ALSA-2021:4151

Source
https://errata.almalinux.org/8/ALSA-2021-4151.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4151.json
Related
Published
2021-11-09T08:24:39Z
Modified
2021-11-09T12:45:07Z
Summary
Moderate: python27:2.7 security update
Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)

  • python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)

  • python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)

  • python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270)

  • python: Web cache poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a semicolon in query parameters (CVE-2021-23336)

  • python-pygments: ReDoS in multiple lexers (CVE-2021-27291)

  • python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8 / babel

Package

Name
babel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.5.1-10.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python-nose-docs

Package

Name
python-nose-docs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.3.7-31.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python-nose-docs

Package

Name
python-nose-docs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.3.7-31.module_el8.5.0+2569+5c5719bc

AlmaLinux:8 / python-psycopg2-doc

Package

Name
python-psycopg2-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.7.5-7.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python-sqlalchemy-doc

Package

Name
python-sqlalchemy-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.3.2-2.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python-sqlalchemy-doc

Package

Name
python-sqlalchemy-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.3.2-2.module_el8.5.0+2569+5c5719bc

AlmaLinux:8 / python2-Cython

Package

Name
python2-Cython

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
0.28.1-7.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-PyMySQL

Package

Name
python2-PyMySQL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
0.8.0-10.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-attrs

Package

Name
python2-attrs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
17.4.0-10.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-babel

Package

Name
python2-babel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.5.1-10.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-backports

Package

Name
python2-backports

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.0-16.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-backports-ssl_match_hostname

Package

Name
python2-backports-ssl_match_hostname

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.5.0.1-12.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-bson

Package

Name
python2-bson

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.7.0-1.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-chardet

Package

Name
python2-chardet

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.0.4-10.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-coverage

Package

Name
python2-coverage

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
4.5.1-4.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-dns

Package

Name
python2-dns

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.15.0-10.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-docs

Package

Name
python2-docs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.7.16-2.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-docs-info

Package

Name
python2-docs-info

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.7.16-2.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-docutils

Package

Name
python2-docutils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
0.14-12.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-funcsigs

Package

Name
python2-funcsigs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.0.2-13.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-idna

Package

Name
python2-idna

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.5-7.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-ipaddress

Package

Name
python2-ipaddress

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.0.18-6.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-jinja2

Package

Name
python2-jinja2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.10-9.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-markupsafe

Package

Name
python2-markupsafe

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
0.23-19.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-mock

Package

Name
python2-mock

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.0.0-13.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-nose

Package

Name
python2-nose

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.3.7-31.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-numpy

Package

Name
python2-numpy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1:1.14.2-16.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-numpy-doc

Package

Name
python2-numpy-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1:1.14.2-16.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-numpy-f2py

Package

Name
python2-numpy-f2py

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1:1.14.2-16.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-pluggy

Package

Name
python2-pluggy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
0.6.0-8.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-psycopg2

Package

Name
python2-psycopg2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.7.5-7.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-psycopg2-debug

Package

Name
python2-psycopg2-debug

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.7.5-7.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-psycopg2-tests

Package

Name
python2-psycopg2-tests

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.7.5-7.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-py

Package

Name
python2-py

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.5.3-6.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-pygments

Package

Name
python2-pygments

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.2.0-22.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-pymongo

Package

Name
python2-pymongo

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.7.0-1.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-pymongo-gridfs

Package

Name
python2-pymongo-gridfs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.7.0-1.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-pysocks

Package

Name
python2-pysocks

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.6.8-6.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-pytest

Package

Name
python2-pytest

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.4.2-13.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-pytest-mock

Package

Name
python2-pytest-mock

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.9.0-4.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-pytz

Package

Name
python2-pytz

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2017.2-12.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-pyyaml

Package

Name
python2-pyyaml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3.12-16.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-requests

Package

Name
python2-requests

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
2.20.0-3.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-rpm-macros

Package

Name
python2-rpm-macros

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
3-38.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-scipy

Package

Name
python2-scipy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.0.0-21.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-setuptools

Package

Name
python2-setuptools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
39.0.1-13.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-setuptools-wheel

Package

Name
python2-setuptools-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
39.0.1-13.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-setuptools_scm

Package

Name
python2-setuptools_scm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.15.7-6.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-six

Package

Name
python2-six

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.11.0-6.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-sqlalchemy

Package

Name
python2-sqlalchemy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.3.2-2.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-urllib3

Package

Name
python2-urllib3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1.24.2-3.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-virtualenv

Package

Name
python2-virtualenv

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
15.1.0-21.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-wheel

Package

Name
python2-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1:0.31.1-3.module_el8.6.0+2781+fed64c13

AlmaLinux:8 / python2-wheel-wheel

Package

Name
python2-wheel-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
1:0.31.1-3.module_el8.6.0+2781+fed64c13