RLSA-2019:3335

See a problem?
Please try reporting it to the source first.

Source

https://errata.rockylinux.org/RLSA-2019:3335

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2019:3335.json

JSON Data

https://api.osv.dev/v1/vulns/RLSA-2019:3335

Related

Published

2019-11-05T17:32:12Z

Modified

2023-02-02T12:57:41.816391Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Moderate: python27:2.7 security and bug fix update

Details

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing.

Security Fix(es):

numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution (CVE-2019-6446)
python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)
python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)
python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948)
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236)
python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.1 Release Notes linked from the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:8 / babel

Package

Name: babel
Purl: pkg:rpm/rocky-linux/babel?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.5.1-9.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / Cython

Package

Name: Cython
Purl: pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.28.1-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / Cython

Package

Name: Cython
Purl: pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.28.1-7.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / pytest

Package

Name: pytest
Purl: pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.4.2-13.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / pytest

Package

Name: pytest
Purl: pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.4.2-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python2-rpm-macros

Package

Name: python2-rpm-macros
Purl: pkg:rpm/rocky-linux/python2-rpm-macros?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3-38.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-attrs

Package

Name: python-attrs
Purl: pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:17.4.0-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-attrs

Package

Name: python-attrs
Purl: pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:17.4.0-10.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-chardet

Package

Name: python-chardet
Purl: pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.0.4-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-chardet

Package

Name: python-chardet
Purl: pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.0.4-10.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-coverage

Package

Name: python-coverage
Purl: pkg:rpm/rocky-linux/python-coverage?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.5.1-4.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-coverage

Package

Name: python-coverage
Purl: pkg:rpm/rocky-linux/python-coverage?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.5.1-4.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-dns

Package

Name: python-dns
Purl: pkg:rpm/rocky-linux/python-dns?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.0-10.module+el8.7.0+1062+663ba31c

Rocky Linux:8 / python-dns

Package

Name: python-dns
Purl: pkg:rpm/rocky-linux/python-dns?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.0-10.el8

Rocky Linux:8 / python-dns

Package

Name: python-dns
Purl: pkg:rpm/rocky-linux/python-dns?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.0-10.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-docs

Package

Name: python-docs
Purl: pkg:rpm/rocky-linux/python-docs?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.7.16-2.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-docutils

Package

Name: python-docutils
Purl: pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.14-12.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-docutils

Package

Name: python-docutils
Purl: pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.14-12.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-funcsigs

Package

Name: python-funcsigs
Purl: pkg:rpm/rocky-linux/python-funcsigs?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.0.2-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-idna

Package

Name: python-idna
Purl: pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.5-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-idna

Package

Name: python-idna
Purl: pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.5-7.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-ipaddress

Package

Name: python-ipaddress
Purl: pkg:rpm/rocky-linux/python-ipaddress?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.0.18-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-jinja2

Package

Name: python-jinja2
Purl: pkg:rpm/rocky-linux/python-jinja2?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.10-8.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-lxml

Package

Name: python-lxml
Purl: pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.2.3-3.el8

Rocky Linux:8 / python-markupsafe

Package

Name: python-markupsafe
Purl: pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.23-19.el8

Rocky Linux:8 / python-markupsafe

Package

Name: python-markupsafe
Purl: pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.23-19.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-mock

Package

Name: python-mock
Purl: pkg:rpm/rocky-linux/python-mock?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.0.0-13.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-nose

Package

Name: python-nose
Purl: pkg:rpm/rocky-linux/python-nose?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.3.7-30.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-pluggy

Package

Name: python-pluggy
Purl: pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.6.0-8.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-pluggy

Package

Name: python-pluggy
Purl: pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.6.0-8.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.7.5-7.el8

Rocky Linux:8 / python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.7.5-7.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-py

Package

Name: python-py
Purl: pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.5.3-6.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-py

Package

Name: python-py
Purl: pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.5.3-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-pygments

Package

Name: python-pygments
Purl: pkg:rpm/rocky-linux/python-pygments?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.2.0-20.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-pymongo

Package

Name: python-pymongo
Purl: pkg:rpm/rocky-linux/python-pymongo?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.6.1-11.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-PyMySQL

Package

Name: python-PyMySQL
Purl: pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.8.0-10.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-PyMySQL

Package

Name: python-PyMySQL
Purl: pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.8.0-10.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-pysocks

Package

Name: python-pysocks
Purl: pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.6.8-6.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / python-pysocks

Package

Name: python-pysocks
Purl: pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.6.8-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-pytest-mock

Package

Name: python-pytest-mock
Purl: pkg:rpm/rocky-linux/python-pytest-mock?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.9.0-4.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-setuptools_scm

Package

Name: python-setuptools_scm
Purl: pkg:rpm/rocky-linux/python-setuptools_scm?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.7-6.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / python-virtualenv

Package

Name: python-virtualenv
Purl: pkg:rpm/rocky-linux/python-virtualenv?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:15.1.0-19.module+el8.3.0+120+426d8baf

Rocky Linux:8 / python-wheel

Package

Name: python-wheel
Purl: pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8-4-legacy&epoch=1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.31.1-2.module+el8.3.0+120+426d8baf

Rocky Linux:8 / pytz

Package

Name: pytz
Purl: pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2017.2-12.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / pytz

Package

Name: pytz
Purl: pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2017.2-12.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / PyYAML

Package

Name: PyYAML
Purl: pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.12-16.module+el8.5.0+706+735ec4b3

Rocky Linux:8 / PyYAML

Package

Name: PyYAML
Purl: pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.12-16.module+el8.4.0+403+9ae17a31

Rocky Linux:8 / scipy

Package

Name: scipy
Purl: pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.0.0-20.module+el8.3.0+120+426d8baf