ALSA-2021:4160

Source
https://errata.almalinux.org/8/ALSA-2021-4160.html
Import Source
https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4160.json
JSON Data
https://api.osv.dev/v1/vulns/ALSA-2021:4160
Related
Published
2021-11-09T08:26:25Z
Modified
2021-11-09T12:46:25Z
Summary
Moderate: python39:3.9 and python39-devel:3.9 security update
Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: Information disclosure via pydoc (CVE-2021-3426)

  • python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733)

  • python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)

  • python-ipaddress: Improper input validation of octal strings (CVE-2021-29921)

  • python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503)

  • python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572)

  • python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8 / python39-Cython

Package

Name
python39-Cython

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.29.21-5.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-PyMySQL

Package

Name
python39-PyMySQL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.1-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-attrs

Package

Name
python39-attrs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.3.0-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-cffi

Package

Name
python39-cffi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.14.3-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-chardet

Package

Name
python39-chardet

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.4-19.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-cryptography

Package

Name
python39-cryptography

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.3.1-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-idna

Package

Name
python39-idna

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-iniconfig

Package

Name
python39-iniconfig

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-mod_wsgi

Package

Name
python39-mod_wsgi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.7.1-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-more-itertools

Package

Name
python39-more-itertools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.0-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-numpy

Package

Name
python39-numpy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-numpy-doc

Package

Name
python39-numpy-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-numpy-f2py

Package

Name
python39-numpy-f2py

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.19.4-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-packaging

Package

Name
python39-packaging

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20.4-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pluggy

Package

Name
python39-pluggy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.1-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-ply

Package

Name
python39-ply

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.11-10.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-psutil

Package

Name
python39-psutil

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.8.0-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-psycopg2

Package

Name
python39-psycopg2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.6-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-psycopg2-doc

Package

Name
python39-psycopg2-doc

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.6-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-psycopg2-tests

Package

Name
python39-psycopg2-tests

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.6-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-py

Package

Name
python39-py

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.0-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pycparser

Package

Name
python39-pycparser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.20-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pyparsing

Package

Name
python39-pyparsing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.7-5.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pysocks

Package

Name
python39-pysocks

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.1-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pytest

Package

Name
python39-pytest

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.2-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-pyyaml

Package

Name
python39-pyyaml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.4.1-1.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-requests

Package

Name
python39-requests

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.25.0-2.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-scipy

Package

Name
python39-scipy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-setuptools

Package

Name
python39-setuptools

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
50.3.2-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-setuptools-wheel

Package

Name
python39-setuptools-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
50.3.2-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-six

Package

Name
python39-six

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.0-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-toml

Package

Name
python39-toml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.10.1-5.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-urllib3

Package

Name
python39-urllib3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.25.10-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-wcwidth

Package

Name
python39-wcwidth

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.5-3.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-wheel

Package

Name
python39-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.35.1-4.module_el8.6.0+2780+a40f65e1

AlmaLinux:8 / python39-wheel-wheel

Package

Name
python39-wheel-wheel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.35.1-4.module_el8.6.0+2780+a40f65e1