RLSA-2020:4641

Source
https://errata.rockylinux.org/RLSA-2020:4641
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2020:4641.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2020:4641
Related
Published
2020-11-03T12:23:02Z
Modified
2023-02-02T13:08:27.832673Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Moderate: python38:3.8 security, bug fix, and enhancement update
Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

The following packages have been upgraded to a later upstream version: python38 (3.8.3). (BZ#1847416)

Security Fix(es):

  • PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477)

  • python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)

  • PyYAML: arbitrary command execution through python/object/new when FullLoader is used (CVE-2020-1747)

  • python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS (CVE-2020-8492)

  • python: DoS via inefficiency in IPv{4,6}Interface classes (CVE-2020-14422)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / babel

Package

Name
babel
Purl
pkg:rpm/rocky-linux/babel?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.7.0-10.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / Cython

Package

Name
Cython
Purl
pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.29.14-4.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / mod_wsgi

Package

Name
mod_wsgi
Purl
pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.6.8-3.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / numpy

Package

Name
numpy
Purl
pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.17.3-5.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python3x-pip

Package

Name
python3x-pip
Purl
pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:19.3.1-1.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python3x-setuptools

Package

Name
python3x-setuptools
Purl
pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:41.6.0-4.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-asn1crypto

Package

Name
python-asn1crypto
Purl
pkg:rpm/rocky-linux/python-asn1crypto?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.2.0-3.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-cffi

Package

Name
python-cffi
Purl
pkg:rpm/rocky-linux/python-cffi?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.13.2-3.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-chardet

Package

Name
python-chardet
Purl
pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:3.0.4-19.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-cryptography

Package

Name
python-cryptography
Purl
pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8-3.module+el8.5.0+672+ab6eb015

Rocky Linux:8 / python-cryptography

Package

Name
python-cryptography
Purl
pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8-3.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-idna

Package

Name
python-idna
Purl
pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8-6.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-jinja2

Package

Name
python-jinja2
Purl
pkg:rpm/rocky-linux/python-jinja2?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.10.3-4.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-markupsafe

Package

Name
python-markupsafe
Purl
pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.1.1-6.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-psutil

Package

Name
python-psutil
Purl
pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.6.4-3.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-psycopg2

Package

Name
python-psycopg2
Purl
pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8.4-4.module+el8.6.0+794+eba84017

Rocky Linux:8 / python-psycopg2

Package

Name
python-psycopg2
Purl
pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.8.4-4.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-pycparser

Package

Name
python-pycparser
Purl
pkg:rpm/rocky-linux/python-pycparser?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.19-3.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-pysocks

Package

Name
python-pysocks
Purl
pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.7.1-4.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-requests

Package

Name
python-requests
Purl
pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.22.0-9.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-urllib3

Package

Name
python-urllib3
Purl
pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.25.7-4.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / python-wheel

Package

Name
python-wheel
Purl
pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.33.6-5.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / pytz

Package

Name
pytz
Purl
pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2019.3-3.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / PyYAML

Package

Name
PyYAML
Purl
pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.3.1-1.module+el8.4.0+570+c2eaf144

Rocky Linux:8 / scipy

Package

Name
scipy
Purl
pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.3.1-4.module+el8.5.0+672+ab6eb015

Rocky Linux:8 / scipy

Package

Name
scipy
Purl
pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.3.1-4.module+el8.4.0+570+c2eaf144