Red Hat Enterprise Linux 8: Security Update for Python27 RHSA-2019-3335-01
Nov 05, 2019
•
LinuxSecurity Advisories
12 - 23 min read
An update for the python27:2.7 module is now available for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256
==================================================================== Red Hat Security Advisory
Synopsis: Moderate: python27:2.7 security and bug fix update
Advisory ID: RHSA-2019:3335-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3335
Issue date: 2019-11-05
CVE Names: CVE-2019-6446 CVE-2019-9740 CVE-2019-9947
CVE-2019-9948 CVE-2019-11236 CVE-2019-11324
====================================================================
1. Summary:
An update for the python27:2.7 module is now available for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
Python is an interpreted, interactive, object-oriented programming language
that supports modules, classes, exceptions, high-level dynamic data types,
and dynamic typing.
Security Fix(es):
* numpy: crafted serialized object passed in numpy.load() in pickle python
module allows arbitrary code execution (CVE-2019-6446)
* python: CRLF injection via the query part of the url passed to urlopen()
(CVE-2019-9740)
* python: CRLF injection via the path part of the url passed to urlopen()
(CVE-2019-9947)
* python: Undocumented local_file protocol allows remote attackers to
bypass protection mechanisms (CVE-2019-9948)
* python-urllib3: CRLF injection due to not encoding the '
' sequence
leading to possible attack on internal service (CVE-2019-11236)
* python-urllib3: Certification mishandle when error should be thrown
(CVE-2019-11324)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.1 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1667950 - CVE-2019-6446 numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution
1680967 - Rebase python2 to 2.7.16 for compatibility with OpenSSL 1.1.1 and TLS 1.3
1688169 - CVE-2019-9740 python: CRLF injection via the query part of the url passed to urlopen()
1695570 - CVE-2019-9948 python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
1695572 - CVE-2019-9947 python: CRLF injection via the path part of the url passed to urlopen()
1700824 - CVE-2019-11236 python-urllib3: CRLF injection due to not encoding the '
' sequence leading to possible attack on internal service
1700993 - python27 module: Include missing debuginfo files caused by an MBS bug
1702473 - CVE-2019-11324 python-urllib3: Certification mishandle when error should be thrown
1709599 - installing python2-scipy doesn't properly pull in python2-six as a dependency
1718398 - Use RPM built wheels of setuptools and pip in Python's ensurepip
1734126 - With FIPS enabled python2 able to load non-compliant md5 crypto modules
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.src.rpm
PyYAML-3.12-16.module+el8.1.0+3111+de3f2d8e.src.rpm
babel-2.5.1-9.module+el8.1.0+3111+de3f2d8e.src.rpm
numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.src.rpm
pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.src.rpm
python-backports-ssl_match_hostname-3.5.0.1-11.module+el8.1.0+3111+de3f2d8e.src.rpm
python-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.src.rpm
python-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.src.rpm
python-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm
python-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-jinja2-2.10-8.module+el8.1.0+3111+de3f2d8e.src.rpm
python-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.src.rpm
python-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.src.rpm
python-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-nose-1.3.7-30.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.src.rpm
python-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm
python-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pygments-2.2.0-20.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.src.rpm
python-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.src.rpm
python-requests-2.20.0-2.module+el8.1.0+3111+de3f2d8e.src.rpm
python-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-six-1.11.0-5.module+el8.1.0+3111+de3f2d8e.src.rpm
python-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.src.rpm
python-urllib3-1.24.2-1.module+el8.1.0+3280+19512f10.src.rpm
python-virtualenv-15.1.0-19.module+el8.1.0+3507+d69c168d.src.rpm
python-wheel-0.31.1-2.module+el8.1.0+3725+aac5cd17.src.rpm
python2-2.7.16-12.module+el8.1.0+4148+33a50073.src.rpm
python2-pip-9.0.3-14.module+el8.1.0+3446+c3d52da3.src.rpm
python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.src.rpm
python2-setuptools-39.0.1-11.module+el8.1.0+3446+c3d52da3.src.rpm
pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.src.rpm
scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.src.rpm
