RLSA-2021:4151

See a problem?
Please try reporting it to the source first.

Source

https://errata.rockylinux.org/RLSA-2021:4151

Import Source

https://storage.googleapis.com/resf-osv-data/RLSA-2021:4151.json

JSON Data

https://api.test.osv.dev/v1/vulns/RLSA-2021:4151

Related

Published

2021-11-09T08:24:39Z

Modified

2023-02-02T13:28:24.145350Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Moderate: python27:2.7 security update

Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)
python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)
python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)
python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270)
python: Web cache poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a semicolon in query parameters (CVE-2021-23336)
python-pygments: ReDoS in multiple lexers (CVE-2021-27291)
python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:8

python-markupsafe

Package

Name: python-markupsafe
Purl: pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8-6-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.23-19.el8

python-markupsafe

Package

Name: python-markupsafe
Purl: pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.23-19.module+el8.5.0+706+735ec4b3

babel

Package

Name: babel
Purl: pkg:rpm/rocky-linux/babel?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.5.1-10.module+el8.5.0+706+735ec4b3

Cython

Package

Name: Cython
Purl: pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.28.1-7.module+el8.5.0+706+735ec4b3

Cython

Package

Name: Cython
Purl: pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.28.1-7.module+el8.4.0+403+9ae17a31

numpy

Package

Name: numpy
Purl: pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8&epoch=1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.14.2-16.module+el8.5.0+706+735ec4b3

numpy

Package

Name: numpy
Purl: pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8-4-legacy&epoch=1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.14.2-16.module+el8.4.0+403+9ae17a31

pytest

Package

Name: pytest
Purl: pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.4.2-13.module+el8.5.0+706+735ec4b3

pytest

Package

Name: pytest
Purl: pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.4.2-13.module+el8.4.0+403+9ae17a31

python2

Package

Name: python2
Purl: pkg:rpm/rocky-linux/python2?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1

python2-pip

Package

Name: python2-pip
Purl: pkg:rpm/rocky-linux/python2-pip?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:9.0.3-18.module+el8.4.0+403+9ae17a31

python2-rpm-macros

Package

Name: python2-rpm-macros
Purl: pkg:rpm/rocky-linux/python2-rpm-macros?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3-38.module+el8.4.0+403+9ae17a31

python2-setuptools

Package

Name: python2-setuptools
Purl: pkg:rpm/rocky-linux/python2-setuptools?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:39.0.1-13.module+el8.4.0+403+9ae17a31

python2-six

Package

Name: python2-six
Purl: pkg:rpm/rocky-linux/python2-six?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.11.0-6.module+el8.4.0+403+9ae17a31

python-attrs

Package

Name: python-attrs
Purl: pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:17.4.0-10.module+el8.5.0+706+735ec4b3

python-attrs

Package

Name: python-attrs
Purl: pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:17.4.0-10.module+el8.4.0+403+9ae17a31

python-backports

Package

Name: python-backports
Purl: pkg:rpm/rocky-linux/python-backports?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.0-16.module+el8.4.0+403+9ae17a31

python-backports-ssl_match_hostname

Package

Name: python-backports-ssl_match_hostname
Purl: pkg:rpm/rocky-linux/python-backports-ssl_match_hostname?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.5.0.1-12.module+el8.4.0+403+9ae17a31

python-chardet

Package

Name: python-chardet
Purl: pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.0.4-10.module+el8.5.0+706+735ec4b3

python-chardet

Package

Name: python-chardet
Purl: pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.0.4-10.module+el8.4.0+403+9ae17a31

python-coverage

Package

Name: python-coverage
Purl: pkg:rpm/rocky-linux/python-coverage?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.5.1-4.module+el8.5.0+706+735ec4b3

python-coverage

Package

Name: python-coverage
Purl: pkg:rpm/rocky-linux/python-coverage?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.5.1-4.module+el8.4.0+403+9ae17a31

python-dns

Package

Name: python-dns
Purl: pkg:rpm/rocky-linux/python-dns?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.0-10.module+el8.7.0+1062+663ba31c

python-dns

Package

Name: python-dns
Purl: pkg:rpm/rocky-linux/python-dns?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.0-10.el8

python-dns

Package

Name: python-dns
Purl: pkg:rpm/rocky-linux/python-dns?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.0-10.module+el8.4.0+403+9ae17a31

python-docs

Package

Name: python-docs
Purl: pkg:rpm/rocky-linux/python-docs?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.7.16-2.module+el8.4.0+403+9ae17a31

python-docutils

Package

Name: python-docutils
Purl: pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.14-12.module+el8.4.0+403+9ae17a31

python-docutils

Package

Name: python-docutils
Purl: pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.14-12.module+el8.3.0+120+426d8baf

python-funcsigs

Package

Name: python-funcsigs
Purl: pkg:rpm/rocky-linux/python-funcsigs?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.0.2-13.module+el8.4.0+403+9ae17a31

python-idna

Package

Name: python-idna
Purl: pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.5-7.module+el8.5.0+706+735ec4b3

