RLSA-2022:8492

See a problem?
Please try reporting it to the source first.

Source

https://errata.rockylinux.org/RLSA-2022:8492

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json

JSON Data

https://api.osv.dev/v1/vulns/RLSA-2022:8492

Related

CVE-2022-42919

Published

2022-11-16T10:10:13Z

Modified

2023-02-02T13:54:02.195161Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Important: python39:3.9 security update

Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

python: local privilege escalation via the multiprocessing forkserver start method (CVE-2022-42919)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:8

mod_wsgi

Package

Name: mod_wsgi
Purl: pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.7.1-4.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

mod_wsgi

Package

Name: mod_wsgi
Purl: pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.7.1-5.module+el8.7.0+1064+ad564229

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

numpy

Package

Name: numpy
Purl: pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.19.4-2.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

numpy

Package

Name: numpy
Purl: pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.19.4-3.module+el8.5.0+673+10283621

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python39

Package

Name: python39
Purl: pkg:rpm/rocky-linux/python39?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.9.13-2.module+el8.7.0+1092+55aa9635

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python3x-pip

Package

Name: python3x-pip
Purl: pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:20.2.4-3.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python3x-pip

Package

Name: python3x-pip
Purl: pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:20.2.4-7.module+el8.7.0+1064+ad564229

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python3x-pip

Package

Name: python3x-pip
Purl: pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8-6-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:20.2.4-7.module+el8.6.0+795+de4edbcc

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python3x-setuptools

Package

Name: python3x-setuptools
Purl: pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:50.3.2-3.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python3x-setuptools

Package

Name: python3x-setuptools
Purl: pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:50.3.2-4.module+el8.5.0+673+10283621

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python3x-six

Package

Name: python3x-six
Purl: pkg:rpm/rocky-linux/python3x-six?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.0-3.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-cffi

Package

Name: python-cffi
Purl: pkg:rpm/rocky-linux/python-cffi?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.14.3-2.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-chardet

Package

Name: python-chardet
Purl: pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.0.4-19.module+el8.4.0+570+c2eaf144

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.3.1-2.module+el8.5.0+673+10283621

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-cryptography

Package

Name: python-cryptography
Purl: pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.3.1-2.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-idna

Package

Name: python-idna
Purl: pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.10-3.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-lxml

Package

Name: python-lxml
Purl: pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.6.2-2.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-lxml

Package

Name: python-lxml
Purl: pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.6.5-1.module+el8.6.0+795+de4edbcc

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-ply

Package

Name: python-ply
Purl: pkg:rpm/rocky-linux/python-ply?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.11-10.module+el8.4.0+570+c2eaf144

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-psutil

Package

Name: python-psutil
Purl: pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:5.8.0-4.module+el8.5.0+673+10283621

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-psutil

Package

Name: python-psutil
Purl: pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:5.8.0-4.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.8.6-2.module+el8.6.0+795+de4edbcc

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.8.6-2.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.8.6-2.module+el8.5.0+673+10283621

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-pycparser

Package

Name: python-pycparser
Purl: pkg:rpm/rocky-linux/python-pycparser?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.20-3.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-PyMySQL

Package

Name: python-PyMySQL
Purl: pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.10.1-2.module+el8.4.0+597+ddf0ddea

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-PyMySQL

Package

Name: python-PyMySQL
Purl: pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.10.1-2.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-pysocks

Package

Name: python-pysocks
Purl: pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.7.1-4.module+el8.4.0+570+c2eaf144

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-requests

Package

Name: python-requests
Purl: pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.25.0-2.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-toml

Package

Name: python-toml
Purl: pkg:rpm/rocky-linux/python-toml?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.10.1-5.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-urllib3

Package

Name: python-urllib3
Purl: pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.25.10-3.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-urllib3

Package

Name: python-urllib3
Purl: pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.25.10-4.module+el8.5.0+673+10283621

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-wheel

Package

Name: python-wheel
Purl: pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8-4-legacy&epoch=1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.35.1-3.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

python-wheel

Package

Name: python-wheel
Purl: pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8&epoch=1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.35.1-4.module+el8.5.0+673+10283621

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

PyYAML

Package

Name: PyYAML
Purl: pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:5.4.1-1.module+el8.5.0+672+ab6eb015

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

PyYAML

Package

Name: PyYAML
Purl: pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:5.4.1-1.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

scipy

Package

Name: scipy
Purl: pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.5.4-3.module+el8.5.0+673+10283621

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"

scipy

Package

Name: scipy
Purl: pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.5.4-3.module+el8.4.0+574+843c4898

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2022:8492.json"