RLSA-2020:4641

Source
https://errata.rockylinux.org/RLSA-2020:4641
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2020:4641.json
JSON Data
https://api.test.osv.dev/v1/vulns/RLSA-2020:4641
Related
Published
2020-11-03T12:23:02Z
Modified
2023-02-02T13:08:27.832673Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Moderate: python38:3.8 security, bug fix, and enhancement update
Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

The following packages have been upgraded to a later upstream version: python38 (3.8.3). (BZ#1847416)

Security Fix(es):

  • PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477)

  • python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)

  • PyYAML: arbitrary command execution through python/object/new when FullLoader is used (CVE-2020-1747)

  • python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS (CVE-2020-8492)

  • python: DoS via inefficiency in IPv{4,6}Interface classes (CVE-2020-14422)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8

babel

Package

Name
babel
Purl
pkg:rpm/rocky-linux/babel?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.7.0-10.module+el8.4.0+570+c2eaf144

Cython

Package

Name
Cython
Purl
pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.29.14-4.module+el8.4.0+570+c2eaf144

mod_wsgi

Package

Name
mod_wsgi
Purl
pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.6.8-3.module+el8.4.0+570+c2eaf144

numpy

Package

Name
numpy
Purl
pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.17.3-5.module+el8.4.0+570+c2eaf144

python3x-pip

Package

Name
python3x-pip
Purl
pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:19.3.1-1.module+el8.4.0+570+c2eaf144

python3x-setuptools

Package

Name
python3x-setuptools
Purl
pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:41.6.0-4.module+el8.4.0+570+c2eaf144

python-asn1crypto

Package

Name
python-asn1crypto
Purl
pkg:rpm/rocky-linux/python-asn1crypto?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.2.0-3.module+el8.4.0+570+c2eaf144

python-cffi

Package

Name
python-cffi
Purl
pkg:rpm/rocky-linux/python-cffi?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.13.2-3.module+el8.4.0+570+c2eaf144

python-chardet

Package

Name
python-chardet
Purl
pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.0.4-19.module+el8.4.0+570+c2eaf144

python-cryptography

Package

Name
python-cryptography
Purl
pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8-3.module+el8.5.0+672+ab6eb015

python-cryptography

Package

Name
python-cryptography
Purl
pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8-3.module+el8.4.0+570+c2eaf144

python-idna

Package

Name
python-idna
Purl
pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8-6.module+el8.4.0+570+c2eaf144

python-jinja2

Package

Name
python-jinja2
Purl
pkg:rpm/rocky-linux/python-jinja2?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.10.3-4.module+el8.4.0+570+c2eaf144

python-markupsafe

Package

Name
python-markupsafe
Purl
pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.1.1-6.module+el8.4.0+570+c2eaf144

python-psutil

Package

Name
python-psutil
Purl
pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.6.4-3.module+el8.4.0+570+c2eaf144

python-psycopg2

Package

Name
python-psycopg2
Purl
pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8.4-4.module+el8.6.0+794+eba84017

python-psycopg2

Package

Name
python-psycopg2
Purl
pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8.4-4.module+el8.4.0+570+c2eaf144

python-pycparser

Package

Name
python-pycparser
Purl
pkg:rpm/rocky-linux/python-pycparser?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.19-3.module+el8.4.0+570+c2eaf144

python-pysocks

Package

Name
python-pysocks
Purl
pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.7.1-4.module+el8.4.0+570+c2eaf144

python-requests

Package

Name
python-requests
Purl
pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.22.0-9.module+el8.4.0+570+c2eaf144

python-urllib3

Package

Name
python-urllib3
Purl
pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.25.7-4.module+el8.4.0+570+c2eaf144

python-wheel

Package

Name
python-wheel
Purl
pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.33.6-5.module+el8.4.0+570+c2eaf144

pytz

Package

Name
pytz
Purl
pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2019.3-3.module+el8.4.0+570+c2eaf144

PyYAML

Package

Name
PyYAML
Purl
pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.3.1-1.module+el8.4.0+570+c2eaf144

scipy

Package

Name
scipy
Purl
pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.3.1-4.module+el8.5.0+672+ab6eb015

scipy

Package

Name
scipy
Purl
pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.3.1-4.module+el8.4.0+570+c2eaf144