RLSA-2022:1821

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2022:1821.json

Related

Published

2022-05-10T08:02:50Z

Modified

2023-02-02T13:41:28.618850Z

Details

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.

Security Fix(es):

python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733)
python: ftplib should not use the host from the PASV response (CVE-2021-4189)
python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818)
python: urllib.parse does not sanitize URLs containing ASCII newline and tabs (CVE-2022-0391)
python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.

References

Affected packages

Rocky Linux:8 / babel

Package

Name: babel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.5.1-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / Cython

Package

Name: Cython

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.28.1-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / Cython

Package

Name: Cython

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.28.1-7.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / numpy

Package

Name: numpy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:1.14.2-16.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / numpy

Package

Name: numpy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:1.14.2-16.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / pytest

Package

Name: pytest

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.4.2-13.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / pytest

Package

Name: pytest

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.4.2-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python2

Package

Name: python2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.7.18-10.module+el8.6.0+793+57002515.rocky.0.2

Rocky Linux:8 / python2-pip

Package

Name: python2-pip

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:9.0.3-19.module+el8.6.0+793+57002515

Rocky Linux:8 / python2-rpm-macros

Package

Name: python2-rpm-macros

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3-38.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python2-setuptools

Package

Name: python2-setuptools

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:39.0.1-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python2-six

Package

Name: python2-six

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.11.0-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-attrs

Package

Name: python-attrs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:17.4.0-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-attrs

Package

Name: python-attrs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:17.4.0-10.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-backports

Package

Name: python-backports

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0-16.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-backports-ssl_match_hostname

Package

Name: python-backports-ssl_match_hostname

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.5.0.1-12.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-chardet

Package

Name: python-chardet

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.0.4-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-chardet

Package

Name: python-chardet

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.0.4-10.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-coverage

Package

Name: python-coverage

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.5.1-4.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-coverage

Package

Name: python-coverage

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.5.1-4.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-dns

Package

Name: python-dns

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.15.0-10.module+el8.7.0+1062+663ba31c

Rocky Linux:8 / python-dns

Package

Name: python-dns

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.15.0-10.el8

Rocky Linux:8 / python-dns

Package

Name: python-dns

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.15.0-10.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-docs

Package

Name: python-docs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.7.16-2.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-docutils

Package

Name: python-docutils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.14-12.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-docutils

Package

Name: python-docutils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.14-12.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-funcsigs

Package

Name: python-funcsigs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0.2-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-idna

Package

Name: python-idna

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.5-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-idna

Package

Name: python-idna

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.5-7.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-ipaddress

Package

Name: python-ipaddress

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0.18-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-jinja2

Package

Name: python-jinja2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.10-9.module+el8.7.0+1062+663ba31c

Rocky Linux:8 / python-jinja2

Package

Name: python-jinja2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.10-9.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-lxml

Package

Name: python-lxml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:4.2.3-6.module+el8.6.0+793+57002515

Rocky Linux:8 / python-markupsafe

Package

Name: python-markupsafe

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.23-19.el8

Rocky Linux:8 / python-markupsafe

Package

Name: python-markupsafe

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.23-19.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-mock

Package

Name: python-mock

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.0.0-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-nose

Package

Name: python-nose

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.3.7-31.module+el8.5.0+671+195e4563

Rocky Linux:8 / python-pluggy

Package

Name: python-pluggy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.6.0-8.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-pluggy

Package

Name: python-pluggy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.6.0-8.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.7.5-7.el8

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.7.5-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-py

Package

Name: python-py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.5.3-6.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-py

Package

Name: python-py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.5.3-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-pygments

Package

Name: python-pygments

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.2.0-22.module+el8.5.0+671+195e4563

Rocky Linux:8 / python-pymongo

Package

Name: python-pymongo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.7.0-1.module+el8.5.0+671+195e4563

Rocky Linux:8 / python-pymongo

Package

Name: python-pymongo

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.7.0-1.module+el8.4.0+597+ddf0ddea

Rocky Linux:8 / python-requests

Package

Name: python-requests

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.20.0-3.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-requests

Package

Name: python-requests

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2.20.0-3.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-PyMySQL

Package

Name: python-PyMySQL

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.8.0-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-PyMySQL

Package

Name: python-PyMySQL

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:0.8.0-10.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-pysocks

Package

Name: python-pysocks

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.6.8-6.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-pysocks

Package

Name: python-pysocks

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.6.8-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-pytest-mock

Package

Name: python-pytest-mock

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.9.0-4.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-setuptools_scm

Package

Name: python-setuptools_scm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.15.7-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-sqlalchemy

Package

Name: python-sqlalchemy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.3.2-2.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-sqlalchemy

Package

Name: python-sqlalchemy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.3.2-2.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-urllib3

Package

Name: python-urllib3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.24.2-3.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-urllib3

Package

Name: python-urllib3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.24.2-3.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-virtualenv

Package

Name: python-virtualenv

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:15.1.0-21.module+el8.5.0+671+195e4563

Rocky Linux:8 / python-wheel

Package

Name: python-wheel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1:0.31.1-3.module+el8.5.0+671+195e4563

Rocky Linux:8 / pytz

Package

Name: pytz

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2017.2-12.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / pytz

Package

Name: pytz

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:2017.2-12.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / PyYAML

Package

Name: PyYAML

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.12-16.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / PyYAML

Package

Name: PyYAML

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:3.12-16.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / scipy

Package

Name: scipy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0:1.0.0-21.module+el8.5.0+671+195e4563