RLSA-2019:0981

See a problem?
Please try reporting it to the source first.

Source

https://errata.rockylinux.org/RLSA-2019:0981

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json

JSON Data

https://api.osv.dev/v1/vulns/RLSA-2019:0981

Related

Published

2019-05-07T03:40:00Z

Modified

2023-02-02T12:54:45.361476Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Important: python27:2.7 security update

Details

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing.

SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases.

Security Fix(es):

python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636)
python-sqlalchemy: SQL Injection when the order_by parameter can be controlled (CVE-2019-7164)
python-sqlalchemy: SQL Injection when the group_by parameter can be controlled (CVE-2019-7548)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:8 / python-markupsafe

Package

Name: python-markupsafe
Purl: pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.23-19.el8

Rocky Linux:8 / python-markupsafe

Package

Name: python-markupsafe
Purl: pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.23-19.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-attrs

Package

Name: python-attrs
Purl: pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:17.4.0-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-attrs

Package

Name: python-attrs
Purl: pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:17.4.0-10.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / babel

Package

Name: babel
Purl: pkg:rpm/rocky-linux/babel?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.5.1-9.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / Cython

Package

Name: Cython
Purl: pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.28.1-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / Cython

Package

Name: Cython
Purl: pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.28.1-7.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / pytest

Package

Name: pytest
Purl: pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.4.2-13.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / pytest

Package

Name: pytest
Purl: pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.4.2-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-funcsigs

Package

Name: python-funcsigs
Purl: pkg:rpm/rocky-linux/python-funcsigs?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.0.2-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python2-rpm-macros

Package

Name: python2-rpm-macros
Purl: pkg:rpm/rocky-linux/python2-rpm-macros?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3-38.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-chardet

Package

Name: python-chardet
Purl: pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.0.4-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-chardet

Package

Name: python-chardet
Purl: pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.0.4-10.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-coverage

Package

Name: python-coverage
Purl: pkg:rpm/rocky-linux/python-coverage?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.5.1-4.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-coverage

Package

Name: python-coverage
Purl: pkg:rpm/rocky-linux/python-coverage?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.5.1-4.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-docutils

Package

Name: python-docutils
Purl: pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.14-12.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-docutils

Package

Name: python-docutils
Purl: pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.14-12.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-idna

Package

Name: python-idna
Purl: pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.5-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-idna

Package

Name: python-idna
Purl: pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.5-7.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-ipaddress

Package

Name: python-ipaddress
Purl: pkg:rpm/rocky-linux/python-ipaddress?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.0.18-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-jinja2

Package

Name: python-jinja2
Purl: pkg:rpm/rocky-linux/python-jinja2?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.10-8.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-lxml

Package

Name: python-lxml
Purl: pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.2.3-3.el8

Rocky Linux:8 / python-mock

Package

Name: python-mock
Purl: pkg:rpm/rocky-linux/python-mock?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.0.0-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-nose

Package

Name: python-nose
Purl: pkg:rpm/rocky-linux/python-nose?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.3.7-30.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-pluggy

Package

Name: python-pluggy
Purl: pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.6.0-8.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-pluggy

Package

Name: python-pluggy
Purl: pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.6.0-8.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.7.5-7.el8

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.7.5-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-py

Package

Name: python-py
Purl: pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.5.3-6.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-py

Package

Name: python-py
Purl: pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.5.3-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-pygments

Package

Name: python-pygments
Purl: pkg:rpm/rocky-linux/python-pygments?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.2.0-20.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-PyMySQL

Package

Name: python-PyMySQL
Purl: pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.8.0-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-PyMySQL

Package

Name: python-PyMySQL
Purl: pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.8.0-10.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-pysocks

Package

Name: python-pysocks
Purl: pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.6.8-6.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-pysocks

Package

Name: python-pysocks
Purl: pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.6.8-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-pytest-mock

Package

Name: python-pytest-mock
Purl: pkg:rpm/rocky-linux/python-pytest-mock?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.9.0-4.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-setuptools_scm

Package

Name: python-setuptools_scm
Purl: pkg:rpm/rocky-linux/python-setuptools_scm?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.7-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / pytz

Package

Name: pytz
Purl: pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2017.2-12.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / pytz

Package

Name: pytz
Purl: pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2017.2-12.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / PyYAML

Package

Name: PyYAML
Purl: pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.12-16.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / PyYAML

Package

Name: PyYAML
Purl: pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.12-16.module+el8.4.0+403+9ae17a31