python-idna

Package

Name: python-idna
Purl: pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.5-7.module+el8.4.0+403+9ae17a31

python-ipaddress

Package

Name: python-ipaddress
Purl: pkg:rpm/rocky-linux/python-ipaddress?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.0.18-6.module+el8.4.0+403+9ae17a31

python-jinja2

Package

Name: python-jinja2
Purl: pkg:rpm/rocky-linux/python-jinja2?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.10-9.module+el8.7.0+1062+663ba31c

python-jinja2

Package

Name: python-jinja2
Purl: pkg:rpm/rocky-linux/python-jinja2?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.10-9.module+el8.5.0+706+735ec4b3

python-lxml

Package

Name: python-lxml
Purl: pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8-5-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:4.2.3-5.module+el8.5.0+706+735ec4b3

python-mock

Package

Name: python-mock
Purl: pkg:rpm/rocky-linux/python-mock?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.0.0-13.module+el8.4.0+403+9ae17a31

python-nose

Package

Name: python-nose
Purl: pkg:rpm/rocky-linux/python-nose?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.3.7-31.module+el8.5.0+671+195e4563

python-pluggy

Package

Name: python-pluggy
Purl: pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.6.0-8.module+el8.5.0+706+735ec4b3

python-pluggy

Package

Name: python-pluggy
Purl: pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.6.0-8.module+el8.4.0+403+9ae17a31

python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.7.5-7.el8

python-psycopg2

Package

Name: python-psycopg2
Purl: pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.7.5-7.module+el8.5.0+706+735ec4b3

python-py

Package

Name: python-py
Purl: pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.5.3-6.module+el8.5.0+706+735ec4b3

python-py

Package

Name: python-py
Purl: pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.5.3-6.module+el8.4.0+403+9ae17a31

python-pygments

Package

Name: python-pygments
Purl: pkg:rpm/rocky-linux/python-pygments?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.2.0-22.module+el8.5.0+671+195e4563

python-pymongo

Package

Name: python-pymongo
Purl: pkg:rpm/rocky-linux/python-pymongo?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.7.0-1.module+el8.5.0+671+195e4563

python-pymongo

Package

Name: python-pymongo
Purl: pkg:rpm/rocky-linux/python-pymongo?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.7.0-1.module+el8.4.0+597+ddf0ddea

python-PyMySQL

Package

Name: python-PyMySQL
Purl: pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.8.0-10.module+el8.5.0+706+735ec4b3

python-PyMySQL

Package

Name: python-PyMySQL
Purl: pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:0.8.0-10.module+el8.3.0+120+426d8baf

python-pysocks

Package

Name: python-pysocks
Purl: pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.6.8-6.module+el8.5.0+706+735ec4b3

python-pysocks

Package

Name: python-pysocks
Purl: pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.6.8-6.module+el8.4.0+403+9ae17a31

python-pytest-mock

Package

Name: python-pytest-mock
Purl: pkg:rpm/rocky-linux/python-pytest-mock?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.9.0-4.module+el8.4.0+403+9ae17a31

python-requests

Package

Name: python-requests
Purl: pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.20.0-3.module+el8.5.0+706+735ec4b3

python-requests

Package

Name: python-requests
Purl: pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2.20.0-3.module+el8.4.0+403+9ae17a31

python-setuptools_scm

Package

Name: python-setuptools_scm
Purl: pkg:rpm/rocky-linux/python-setuptools_scm?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.15.7-6.module+el8.4.0+403+9ae17a31

python-sqlalchemy

Package

Name: python-sqlalchemy
Purl: pkg:rpm/rocky-linux/python-sqlalchemy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.3.2-2.module+el8.4.0+403+9ae17a31

python-sqlalchemy

Package

Name: python-sqlalchemy
Purl: pkg:rpm/rocky-linux/python-sqlalchemy?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.3.2-2.module+el8.3.0+120+426d8baf

python-urllib3

Package

Name: python-urllib3
Purl: pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.24.2-3.module+el8.5.0+706+735ec4b3

python-urllib3

Package

Name: python-urllib3
Purl: pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.24.2-3.module+el8.4.0+403+9ae17a31

python-virtualenv

Package

Name: python-virtualenv
Purl: pkg:rpm/rocky-linux/python-virtualenv?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:15.1.0-21.module+el8.5.0+671+195e4563

python-wheel

Package

Name: python-wheel
Purl: pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8&epoch=1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.31.1-3.module+el8.5.0+671+195e4563

pytz

Package

Name: pytz
Purl: pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2017.2-12.module+el8.5.0+706+735ec4b3

pytz

Package

Name: pytz
Purl: pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:2017.2-12.module+el8.4.0+403+9ae17a31

PyYAML

Package

Name: PyYAML
Purl: pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.12-16.module+el8.5.0+706+735ec4b3

PyYAML

Package

Name: PyYAML
Purl: pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:3.12-16.module+el8.4.0+403+9ae17a31

scipy

Package

Name: scipy
Purl: pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0:1.0.0-21.module+el8.5.0+671+195e4563