aarch64:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-2.7.16-12.module+el8.1.0+4148+33a50073.aarch64.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-debug-2.7.16-12.module+el8.1.0+4148+33a50073.aarch64.rpm
python2-debuginfo-2.7.16-12.module+el8.1.0+4148+33a50073.aarch64.rpm
python2-debugsource-2.7.16-12.module+el8.1.0+4148+33a50073.aarch64.rpm
python2-devel-2.7.16-12.module+el8.1.0+4148+33a50073.aarch64.rpm
python2-libs-2.7.16-12.module+el8.1.0+4148+33a50073.aarch64.rpm
python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.aarch64.rpm
python2-test-2.7.16-12.module+el8.1.0+4148+33a50073.aarch64.rpm
python2-tkinter-2.7.16-12.module+el8.1.0+4148+33a50073.aarch64.rpm
python2-tools-2.7.16-12.module+el8.1.0+4148+33a50073.aarch64.rpm
scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
noarch:
babel-2.5.1-9.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python-nose-docs-1.3.7-30.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python-sqlalchemy-doc-1.3.2-1.module+el8.1.0+2994+98e054d6.noarch.rpm
python2-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-babel-2.5.1-9.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-backports-ssl_match_hostname-3.5.0.1-11.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docs-info-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-jinja2-2.10-8.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-nose-1.3.7-30.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-numpy-doc-1.14.2-13.module+el8.1.0+3323+7ac3e00f.noarch.rpm
python2-pip-9.0.3-14.module+el8.1.0+3446+c3d52da3.noarch.rpm
python2-pip-wheel-9.0.3-14.module+el8.1.0+3446+c3d52da3.noarch.rpm
python2-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pygments-2.2.0-20.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-requests-2.20.0-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-setuptools-39.0.1-11.module+el8.1.0+3446+c3d52da3.noarch.rpm
python2-setuptools-wheel-39.0.1-11.module+el8.1.0+3446+c3d52da3.noarch.rpm
python2-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-six-1.11.0-5.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-urllib3-1.24.2-1.module+el8.1.0+3280+19512f10.noarch.rpm
python2-virtualenv-15.1.0-19.module+el8.1.0+3507+d69c168d.noarch.rpm
python2-wheel-0.31.1-2.module+el8.1.0+3725+aac5cd17.noarch.rpm
python2-wheel-wheel-0.31.1-2.module+el8.1.0+3725+aac5cd17.noarch.rpm
ppc64le:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-2.7.16-12.module+el8.1.0+4148+33a50073.ppc64le.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-debug-2.7.16-12.module+el8.1.0+4148+33a50073.ppc64le.rpm
python2-debuginfo-2.7.16-12.module+el8.1.0+4148+33a50073.ppc64le.rpm
python2-debugsource-2.7.16-12.module+el8.1.0+4148+33a50073.ppc64le.rpm
python2-devel-2.7.16-12.module+el8.1.0+4148+33a50073.ppc64le.rpm
python2-libs-2.7.16-12.module+el8.1.0+4148+33a50073.ppc64le.rpm
python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.ppc64le.rpm
python2-test-2.7.16-12.module+el8.1.0+4148+33a50073.ppc64le.rpm
python2-tkinter-2.7.16-12.module+el8.1.0+4148+33a50073.ppc64le.rpm
python2-tools-2.7.16-12.module+el8.1.0+4148+33a50073.ppc64le.rpm
scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
s390x:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-2.7.16-12.module+el8.1.0+4148+33a50073.s390x.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-debug-2.7.16-12.module+el8.1.0+4148+33a50073.s390x.rpm
python2-debuginfo-2.7.16-12.module+el8.1.0+4148+33a50073.s390x.rpm
python2-debugsource-2.7.16-12.module+el8.1.0+4148+33a50073.s390x.rpm
python2-devel-2.7.16-12.module+el8.1.0+4148+33a50073.s390x.rpm
python2-libs-2.7.16-12.module+el8.1.0+4148+33a50073.s390x.rpm
python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.s390x.rpm
python2-test-2.7.16-12.module+el8.1.0+4148+33a50073.s390x.rpm
python2-tkinter-2.7.16-12.module+el8.1.0+4148+33a50073.s390x.rpm
python2-tools-2.7.16-12.module+el8.1.0+4148+33a50073.s390x.rpm
scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.s390x.rpm
x86_64:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-2.7.16-12.module+el8.1.0+4148+33a50073.x86_64.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-debug-2.7.16-12.module+el8.1.0+4148+33a50073.x86_64.rpm
python2-debuginfo-2.7.16-12.module+el8.1.0+4148+33a50073.x86_64.rpm
python2-debugsource-2.7.16-12.module+el8.1.0+4148+33a50073.x86_64.rpm
python2-devel-2.7.16-12.module+el8.1.0+4148+33a50073.x86_64.rpm
python2-libs-2.7.16-12.module+el8.1.0+4148+33a50073.x86_64.rpm
python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.x86_64.rpm
python2-test-2.7.16-12.module+el8.1.0+4148+33a50073.x86_64.rpm
python2-tkinter-2.7.16-12.module+el8.1.0+4148+33a50073.x86_64.rpm
python2-tools-2.7.16-12.module+el8.1.0+4148+33a50073.x86_64.rpm
scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-6446
https://access.redhat.com/security/cve/CVE-2019-9740
https://access.redhat.com/security/cve/CVE-2019-9947
https://access.redhat.com/security/cve/CVE-2019-9948
https://access.redhat.com/security/cve/CVE-2019-11236
https://access.redhat.com/security/cve/CVE-2019-11324
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----Version: GnuPG v1
iQIVAwUBXcHqYNzjgjWX9erEAQjqVQ//eVPnSj86t37yOzmk8Q+zmErqoR3R9g+G
Jjd1SQRf2RuFVZgfW30w09YziSu1BL6T4u3IbnPy1Vf3HXB+p3cKToKL78ADAvQQ
W3y28dhhRkoeJ+2PzvlU7nh2priH0aB3a1JEzTL3vPBVWs4LxZx83lzbnaI6djQt
8NYm+ONGZ0DB142dni5Yf+J9mSGtt+hs8U53Jf8Ld7NnTOHwFMZ7ReZm0mp2Euhy
doA45nYglYEXct0V9FtOIYdr2IcReJvMb5KLnA8zp8a4qVCDdNexVluuUnKyhFIU
JtIdTcM91SEidaRAnJo2PF2eo03LhiPI0DCB+7uFRT3FL/bL/5QVLN3Mjc0ShYmr
41DFyN1z4drRTbhSbYKEYFBvF3OhEGhONKSz3HfwAXxvqt/VwAtuttDTDOYOmMq+
mE6yf52VARrLha7vAj4eluIlFCoFHIPmBOUn64JadBOCX0XZjUaTqBVA+YUG36FO
rTPnBJUiNZrZP8mynmg7Zr784p/05p3MrItSQzQdRiSYrmrjLmeNb/+duUYG+qq2
fP6p5qKS8I8KIktwehuouYKz+xuiTfwi0FIJk9pmZDZ1PPrXjhmliWnpiByObSsh
F/tR/7Kj8F4KthbE52cdJDlMNtdugOWCNCLOE18A1lWOxDsdBUTqye9Ujx/1CSce
GfoCbE/AXsk=aAqO
-----END PGP SIGNATURE-------RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
PREVIOUS
NEXT
Red Hat Enterprise Linux 8: Security Update for Python27 RHSA-2019-3335-01
red hat
November 5, 2019
An update for the python27:2.7 module is now available for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
Python is an interpreted, interactive, object-oriented programming language
that supports modules, classes, exceptions, high-level dynamic data types,
and dynamic typing.
Security Fix(es):
* numpy: crafted serialized object passed in numpy.load() in pickle python
module allows arbitrary code execution (CVE-2019-6446)
* python: CRLF injection via the query part of the url passed to urlopen()
(CVE-2019-9740)
* python: CRLF injection via the path part of the url passed to urlopen()
(CVE-2019-9947)
* python: Undocumented local_file protocol allows remote attackers to
bypass protection mechanisms (CVE-2019-9948)
* python-urllib3: CRLF injection due to not encoding the '
' sequence
leading to possible attack on internal service (CVE-2019-11236)
* python-urllib3: Certification mishandle when error should be thrown
(CVE-2019-11324)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.1 Release Notes linked from the References section.
References
https://access.redhat.com/security/cve/CVE-2019-6446 https://access.redhat.com/security/cve/CVE-2019-9740 https://access.redhat.com/security/cve/CVE-2019-9947 https://access.redhat.com/security/cve/CVE-2019-9948 https://access.redhat.com/security/cve/CVE-2019-11236 https://access.redhat.com/security/cve/CVE-2019-11324 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.src.rpm
PyYAML-3.12-16.module+el8.1.0+3111+de3f2d8e.src.rpm
babel-2.5.1-9.module+el8.1.0+3111+de3f2d8e.src.rpm
numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.src.rpm
pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.src.rpm
python-backports-ssl_match_hostname-3.5.0.1-11.module+el8.1.0+3111+de3f2d8e.src.rpm
python-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.src.rpm
python-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.src.rpm
python-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm
python-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-jinja2-2.10-8.module+el8.1.0+3111+de3f2d8e.src.rpm
python-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.src.rpm
python-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.src.rpm
Read the Full Advisory
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2019:3335-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:3335
Issue date: 2019-11-05
Topic
An update for the python27:2.7 module is now available for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
1667950 - CVE-2019-6446 numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution
1680967 - Rebase python2 to 2.7.16 for compatibility with OpenSSL 1.1.1 and TLS 1.3
1688169 - CVE-2019-9740 python: CRLF injection via the query part of the url passed to urlopen()
1695570 - CVE-2019-9948 python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
1695572 - CVE-2019-9947 python: CRLF injection via the path part of the url passed to urlopen()
1700824 - CVE-2019-11236 python-urllib3: CRLF injection due to not encoding the '
' sequence leading to possible attack on internal service
1700993 - python27 module: Include missing debuginfo files caused by an MBS bug
1702473 - CVE-2019-11324 python-urllib3: Certification mishandle when error should be thrown
1709599 - installing python2-scipy doesn't properly pull in python2-six as a dependency
1718398 - Use RPM built wheels of setuptools and pip in Python's ensurepip
1734126 - With FIPS enabled python2 able to load non-compliant md5 crypto modules
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!