RLSA-2021:4160

See a problem?
Please try reporting it to the source first.
Source
https://errata.rockylinux.org/RLSA-2021:4160
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2021:4160.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2021:4160
Related
Published
2021-11-09T08:26:25Z
Modified
2023-02-02T13:28:50.795229Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Moderate: python39:3.9 and python39-devel:3.9 security update
Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: Information disclosure via pydoc (CVE-2021-3426)

  • python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733)

  • python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)

  • python-ipaddress: Improper input validation of octal strings (CVE-2021-29921)

  • python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503)

  • python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572)

  • python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8

Cython

Package

Name
Cython
Purl
pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.29.21-5.module+el8.4.0+574+843c4898

mod_wsgi

Package

Name
mod_wsgi
Purl
pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.7.1-4.module+el8.4.0+574+843c4898

numpy

Package

Name
numpy
Purl
pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.19.4-3.module+el8.5.0+673+10283621

pybind11

Package

Name
pybind11
Purl
pkg:rpm/rocky-linux/pybind11?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.6.1-2.module+el8.4.0+574+843c4898

pytest

Package

Name
pytest
Purl
pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:6.0.2-2.module+el8.4.0+574+843c4898

python39

Package

Name
python39
Purl
pkg:rpm/rocky-linux/python39?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.9.6-2.module+el8.5.0+673+10283621

python3x-pip

Package

Name
python3x-pip
Purl
pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:20.2.4-6.module+el8.5.0+673+10283621

python3x-pyparsing

Package

Name
python3x-pyparsing
Purl
pkg:rpm/rocky-linux/python3x-pyparsing?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.4.7-5.module+el8.4.0+574+843c4898

python3x-setuptools

Package

Name
python3x-setuptools
Purl
pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:50.3.2-4.module+el8.5.0+673+10283621

python3x-six

Package

Name
python3x-six
Purl
pkg:rpm/rocky-linux/python3x-six?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.15.0-3.module+el8.4.0+574+843c4898

python-attrs

Package

Name
python-attrs
Purl
pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:20.3.0-2.module+el8.4.0+574+843c4898

python-cffi

Package

Name
python-cffi
Purl
pkg:rpm/rocky-linux/python-cffi?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.14.3-2.module+el8.4.0+574+843c4898

python-chardet

Package

Name
python-chardet
Purl
pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.0.4-19.module+el8.4.0+570+c2eaf144

python-cryptography

Package

Name
python-cryptography
Purl
pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.3.1-2.module+el8.5.0+673+10283621

python-cryptography

Package

Name
python-cryptography
Purl
pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.3.1-2.module+el8.4.0+574+843c4898

python-idna

Package

Name
python-idna
Purl
pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.10-3.module+el8.4.0+574+843c4898

python-iniconfig

Package

Name
python-iniconfig
Purl
pkg:rpm/rocky-linux/python-iniconfig?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.1.1-2.module+el8.4.0+574+843c4898

python-lxml

Package

Name
python-lxml
Purl
pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.6.2-3.module+el8.5.0+673+10283621

python-more-itertools

Package

Name
python-more-itertools
Purl
pkg:rpm/rocky-linux/python-more-itertools?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:8.5.0-2.module+el8.4.0+574+843c4898

python-packaging

Package

Name
python-packaging
Purl
pkg:rpm/rocky-linux/python-packaging?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:20.4-4.module+el8.4.0+574+843c4898

python-pluggy

Package

Name
python-pluggy
Purl
pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.13.1-3.module+el8.4.0+574+843c4898

python-ply

Package

Name
python-ply
Purl
pkg:rpm/rocky-linux/python-ply?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.11-10.module+el8.4.0+570+c2eaf144

python-psutil

Package

Name
python-psutil
Purl
pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.8.0-4.module+el8.5.0+673+10283621

python-psutil

Package

Name
python-psutil
Purl
pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.8.0-4.module+el8.4.0+574+843c4898

python-psycopg2

Package

Name
python-psycopg2
Purl
pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8.6-2.module+el8.6.0+795+de4edbcc

python-psycopg2

Package

Name
python-psycopg2
Purl
pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8.6-2.module+el8.4.0+574+843c4898

python-psycopg2

Package

Name
python-psycopg2
Purl
pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8.6-2.module+el8.5.0+673+10283621

python-py

Package

Name
python-py
Purl
pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.10.0-1.module+el8.4.0+574+843c4898

python-pycparser

Package

Name
python-pycparser
Purl
pkg:rpm/rocky-linux/python-pycparser?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.20-3.module+el8.4.0+574+843c4898

python-PyMySQL

Package

Name
python-PyMySQL
Purl
pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.10.1-2.module+el8.4.0+597+ddf0ddea

python-PyMySQL

Package

Name
python-PyMySQL
Purl
pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.10.1-2.module+el8.4.0+574+843c4898

python-pysocks

Package

Name
python-pysocks
Purl
pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.7.1-4.module+el8.4.0+570+c2eaf144

python-requests

Package

Name
python-requests
Purl
pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.25.0-2.module+el8.4.0+574+843c4898

python-toml

Package

Name
python-toml
Purl
pkg:rpm/rocky-linux/python-toml?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.10.1-5.module+el8.4.0+574+843c4898

python-urllib3

Package

Name
python-urllib3
Purl
pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.25.10-4.module+el8.5.0+673+10283621

python-wcwidth

Package

Name
python-wcwidth
Purl
pkg:rpm/rocky-linux/python-wcwidth?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.2.5-3.module+el8.4.0+574+843c4898

python-wheel

Package

Name
python-wheel
Purl
pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:0.35.1-4.module+el8.5.0+673+10283621

PyYAML

Package

Name
PyYAML
Purl
pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.4.1-1.module+el8.5.0+672+ab6eb015

PyYAML

Package

Name
PyYAML
Purl
pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.4.1-1.module+el8.4.0+574+843c4898

scipy

Package

Name
scipy
Purl
pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.5.4-3.module+el8.5.0+673+10283621

scipy

Package

Name
scipy
Purl
pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.5.4-3.module+el8.4.0+574+843c4898