Linux Security
    Linux Security
    Linux Security

    RedHat: RHSA-2020-4299:01 Moderate: rh-python38 security, bug fix,

    Date 20 Oct 2020
    162
    Posted By LinuxSecurity Advisories
    An update for rh-python38-python, rh-python38-python-psutil, and rh-python38-python-urllib3 is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: rh-python38 security, bug fix, and enhancement update
    Advisory ID:       RHSA-2020:4299-01
    Product:           Red Hat Software Collections
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4299
    Issue date:        2020-10-20
    CVE Names:         CVE-2019-18874 CVE-2019-20907 CVE-2020-14422 
                       CVE-2020-26116 CVE-2020-26137 
    =====================================================================
    
    1. Summary:
    
    An update for rh-python38-python, rh-python38-python-psutil, and
    rh-python38-python-urllib3 is now available for Red Hat Software
    Collections.
    
    Red Hat Product Security has rated this update as having a security impact
    of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
    gives a detailed severity rating, is available for each vulnerability from
    the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64
    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64
    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64
    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
    
    3. Description:
    
    Python is an interpreted, interactive, object-oriented programming
    language, which includes modules, classes, exceptions, very high level
    dynamic data types and dynamic typing. Python supports interfaces to many
    system calls and libraries, as well as to various windowing systems.
    
    The following packages have been upgraded to a later upstream version:
    rh-python38-python (3.8.6). (BZ#1885289)
    
    Security Fix(es):
    
    * python-psutil: double free because of refcount mishandling
    (CVE-2019-18874)
    
    * python: infinite loop in the tarfile module via crafted TAR archive
    (CVE-2019-20907)
    
    * python: DoS via inefficiency in IPv{4,6}Interface classes
    (CVE-2020-14422)
    
    * python: CRLF injection via HTTP request method in httplib/http.client
    (CVE-2020-26116)
    
    * python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling
    1854926 - CVE-2020-14422 python: DoS via inefficiency in IPv{4,6}Interface classes
    1856481 - CVE-2019-20907 python: infinite loop in the tarfile module via crafted TAR archive
    1883014 - CVE-2020-26116 python: CRLF injection via HTTP request method in httplib/http.client
    1883632 - CVE-2020-26137 python-urllib3: CRLF injection via HTTP request method
    1885289 - Update the python 3.8 interpreter to its latest bugfix release 3.8.6
    
    6. Package List:
    
    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-python38-python-3.8.6-1.el7.src.rpm
    rh-python38-python-psutil-5.6.4-5.el7.src.rpm
    rh-python38-python-urllib3-1.25.7-6.el7.src.rpm
    
    aarch64:
    rh-python38-python-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-debug-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-devel-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-idle-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-libs-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-psutil-5.6.4-5.el7.aarch64.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.aarch64.rpm
    rh-python38-python-test-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.aarch64.rpm
    
    noarch:
    rh-python38-python-rpm-macros-3.8.6-1.el7.noarch.rpm
    rh-python38-python-srpm-macros-3.8.6-1.el7.noarch.rpm
    rh-python38-python-urllib3-1.25.7-6.el7.noarch.rpm
    
    ppc64le:
    rh-python38-python-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-debug-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-devel-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-idle-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-libs-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-psutil-5.6.4-5.el7.ppc64le.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.ppc64le.rpm
    rh-python38-python-test-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.ppc64le.rpm
    
    s390x:
    rh-python38-python-3.8.6-1.el7.s390x.rpm
    rh-python38-python-debug-3.8.6-1.el7.s390x.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.s390x.rpm
    rh-python38-python-devel-3.8.6-1.el7.s390x.rpm
    rh-python38-python-idle-3.8.6-1.el7.s390x.rpm
    rh-python38-python-libs-3.8.6-1.el7.s390x.rpm
    rh-python38-python-psutil-5.6.4-5.el7.s390x.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.s390x.rpm
    rh-python38-python-test-3.8.6-1.el7.s390x.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.s390x.rpm
    
    Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
    
    Source:
    rh-python38-python-3.8.6-1.el7.src.rpm
    rh-python38-python-psutil-5.6.4-5.el7.src.rpm
    rh-python38-python-urllib3-1.25.7-6.el7.src.rpm
    
    aarch64:
    rh-python38-python-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-debug-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-devel-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-idle-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-libs-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-psutil-5.6.4-5.el7.aarch64.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.aarch64.rpm
    rh-python38-python-test-3.8.6-1.el7.aarch64.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.aarch64.rpm
    
    noarch:
    rh-python38-python-rpm-macros-3.8.6-1.el7.noarch.rpm
    rh-python38-python-srpm-macros-3.8.6-1.el7.noarch.rpm
    rh-python38-python-urllib3-1.25.7-6.el7.noarch.rpm
    
    ppc64le:
    rh-python38-python-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-debug-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-devel-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-idle-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-libs-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-psutil-5.6.4-5.el7.ppc64le.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.ppc64le.rpm
    rh-python38-python-test-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.ppc64le.rpm
    
    s390x:
    rh-python38-python-3.8.6-1.el7.s390x.rpm
    rh-python38-python-debug-3.8.6-1.el7.s390x.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.s390x.rpm
    rh-python38-python-devel-3.8.6-1.el7.s390x.rpm
    rh-python38-python-idle-3.8.6-1.el7.s390x.rpm
    rh-python38-python-libs-3.8.6-1.el7.s390x.rpm
    rh-python38-python-psutil-5.6.4-5.el7.s390x.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.s390x.rpm
    rh-python38-python-test-3.8.6-1.el7.s390x.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.s390x.rpm
    
    x86_64:
    rh-python38-python-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-debug-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-devel-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-idle-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-libs-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-psutil-5.6.4-5.el7.x86_64.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.x86_64.rpm
    rh-python38-python-test-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.x86_64.rpm
    
    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
    
    Source:
    rh-python38-python-3.8.6-1.el7.src.rpm
    rh-python38-python-psutil-5.6.4-5.el7.src.rpm
    rh-python38-python-urllib3-1.25.7-6.el7.src.rpm
    
    noarch:
    rh-python38-python-rpm-macros-3.8.6-1.el7.noarch.rpm
    rh-python38-python-srpm-macros-3.8.6-1.el7.noarch.rpm
    rh-python38-python-urllib3-1.25.7-6.el7.noarch.rpm
    
    ppc64le:
    rh-python38-python-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-debug-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-devel-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-idle-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-libs-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-psutil-5.6.4-5.el7.ppc64le.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.ppc64le.rpm
    rh-python38-python-test-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.ppc64le.rpm
    
    s390x:
    rh-python38-python-3.8.6-1.el7.s390x.rpm
    rh-python38-python-debug-3.8.6-1.el7.s390x.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.s390x.rpm
    rh-python38-python-devel-3.8.6-1.el7.s390x.rpm
    rh-python38-python-idle-3.8.6-1.el7.s390x.rpm
    rh-python38-python-libs-3.8.6-1.el7.s390x.rpm
    rh-python38-python-psutil-5.6.4-5.el7.s390x.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.s390x.rpm
    rh-python38-python-test-3.8.6-1.el7.s390x.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.s390x.rpm
    
    x86_64:
    rh-python38-python-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-debug-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-devel-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-idle-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-libs-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-psutil-5.6.4-5.el7.x86_64.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.x86_64.rpm
    rh-python38-python-test-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.x86_64.rpm
    
    Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
    
    Source:
    rh-python38-python-3.8.6-1.el7.src.rpm
    rh-python38-python-psutil-5.6.4-5.el7.src.rpm
    rh-python38-python-urllib3-1.25.7-6.el7.src.rpm
    
    noarch:
    rh-python38-python-rpm-macros-3.8.6-1.el7.noarch.rpm
    rh-python38-python-srpm-macros-3.8.6-1.el7.noarch.rpm
    rh-python38-python-urllib3-1.25.7-6.el7.noarch.rpm
    
    ppc64le:
    rh-python38-python-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-debug-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-devel-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-idle-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-libs-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-psutil-5.6.4-5.el7.ppc64le.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.ppc64le.rpm
    rh-python38-python-test-3.8.6-1.el7.ppc64le.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.ppc64le.rpm
    
