ALSA-2021:4160

See a problem?
Please try reporting it to the source first.

Source

https://errata.almalinux.org/8/ALSA-2021-4160.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4160.json

JSON Data

https://api.test.osv.dev/v1/vulns/ALSA-2021:4160

Related

Published

2021-11-09T08:26:25Z

Modified

2021-11-09T12:46:25Z

Summary

Moderate: python39:3.9 and python39-devel:3.9 security update

Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

python: Information disclosure via pydoc (CVE-2021-3426)
python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733)
python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)
python-ipaddress: Improper input validation of octal strings (CVE-2021-29921)
python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503)
python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572)
python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

Affected packages

AlmaLinux:8

python39-Cython

Package

Name: python39-Cython
Purl: pkg:rpm/almalinux/python39-Cython

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.29.21-5.module_el8.6.0+2780+a40f65e1

python39-PyMySQL

Package

Name: python39-PyMySQL
Purl: pkg:rpm/almalinux/python39-PyMySQL

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.1-2.module_el8.6.0+2780+a40f65e1

python39-attrs

Package

Name: python39-attrs
Purl: pkg:rpm/almalinux/python39-attrs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.3.0-2.module_el8.6.0+2780+a40f65e1

python39-cffi

Package

Name: python39-cffi
Purl: pkg:rpm/almalinux/python39-cffi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.14.3-2.module_el8.6.0+2780+a40f65e1

python39-chardet

Package

Name: python39-chardet
Purl: pkg:rpm/almalinux/python39-chardet

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.4-19.module_el8.6.0+2780+a40f65e1

python39-cryptography

Package

Name: python39-cryptography
Purl: pkg:rpm/almalinux/python39-cryptography

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.1-2.module_el8.6.0+2780+a40f65e1

python39-idna

Package

Name: python39-idna
Purl: pkg:rpm/almalinux/python39-idna

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10-3.module_el8.6.0+2780+a40f65e1

python39-iniconfig

Package

Name: python39-iniconfig
Purl: pkg:rpm/almalinux/python39-iniconfig

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1-2.module_el8.6.0+2780+a40f65e1

python39-mod_wsgi

Package

Name: python39-mod_wsgi
Purl: pkg:rpm/almalinux/python39-mod_wsgi

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.7.1-4.module_el8.6.0+2780+a40f65e1

python39-more-itertools

Package

Name: python39-more-itertools
Purl: pkg:rpm/almalinux/python39-more-itertools

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.5.0-2.module_el8.6.0+2780+a40f65e1

python39-numpy

Package

Name: python39-numpy
Purl: pkg:rpm/almalinux/python39-numpy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.19.4-3.module_el8.6.0+2780+a40f65e1

python39-numpy-doc

Package

Name: python39-numpy-doc
Purl: pkg:rpm/almalinux/python39-numpy-doc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.19.4-3.module_el8.6.0+2780+a40f65e1

python39-numpy-f2py

Package

Name: python39-numpy-f2py
Purl: pkg:rpm/almalinux/python39-numpy-f2py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.19.4-3.module_el8.6.0+2780+a40f65e1

python39-packaging

Package

Name: python39-packaging
Purl: pkg:rpm/almalinux/python39-packaging

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.4-4.module_el8.6.0+2780+a40f65e1

python39-pluggy

Package

Name: python39-pluggy
Purl: pkg:rpm/almalinux/python39-pluggy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.13.1-3.module_el8.6.0+2780+a40f65e1

python39-ply

Package

Name: python39-ply
Purl: pkg:rpm/almalinux/python39-ply

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11-10.module_el8.6.0+2780+a40f65e1

python39-psutil

Package

Name: python39-psutil
Purl: pkg:rpm/almalinux/python39-psutil

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.8.0-4.module_el8.6.0+2780+a40f65e1

python39-psycopg2

Package

Name: python39-psycopg2
Purl: pkg:rpm/almalinux/python39-psycopg2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.6-2.module_el8.6.0+2780+a40f65e1

python39-psycopg2-doc

Package

Name: python39-psycopg2-doc
Purl: pkg:rpm/almalinux/python39-psycopg2-doc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.6-2.module_el8.6.0+2780+a40f65e1

python39-psycopg2-tests

Package

Name: python39-psycopg2-tests
Purl: pkg:rpm/almalinux/python39-psycopg2-tests

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.6-2.module_el8.6.0+2780+a40f65e1

python39-py

Package

Name: python39-py
Purl: pkg:rpm/almalinux/python39-py

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.0-1.module_el8.6.0+2780+a40f65e1

python39-pycparser

Package

Name: python39-pycparser
Purl: pkg:rpm/almalinux/python39-pycparser

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.20-3.module_el8.6.0+2780+a40f65e1

python39-pyparsing

Package

Name: python39-pyparsing
Purl: pkg:rpm/almalinux/python39-pyparsing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.7-5.module_el8.6.0+2780+a40f65e1

python39-pysocks

Package

Name: python39-pysocks
Purl: pkg:rpm/almalinux/python39-pysocks

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.1-4.module_el8.6.0+2780+a40f65e1

python39-pytest

Package

Name: python39-pytest
Purl: pkg:rpm/almalinux/python39-pytest

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.2-2.module_el8.6.0+2780+a40f65e1

python39-pyyaml

Package

Name: python39-pyyaml
Purl: pkg:rpm/almalinux/python39-pyyaml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.4.1-1.module_el8.6.0+2780+a40f65e1

python39-requests

Package

Name: python39-requests
Purl: pkg:rpm/almalinux/python39-requests

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.25.0-2.module_el8.6.0+2780+a40f65e1

python39-scipy

Package

Name: python39-scipy
Purl: pkg:rpm/almalinux/python39-scipy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-3.module_el8.6.0+2780+a40f65e1

python39-setuptools

Package

Name: python39-setuptools
Purl: pkg:rpm/almalinux/python39-setuptools

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

50.3.2-4.module_el8.6.0+2780+a40f65e1

python39-setuptools-wheel

Package

Name: python39-setuptools-wheel
Purl: pkg:rpm/almalinux/python39-setuptools-wheel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

50.3.2-4.module_el8.6.0+2780+a40f65e1

python39-six

Package

Name: python39-six
Purl: pkg:rpm/almalinux/python39-six

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.15.0-3.module_el8.6.0+2780+a40f65e1

python39-toml

Package

Name: python39-toml
Purl: pkg:rpm/almalinux/python39-toml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.1-5.module_el8.6.0+2780+a40f65e1

python39-urllib3

Package

Name: python39-urllib3
Purl: pkg:rpm/almalinux/python39-urllib3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.10-4.module_el8.6.0+2780+a40f65e1

python39-wcwidth

Package

Name: python39-wcwidth
Purl: pkg:rpm/almalinux/python39-wcwidth

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.5-3.module_el8.6.0+2780+a40f65e1

python39-wheel

Package

Name: python39-wheel
Purl: pkg:rpm/almalinux/python39-wheel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.35.1-4.module_el8.6.0+2780+a40f65e1

python39-wheel-wheel

Package

Name: python39-wheel-wheel
Purl: pkg:rpm/almalinux/python39-wheel-wheel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.35.1-4.module_el8.6.0+2780+a40f65e1