ALSA-2020:1605
- Source
- https://errata.almalinux.org/8/ALSA-2020-1605.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:1605.json
- Related
- Published
- 2020-04-28T08:55:59Z
- Modified
- 2020-04-28T08:55:52Z
- Details
-
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.
The following packages have been upgraded to a later upstream version: python2 (2.7.17). (BZ#1759944)
Security Fix(es):
python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060)
python: Cookie domain check returns incorrect results (CVE-2018-20852)
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236)
python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324)
python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056)
python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
- References
-
- https://errata.almalinux.org/8/ALSA-2020-1605.html
- https://vulners.com/cve/CVE-2018-18074
- https://vulners.com/cve/CVE-2018-20060
- https://vulners.com/cve/CVE-2018-20852
- https://vulners.com/cve/CVE-2019-11236
- https://vulners.com/cve/CVE-2019-11324
- https://vulners.com/cve/CVE-2019-16056
- https://vulners.com/cve/CVE-2019-16935
Affected packages
AlmaLinux:8 / python-psycopg2-doc
Package
- Name
- python-psycopg2-doc
AlmaLinux:8 / python2-Cython
Package
- Name
- python2-Cython
AlmaLinux:8 / python2-PyMySQL
Package
- Name
- python2-PyMySQL
AlmaLinux:8 / python2-attrs
Package
- Name
- python2-attrs
AlmaLinux:8 / python2-chardet
Package
- Name
- python2-chardet
AlmaLinux:8 / python2-coverage
Package
- Name
- python2-coverage
AlmaLinux:8 / python2-dns
Package
- Name
- python2-dns
AlmaLinux:8 / python2-docs
Package
- Name
- python2-docs
AlmaLinux:8 / python2-docs-info
Package
- Name
- python2-docs-info
AlmaLinux:8 / python2-docutils
Package
- Name
- python2-docutils
AlmaLinux:8 / python2-funcsigs
Package
- Name
- python2-funcsigs
AlmaLinux:8 / python2-idna
Package
- Name
- python2-idna
AlmaLinux:8 / python2-ipaddress
Package
- Name
- python2-ipaddress
AlmaLinux:8 / python2-markupsafe
Package
- Name
- python2-markupsafe
AlmaLinux:8 / python2-mock
Package
- Name
- python2-mock
AlmaLinux:8 / python2-pluggy
Package
- Name
- python2-pluggy
AlmaLinux:8 / python2-psycopg2
Package
- Name
- python2-psycopg2
AlmaLinux:8 / python2-psycopg2-debug
Package
- Name
- python2-psycopg2-debug
AlmaLinux:8 / python2-psycopg2-tests
Package
- Name
- python2-psycopg2-tests
AlmaLinux:8 / python2-py
Package
- Name
- python2-py
AlmaLinux:8 / python2-pysocks
Package
- Name
- python2-pysocks
AlmaLinux:8 / python2-pytest
Package
- Name
- python2-pytest
AlmaLinux:8 / python2-pytest-mock
Package
- Name
- python2-pytest-mock
AlmaLinux:8 / python2-pytz
Package
- Name
- python2-pytz
AlmaLinux:8 / python2-pyyaml
Package
- Name
- python2-pyyaml
AlmaLinux:8 / python2-requests
Package
- Name
- python2-requests
AlmaLinux:8 / python2-rpm-macros
Package
- Name
- python2-rpm-macros