    s390x:
    rh-python38-python-3.8.6-1.el7.s390x.rpm
    rh-python38-python-debug-3.8.6-1.el7.s390x.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.s390x.rpm
    rh-python38-python-devel-3.8.6-1.el7.s390x.rpm
    rh-python38-python-idle-3.8.6-1.el7.s390x.rpm
    rh-python38-python-libs-3.8.6-1.el7.s390x.rpm
    rh-python38-python-psutil-5.6.4-5.el7.s390x.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.s390x.rpm
    rh-python38-python-test-3.8.6-1.el7.s390x.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.s390x.rpm
    
    x86_64:
    rh-python38-python-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-debug-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-devel-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-idle-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-libs-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-psutil-5.6.4-5.el7.x86_64.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.x86_64.rpm
    rh-python38-python-test-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.x86_64.rpm
    
    Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
    
    Source:
    rh-python38-python-3.8.6-1.el7.src.rpm
    rh-python38-python-psutil-5.6.4-5.el7.src.rpm
    rh-python38-python-urllib3-1.25.7-6.el7.src.rpm
    
    noarch:
    rh-python38-python-rpm-macros-3.8.6-1.el7.noarch.rpm
    rh-python38-python-srpm-macros-3.8.6-1.el7.noarch.rpm
    rh-python38-python-urllib3-1.25.7-6.el7.noarch.rpm
    
    x86_64:
    rh-python38-python-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-debug-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-debuginfo-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-devel-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-idle-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-libs-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-psutil-5.6.4-5.el7.x86_64.rpm
    rh-python38-python-psutil-debuginfo-5.6.4-5.el7.x86_64.rpm
    rh-python38-python-test-3.8.6-1.el7.x86_64.rpm
    rh-python38-python-tkinter-3.8.6-1.el7.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-18874
    https://access.redhat.com/security/cve/CVE-2019-20907
    https://access.redhat.com/security/cve/CVE-2020-14422
    https://access.redhat.com/security/cve/CVE-2020-26116
    https://access.redhat.com/security/cve/CVE-2020-26137
    https://access.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBX49CS9zjgjWX9erEAQjbBw/+M1rJnwLvh0lv9kuNtKiPihllkEWQxmau
    ioOJyUNG0Nm0k1IJs9Czogomn/XS1XHDsn8VgCBmkHly0Fmkz8CIlYqCHEU+0CTK
    gthbWTPWctVHba9BrdUbcFLEtGn/NrQqVmFdnwVqTHYfhFpzMZuvDT9CFwJhTkrT
    7M+O3RtLNc2Cb+kWMtOuB0vIuOvWAsqTyWGe/+YIvAD7imZfWxmoY0LHxDim6ezS
    hvHFTBYNZTpvoqUo23wTyWAceu4zmfdtmILHSj7Idh22j/sM1giFOBqqihxbTh+9
    TkvUmSyoW1NN3Fg/S/lBqcVPM98OP4ESNO4SnYtQnIo0os3IFnVrysKxie4TukfR
    qavdBnFtCIbH/OZwpDRKMW1fVtjY9nclXCJT1uO+ippHe7GI/H2xqTj9jgWyeXXt
    hLWjJT6el7ic8FGKurOghNUiHD2wSdSLe5E8d+XUZnmOP9eBSR4gfmQo91+SXeCu
    cT1p4ddrzEMMQvUh9qenJ/BUCZZUYM9X89CqPM9xSJIzmMBPDcyy0EgQjcydHnUG
    3GtdWKD3eN0nLQDa/tkF42LJCvj2l1vPL47l6+LVtZzjWXQ9DZf8aWUKcaFeqOAI
    x/Z4LfkbtjPR5RRCu8Hq+DfS7RzaLCbswLEAxXGuzhWXa3ZnKAV59TwdhFYCsp/q
    3fbY6NWlFXs=
    =fyR/
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    Advisories

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"3","type":"x","order":"1","pct":9.68,"resources":[]},{"id":"161","title":"1-5 years","votes":"5","type":"x","order":"2","pct":16.13,"resources":[]},{"id":"162","title":"6-10 years","votes":"1","type":"x","order":"3","pct":3.23,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"22","type":"x","order":"4","pct":70.97,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.