-2022:0064-1
-
SUSE-SU-2022:0803-1
-
SUSE-SU-2022:0895-1
-
SUSE-SU-2022:0942-1
-
SUSE-SU-2022:0942-2
-
SUSE-SU-2022:1044-1
-
SUSE-SU-2022:1091-1
-
SUSE-SU-2022:1094-1
-
SUSE-SU-2022:1485-1
-
SUSE-SU-2022:1536-1
-
SUSE-SU-2022:1729-1
-
SUSE-SU-2022:2351-1
-
SUSE-SU-2022:3590-1
-
SUSE-SU-2022:3836-1
-
SUSE-SU-2022:3934-1
-
SUSE-SU-2022:3937-1
-
USN-4204-1
-
USN-4742-1
-
USN-4754-1
-
USN-4754-3
-
USN-4896-1
-
USN-4896-2
-
USN-4961-2
-
USN-4962-1
-
USN-4973-1
-
USN-4973-2
-
USN-5342-1
-
USN-5342-3
-
USN-5701-1
-
USN-5812-1
-
USN-6599-1
-
USN-6891-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/rockylinux/python38-wheel?arch=noarch&distro=rockylinux-8.5 | rockylinux |
 python38-wheel
|
< 0.33.6-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-wheel-wheel?arch=noarch&distro=rockylinux-8.5 | rockylinux |
python38-wheel-wheel
|
< 0.33.6-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-wcwidth?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-wcwidth
|
< 0.1.7-16.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-urllib3?arch=noarch&distro=rockylinux-8.5 | rockylinux |
python38-urllib3
|
< 1.25.7-5.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-six?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-six
|
< 1.12.0-10.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-setuptools?arch=noarch&distro=rockylinux-8.5 | rockylinux |
python38-setuptools
|
< 41.6.0-5.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-setuptools-wheel?arch=noarch&distro=rockylinux-8.5 | rockylinux |
python38-setuptools-wheel
|
< 41.6.0-5.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-scipy?arch=x86_64&distro=rockylinux-8.5 | rockylinux |
python38-scipy
|
< 1.3.1-4.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-scipy?arch=aarch64&distro=rockylinux-8.5 | rockylinux |
python38-scipy
|
< 1.3.1-4.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-requests?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-requests
|
< 2.22.0-9.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-pyyaml?arch=x86_64&distro=rockylinux-8.5 | rockylinux |
python38-pyyaml
|
< 5.4.1-1.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-pyyaml?arch=aarch64&distro=rockylinux-8.5 | rockylinux |
python38-pyyaml
|
< 5.4.1-1.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-pytz?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-pytz
|
< 2019.3-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-pytest?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-pytest
|
< 4.6.6-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-pysocks?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-pysocks
|
< 1.7.1-4.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-pyparsing?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-pyparsing
|
< 2.4.5-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-PyMySQL?arch=noarch&distro=rockylinux-8.5 | rockylinux |
python38-PyMySQL
|
< 0.10.1-1.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-pycparser?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-pycparser
|
< 2.19-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-py?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-py
|
< 1.8.0-8.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-psycopg2?arch=x86_64&distro=rockylinux-8.6 | rockylinux |
python38-psycopg2
|
< 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-psycopg2?arch=aarch64&distro=rockylinux-8.6 | rockylinux |
python38-psycopg2
|
< 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-psycopg2-tests?arch=x86_64&distro=rockylinux-8.6 | rockylinux |
python38-psycopg2-tests
|
< 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-psycopg2-tests?arch=aarch64&distro=rockylinux-8.6 | rockylinux |
python38-psycopg2-tests
|
< 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-psycopg2-doc?arch=x86_64&distro=rockylinux-8.6 | rockylinux |
python38-psycopg2-doc
|
< 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-psycopg2-doc?arch=aarch64&distro=rockylinux-8.6 | rockylinux |
python38-psycopg2-doc
|
< 2.8.4-4.module+el8.6.0+794+eba84017 | rockylinux-8.6 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-psutil?arch=x86_64&distro=rockylinux-8.5 | rockylinux |
python38-psutil
|
< 5.6.4-4.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-psutil?arch=aarch64&distro=rockylinux-8.5 | rockylinux |
python38-psutil
|
< 5.6.4-4.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-ply?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-ply
|
< 3.11-10.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-pluggy?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-pluggy
|
< 0.13.0-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-packaging?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-packaging
|
< 19.2-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-numpy?arch=x86_64&distro=rockylinux-8.5 | rockylinux |
python38-numpy
|
< 1.17.3-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-numpy?arch=aarch64&distro=rockylinux-8.5 | rockylinux |
python38-numpy
|
< 1.17.3-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-numpy-f2py?arch=x86_64&distro=rockylinux-8.5 | rockylinux |
python38-numpy-f2py
|
< 1.17.3-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-numpy-f2py?arch=aarch64&distro=rockylinux-8.5 | rockylinux |
python38-numpy-f2py
|
< 1.17.3-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-numpy-doc?arch=noarch&distro=rockylinux-8.5 | rockylinux |
python38-numpy-doc
|
< 1.17.3-6.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-more-itertools?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-more-itertools
|
< 7.2.0-5.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-markupsafe?arch=x86_64&distro=rockylinux-8.4 | rockylinux |
python38-markupsafe
|
< 1.1.1-6.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-markupsafe?arch=aarch64&distro=rockylinux-8.4 | rockylinux |
python38-markupsafe
|
< 1.1.1-6.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-idna?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-idna
|
< 2.8-6.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-Cython?arch=x86_64&distro=rockylinux-8.4 | rockylinux |
python38-Cython
|
< 0.29.14-4.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-Cython?arch=aarch64&distro=rockylinux-8.4 | rockylinux |
python38-Cython
|
< 0.29.14-4.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-cryptography?arch=x86_64&distro=rockylinux-8.5 | rockylinux |
python38-cryptography
|
< 2.8-3.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-cryptography?arch=aarch64&distro=rockylinux-8.5 | rockylinux |
python38-cryptography
|
< 2.8-3.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-chardet?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-chardet
|
< 3.0.4-19.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-cffi?arch=x86_64&distro=rockylinux-8.4 | rockylinux |
python38-cffi
|
< 1.13.2-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | x86_64 | |
| Affected | pkg:rpm/rockylinux/python38-cffi?arch=aarch64&distro=rockylinux-8.4 | rockylinux |
python38-cffi
|
< 1.13.2-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | aarch64 | |
| Affected | pkg:rpm/rockylinux/python38-babel?arch=noarch&distro=rockylinux-8.5 | rockylinux |
python38-babel
|
< 2.7.0-11.module+el8.5.0+672+ab6eb015 | rockylinux-8.5 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-attrs?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-attrs
|
< 19.3.0-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-atomicwrites?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-atomicwrites
|
< 1.3.0-8.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch | |
| Affected | pkg:rpm/rockylinux/python38-asn1crypto?arch=noarch&distro=rockylinux-8.4 | rockylinux |
python38-asn1crypto
|
< 1.2.0-3.module+el8.4.0+570+c2eaf144 | rockylinux-8.4 | noarch |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |