Red Hat Enterprise Linux 8 python27 Moderate Advisory RHSA-2020:1605-01
Apr 28, 2020
•
LinuxSecurity Advisories
12 - 23 min read
An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
==================================================================== Red Hat Security Advisory
Synopsis: Moderate: python27:2.7 security, bug fix, and enhancement update
Advisory ID: RHSA-2020:1605-01
Product: Red Hat Enterprise Linux
Advisory URL:
Issue date: 2020-04-28
CVE Names: CVE-2018-18074 CVE-2018-20060 CVE-2018-20852
CVE-2019-11236 CVE-2019-11324 CVE-2019-16056
====================================================================
1. Summary:
An update for the python27:2.7 module is now available for Red Hat
Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
Python is an interpreted, interactive, object-oriented programming language
that supports modules, classes, exceptions, high-level dynamic data types,
and dynamic typing. The python27 packages provide a stable release of
Python 2.7 with a number of additional utilities and database connectorsfor MySQL and PostgreSQL.
The following packages have been upgraded to a later upstream version:
python2 (2.7.17). (BZ#1759944)
Security Fix(es):
* python-urllib3: Cross-host redirect does not remove Authorization header
allow for credential exposure (CVE-2018-20060)
* python: Cookie domain check returns incorrect results (CVE-2018-20852)
* python-urllib3: CRLF injection due to not encoding the '
' sequence
leading to possible attack on internal service (CVE-2019-11236)
* python-urllib3: Certification mishandle when error should be thrown
(CVE-2019-11324)
* python: email.utils.parseaddr wrongly parses email addresses
(CVE-2019-16056)
* python-requests: Redirect from HTTPS to HTTP does not remove
Authorization header (CVE-2018-18074)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.2 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1643829 - CVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does not remove Authorization header
1649153 - CVE-2018-20060 python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure
1659551 - python-virtualenv bundles pip and pip is using bundled requests and a bundled root certificate
1700824 - CVE-2019-11236 python-urllib3: CRLF injection due to not encoding the '
' sequence leading to possible attack on internal service
1702473 - CVE-2019-11324 python-urllib3: Certification mishandle when error should be thrown
1740347 - CVE-2018-20852 python: Cookie domain check returns incorrect results
1749839 - CVE-2019-16056 python: email.utils.parseaddr wrongly parses email addresses
1762422 - The fix CVE-2018-18074 leads to a regression
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.src.rpm
PyYAML-3.12-16.module+el8.1.0+3111+de3f2d8e.src.rpm
babel-2.5.1-9.module+el8.1.0+3111+de3f2d8e.src.rpm
numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.src.rpm
pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.src.rpm
python-backports-ssl_match_hostname-3.5.0.1-11.module+el8.1.0+3111+de3f2d8e.src.rpm
python-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.src.rpm
python-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.src.rpm
python-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm
python-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-jinja2-2.10-8.module+el8.1.0+3111+de3f2d8e.src.rpm
python-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.src.rpm
python-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.src.rpm
python-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-nose-1.3.7-30.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.src.rpm
python-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm
python-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pygments-2.2.0-20.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.src.rpm
python-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.src.rpm
python-requests-2.20.0-3.module+el8.2.0+4577+feefd9b8.src.rpm
python-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-six-1.11.0-5.module+el8.1.0+3111+de3f2d8e.src.rpm
python-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.src.rpm
python-urllib3-1.24.2-1.module+el8.1.0+3280+19512f10.src.rpm
python-virtualenv-15.1.0-19.module+el8.1.0+3507+d69c168d.src.rpm
python-wheel-0.31.1-2.module+el8.1.0+3725+aac5cd17.src.rpm
python2-2.7.17-1.module+el8.2.0+4561+f4e0d66a.src.rpm
python2-pip-9.0.3-16.module+el8.2.0+5478+b505947e.src.rpm
python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.src.rpm
python2-setuptools-39.0.1-11.module+el8.1.0+3446+c3d52da3.src.rpm
pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.src.rpm
scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.src.rpm
aarch64:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-debug-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm
python2-debuginfo-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm
python2-debugsource-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm
python2-devel-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm
python2-libs-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm
python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.aarch64.rpm
python2-test-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm
python2-tkinter-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm
python2-tools-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm
scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
noarch:
babel-2.5.1-9.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python-nose-docs-1.3.7-30.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python-sqlalchemy-doc-1.3.2-1.module+el8.1.0+2994+98e054d6.noarch.rpm
python2-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-babel-2.5.1-9.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-backports-ssl_match_hostname-3.5.0.1-11.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docs-info-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-jinja2-2.10-8.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-nose-1.3.7-30.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-numpy-doc-1.14.2-13.module+el8.1.0+3323+7ac3e00f.noarch.rpm
python2-pip-9.0.3-16.module+el8.2.0+5478+b505947e.noarch.rpm
python2-pip-wheel-9.0.3-16.module+el8.2.0+5478+b505947e.noarch.rpm
python2-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pygments-2.2.0-20.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-requests-2.20.0-3.module+el8.2.0+4577+feefd9b8.noarch.rpm
python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-setuptools-39.0.1-11.module+el8.1.0+3446+c3d52da3.noarch.rpm
python2-setuptools-wheel-39.0.1-11.module+el8.1.0+3446+c3d52da3.noarch.rpm
python2-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-six-1.11.0-5.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-urllib3-1.24.2-1.module+el8.1.0+3280+19512f10.noarch.rpm
python2-virtualenv-15.1.0-19.module+el8.1.0+3507+d69c168d.noarch.rpm
python2-wheel-0.31.1-2.module+el8.1.0+3725+aac5cd17.noarch.rpm
python2-wheel-wheel-0.31.1-2.module+el8.1.0+3725+aac5cd17.noarch.rpm
ppc64le:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-debug-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm
python2-debuginfo-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm
python2-debugsource-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm
python2-devel-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm
python2-libs-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm
python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.ppc64le.rpm
python2-test-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm
python2-tkinter-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm
python2-tools-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm
scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
s390x:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-debug-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm
python2-debuginfo-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm
python2-debugsource-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm
python2-devel-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm
python2-libs-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm
python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.s390x.rpm
python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.s390x.rpm
python2-test-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm
python2-tkinter-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm
python2-tools-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm
scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.s390x.rpm
x86_64:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-debug-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm
python2-debuginfo-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm
python2-debugsource-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm
python2-devel-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm
python2-libs-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm
python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.x86_64.rpm
python2-test-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm
python2-tkinter-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm
python2-tools-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm
scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2018-18074
https://access.redhat.com/security/cve/CVE-2018-20060
https://access.redhat.com/security/cve/CVE-2018-20852
https://access.redhat.com/security/cve/CVE-2019-11236
https://access.redhat.com/security/cve/CVE-2019-11324
https://access.redhat.com/security/cve/CVE-2019-16056
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXqhWFNzjgjWX9erEAQgp/Q//T+YdsmzyRB0ERmYaGVJw2F9TGcPtJ9ig
X1Kfd7yEIdYe4WfjAov+iUyZ6h09ZXjlGtoUOukoUzVx+84P4XVADZjwQPGPbkYd
HvUKy/4eHx8OYp29RVKeqT8zapeqEBIWp+nc56HKF5DkvOQbmpudnhIh+bnq3Cip
p5YtU8+umOBTdAPTgYdkQ9Nc/x7MCiOCMfHkvdECja81WW1Y/Zrym8xvp9AGmdu6
7S1r51PoFq3kMBApjD7VVZpPFW0iZQ90jpSHVoV9E1x1O89IAkkGIWOuZTxpu2lM
fISmuBvZhnuqdSrJb04B7YWEcnd8//GpxP0kUqVx76vzPEnUj5Ddy1IIt29YBXnQ
8Rh37yGELG3LkuMgjgpXwD73FHeaoByB8WmBa61okwfYDgh9O4a1G5KC8PRiXAzf
uh+Wle2CuJK7+BdUdyYJABDvVpZ4BppNjT/TKaIgxwU3daQeo/tbVU4p+IhOGvky
UB1cq+s44R01jvRngoU50c+q4l5Ykawrap8jX8AKFX/JPkzz1IGJ7baia8Nyg2te
s7I90TdSZRDhJlMx2c+BcAO9zhFv39VvTy8t3hkocQoiU+3ZbufUQZI20DPw62eN
X6AFDZqMrcR6TZuc++iGdN0aui80Tmu7bay8S88v5MhLvjFqmITSjM4DDGBxi6sC
fykW5HV23Qg=uSEj
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.
PREVIOUS
NEXT
Red Hat Enterprise Linux 8 python27 Moderate Advisory RHSA-2020:1605-01
red hat
April 28, 2020
An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Summary
Python is an interpreted, interactive, object-oriented programming language
that supports modules, classes, exceptions, high-level dynamic data types,
and dynamic typing. The python27 packages provide a stable release of
Python 2.7 with a number of additional utilities and database connectorsfor MySQL and PostgreSQL.
The following packages have been upgraded to a later upstream version:
python2 (2.7.17). (BZ#1759944)
Security Fix(es):
* python-urllib3: Cross-host redirect does not remove Authorization header
allow for credential exposure (CVE-2018-20060)
* python: Cookie domain check returns incorrect results (CVE-2018-20852)
* python-urllib3: CRLF injection due to not encoding the '
' sequence
leading to possible attack on internal service (CVE-2019-11236)
* python-urllib3: Certification mishandle when error should be thrown
(CVE-2019-11324)
* python: email.utils.parseaddr wrongly parses email addresses
(CVE-2019-16056)
* python-requests: Redirect from HTTPS to HTTP does not remove
Authorization header (CVE-2018-18074)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.2 Release Notes linked from the References section.
References
https://access.redhat.com/security/cve/CVE-2018-18074 https://access.redhat.com/security/cve/CVE-2018-20060 https://access.redhat.com/security/cve/CVE-2018-20852 https://access.redhat.com/security/cve/CVE-2019-11236 https://access.redhat.com/security/cve/CVE-2019-11324 https://access.redhat.com/security/cve/CVE-2019-16056 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
Package List
Red Hat Enterprise Linux AppStream (v. 8):
Source:
Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.src.rpm
PyYAML-3.12-16.module+el8.1.0+3111+de3f2d8e.src.rpm
babel-2.5.1-9.module+el8.1.0+3111+de3f2d8e.src.rpm
numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.src.rpm
pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.src.rpm
python-backports-ssl_match_hostname-3.5.0.1-11.module+el8.1.0+3111+de3f2d8e.src.rpm
python-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.src.rpm
python-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.src.rpm
python-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm
python-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-jinja2-2.10-8.module+el8.1.0+3111+de3f2d8e.src.rpm
python-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.src.rpm
python-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.src.rpm
Read the Full Advisory
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2020:1605-01
Product: Red Hat Enterprise Linux
Advisory URL:
Issue date: 2020-04-28
Topic
An update for the python27:2.7 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Relevant Releases Architectures
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Bugs Fixed
1643829 - CVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does not remove Authorization header
1649153 - CVE-2018-20060 python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure
1659551 - python-virtualenv bundles pip and pip is using bundled requests and a bundled root certificate
1700824 - CVE-2019-11236 python-urllib3: CRLF injection due to not encoding the '
' sequence leading to possible attack on internal service
1702473 - CVE-2019-11324 python-urllib3: Certification mishandle when error should be thrown
1740347 - CVE-2018-20852 python: Cookie domain check returns incorrect results
1749839 - CVE-2019-16056 python: email.utils.parseaddr wrongly parses email addresses
1762422 - The fix CVE-2018-18074 leads to a regression
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!