RLSA-2021:4151

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2021:4151.json

Related

Published

2021-11-09T08:24:39Z

Modified

2023-02-02T13:28:24.145350Z

Summary

Moderate: python27:2.7 security update

Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)
python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)
python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)
python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270)
python: Web cache poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a semicolon in query parameters (CVE-2021-23336)
python-pygments: ReDoS in multiple lexers (CVE-2021-27291)
python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.

References

Affected packages

Rocky Linux:8 / python-markupsafe

Package

Name: python-markupsafe

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.23-19.el8

Rocky Linux:8 / python-markupsafe

Package

Name: python-markupsafe

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.23-19.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / babel

Package

Name: babel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.5.1-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / Cython

Package

Name: Cython

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.28.1-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / Cython

Package

Name: Cython

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.28.1-7.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / numpy

Package

Name: numpy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:1.14.2-16.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / numpy

Package

Name: numpy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:1.14.2-16.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / pytest

Package

Name: pytest

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.4.2-13.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / pytest

Package

Name: pytest

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.4.2-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1

Rocky Linux:8 / python2-pip

Package

Name: python2-pip

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:9.0.3-18.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python2-rpm-macros

Package

Name: python2-rpm-macros

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3-38.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python2-setuptools

Package

Name: python2-setuptools

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:39.0.1-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python2-six

Package

Name: python2-six

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.11.0-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-attrs

Package

Name: python-attrs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:17.4.0-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-attrs

Package

Name: python-attrs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:17.4.0-10.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-backports

Package

Name: python-backports

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-16.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-backports-ssl_match_hostname

Package

Name: python-backports-ssl_match_hostname

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.5.0.1-12.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-chardet

Package

Name: python-chardet

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.0.4-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-chardet

Package

Name: python-chardet

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.0.4-10.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-coverage

Package

Name: python-coverage

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.5.1-4.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-coverage

Package

Name: python-coverage

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.5.1-4.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-dns

Package

Name: python-dns

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.15.0-10.module+el8.7.0+1062+663ba31c

Rocky Linux:8 / python-dns

Package

Name: python-dns

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.15.0-10.el8

Rocky Linux:8 / python-dns

Package

Name: python-dns

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.15.0-10.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-docs

Package

Name: python-docs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.7.16-2.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-docutils

Package

Name: python-docutils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.14-12.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-docutils

Package

Name: python-docutils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.14-12.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-funcsigs

Package

Name: python-funcsigs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0.2-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-idna

Package

Name: python-idna

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.5-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-idna

Package

Name: python-idna

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.5-7.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-ipaddress

Package

Name: python-ipaddress

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0.18-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-jinja2

Package

Name: python-jinja2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.10-9.module+el8.7.0+1062+663ba31c

Rocky Linux:8 / python-jinja2

Package

Name: python-jinja2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.10-9.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-lxml

Package

Name: python-lxml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.2.3-5.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-mock

Package

Name: python-mock

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.0.0-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-nose

Package

Name: python-nose

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.3.7-31.module+el8.5.0+671+195e4563

Rocky Linux:8 / python-pluggy

Package

Name: python-pluggy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.6.0-8.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-pluggy

Package

Name: python-pluggy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.6.0-8.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.7.5-7.el8

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.7.5-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-py

Package

Name: python-py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.5.3-6.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-py

Package

Name: python-py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.5.3-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-pygments

Package

Name: python-pygments

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.2.0-22.module+el8.5.0+671+195e4563

Rocky Linux:8 / python-pymongo

Package

Name: python-pymongo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.7.0-1.module+el8.5.0+671+195e4563

Rocky Linux:8 / python-pymongo

Package

Name: python-pymongo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.7.0-1.module+el8.4.0+597+ddf0ddea

Rocky Linux:8 / python-PyMySQL

Package

Name: python-PyMySQL

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.8.0-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-PyMySQL

Package

Name: python-PyMySQL

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.8.0-10.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-pysocks

Package

Name: python-pysocks

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.6.8-6.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-pysocks

Package

Name: python-pysocks

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.6.8-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-pytest-mock

Package

Name: python-pytest-mock

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.9.0-4.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-requests

Package

Name: python-requests

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.20.0-3.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-requests

Package

Name: python-requests

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.20.0-3.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-setuptools_scm

Package

Name: python-setuptools_scm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.15.7-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-sqlalchemy

Package

Name: python-sqlalchemy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.3.2-2.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-sqlalchemy

Package

Name: python-sqlalchemy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.3.2-2.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-urllib3

Package

Name: python-urllib3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.24.2-3.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-urllib3

Package

Name: python-urllib3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.24.2-3.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-virtualenv

Package

Name: python-virtualenv

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:15.1.0-21.module+el8.5.0+671+195e4563

Rocky Linux:8 / python-wheel

Package

Name: python-wheel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:0.31.1-3.module+el8.5.0+671+195e4563

Rocky Linux:8 / pytz

Package

Name: pytz

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2017.2-12.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / pytz

Package

Name: pytz

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2017.2-12.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / PyYAML

Package

Name: PyYAML

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.12-16.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / PyYAML

Package

Name: PyYAML

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.12-16.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / scipy

Package

Name: scipy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0.0-21.module+el8.5.0+671+195e4563