RLSA-2022:8492

See a problem?
Please try reporting it to the source first.

Source

https://errata.rockylinux.org/RLSA-2022:8492

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json

JSON Data

https://api.osv.dev/v1/vulns/RLSA-2022:8492

Related

CVE-2022-42919

Published

2022-11-16T10:10:13Z

Modified

2023-02-02T13:54:02.195161Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Important: python39:3.9 security update

Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

python: local privilege escalation via the multiprocessing forkserver start method (CVE-2022-42919)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:8 / mod_wsgi

Package

Name: mod_wsgi
Purl: pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.7.1-4.module+el8.4.0+574+843c4898

Rocky Linux:8 / mod_wsgi

Package

Name: mod_wsgi
Purl: pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.7.1-5.module+el8.7.0+1064+ad564229

Rocky Linux:8 / numpy

Package

Name: numpy
Purl: pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.19.4-2.module+el8.4.0+574+843c4898

Rocky Linux:8 / numpy

Package

Name: numpy
Purl: pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.19.4-3.module+el8.5.0+673+10283621

Rocky Linux:8 / python39

Package

Name: python39
Purl: pkg:rpm/rocky-linux/python39?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.9.13-2.module+el8.7.0+1092+55aa9635

Rocky Linux:8 / python3x-pip

Package

Name: python3x-pip
Purl: pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:20.2.4-3.module+el8.4.0+574+843c4898

Rocky Linux:8 / python3x-pip

Package

Name: python3x-pip
Purl: pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:20.2.4-7.module+el8.7.0+1064+ad564229

Rocky Linux:8 / python3x-pip

Package

Name: python3x-pip
Purl: pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8-6-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:20.2.4-7.module+el8.6.0+795+de4edbcc

Rocky Linux:8 / python3x-setuptools

Package

Name: python3x-setuptools
Purl: pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:50.3.2-3.module+el8.4.0+574+843c4898

Rocky Linux:8 / python3x-setuptools

Package

Name: python3x-setuptools
Purl: pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:50.3.2-4.module+el8.5.0+673+10283621

Rocky Linux:8 / python3x-six

Package

Name: python3x-six
Purl: pkg:rpm/rocky-linux/python3x-six?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.0-3.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-cffi

Package

Name: python-cffi
Purl: pkg:rpm/rocky-linux/python-cffi?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.14.3-2.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-chardet

Package

Name: python-chardet
Purl: pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.0.4-19.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.3.1-2.module+el8.5.0+673+10283621

Rocky Linux:8 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.3.1-2.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-idna

Package

Name: python-idna
Purl: pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.10-3.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-lxml

Package

Name: python-lxml
Purl: pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.6.2-2.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-lxml

Package

Name: python-lxml
Purl: pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.6.5-1.module+el8.6.0+795+de4edbcc

Rocky Linux:8 / python-ply

Package

Name: python-ply
Purl: pkg:rpm/rocky-linux/python-ply?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.11-10.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-psutil

Package

Name: python-psutil
Purl: pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:5.8.0-4.module+el8.5.0+673+10283621

Rocky Linux:8 / python-psutil

Package

Name: python-psutil
Purl: pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:5.8.0-4.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.8.6-2.module+el8.6.0+795+de4edbcc

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.8.6-2.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.8.6-2.module+el8.5.0+673+10283621

Rocky Linux:8 / python-pycparser

Package

Name: python-pycparser
Purl: pkg:rpm/rocky-linux/python-pycparser?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.20-3.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-PyMySQL

Package

Name: python-PyMySQL
Purl: pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.10.1-2.module+el8.4.0+597+ddf0ddea

Rocky Linux:8 / python-PyMySQL

Package

Name: python-PyMySQL
Purl: pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.10.1-2.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-pysocks

Package

Name: python-pysocks
Purl: pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.7.1-4.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-requests

Package

Name: python-requests
Purl: pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.25.0-2.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-toml

Package

Name: python-toml
Purl: pkg:rpm/rocky-linux/python-toml?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.10.1-5.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-urllib3

Package

Name: python-urllib3
Purl: pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.25.10-3.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-urllib3

Package

Name: python-urllib3
Purl: pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.25.10-4.module+el8.5.0+673+10283621

Rocky Linux:8 / python-wheel

Package

Name: python-wheel
Purl: pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8-4-legacy&epoch=1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.35.1-3.module+el8.4.0+574+843c4898

Rocky Linux:8 / python-wheel

Package

Name: python-wheel
Purl: pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8&epoch=1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.35.1-4.module+el8.5.0+673+10283621

Rocky Linux:8 / PyYAML

Package

Name: PyYAML
Purl: pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:5.4.1-1.module+el8.5.0+672+ab6eb015

Rocky Linux:8 / PyYAML

Package

Name: PyYAML
Purl: pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:5.4.1-1.module+el8.4.0+574+843c4898

Rocky Linux:8 / scipy

Package

Name: scipy
Purl: pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.5.4-3.module+el8.5.0+673+10283621

Rocky Linux:8 / scipy

Package

Name: scipy
Purl: pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.5.4-3.module+el8.4.0+574+843c4898