MGASA-2021-0386

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0386.html

Import Source

https://advisories.mageia.org/MGASA-2021-0386.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0386

Related

CVE-2021-29921

Published

2021-07-27T20:21:53Z

Modified

2021-07-27T19:59:45Z

Summary

Updated python3 packages fix security vulnerabilities

Details

Update python3 to 3.8.11 to fix several security issues. Fixes in 3.8.10 are also included.

Bundled pip and setuptools were updated in 3.8.11 so python-pip needs to be updated to 21.1.3 and python-setuptools to 56.2.0 at the same time.

Also, we fix the following issue:

In Python before 3.9.5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses (CVE-2021-29921).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / python-pip

Package

Name: python-pip
Purl: pkg:rpm/mageia/python-pip?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

21.1.3-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / python-setuptools

Package

Name: python-setuptools
Purl: pkg:rpm/mageia/python-setuptools?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

56.2.0-1.mga8

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / python3

Package

Name: python3
Purl: pkg:rpm/mageia/python3?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.8.11-1.1.mga8

Ecosystem specific

{
    "section": "core"
}