-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: python38:3.8 security, bug fix, and enhancement update
Advisory ID:       RHSA-2020:4641-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4641
Issue date:        2020-11-03
CVE Names:         CVE-2019-20477 CVE-2019-20907 CVE-2020-1747 
                   CVE-2020-8492 CVE-2020-14422 
====================================================================
1. Summary:

An update for the python38:3.8 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming
language, which includes modules, classes, exceptions, very high level
dynamic data types and dynamic typing. Python supports interfaces to many
system calls and libraries, as well as to various windowing systems.

The following packages have been upgraded to a later upstream version:
python38 (3.8.3). (BZ#1847416)

Security Fix(es):

* PyYAML: command execution through python/object/apply constructor in
FullLoader (CVE-2019-20477)

* python: infinite loop in the tarfile module via crafted TAR archive
(CVE-2019-20907)

* PyYAML: arbitrary command execution through python/object/new when
FullLoader is used (CVE-2020-1747)

* python: wrong backtracking in urllib.request.AbstractBasicAuthHandler
allows for a ReDoS (CVE-2020-8492)

* python: DoS via inefficiency in IPv{4,6}Interface classes
(CVE-2020-14422)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1806005 - CVE-2019-20477 PyYAML: command execution through python/object/apply constructor in FullLoader
1807367 - CVE-2020-1747 PyYAML: arbitrary command execution through python/object/new when FullLoader is used
1809065 - CVE-2020-8492 python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS
1815643 - test_site is failing on an installed python3
1847416 - python38: Update to new bugfix release to 3.8.3
1854926 - CVE-2020-14422 python: DoS via inefficiency in IPv{4,6}Interface classes
1856481 - CVE-2019-20907 python: infinite loop in the tarfile module via crafted TAR archive

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
Cython-0.29.14-4.module+el8.2.0+5234+f98739b6.src.rpm
PyYAML-5.3.1-1.module+el8.3.0+7187+a27ec44b.src.rpm
babel-2.7.0-10.module+el8.2.0+5234+f98739b6.src.rpm
mod_wsgi-4.6.8-3.module+el8.2.0+5234+f98739b6.src.rpm
numpy-1.17.3-5.module+el8.3.0+7187+a27ec44b.src.rpm
python-PyMySQL-0.9.3-3.module+el8.2.0+5234+f98739b6.src.rpm
python-asn1crypto-1.2.0-3.module+el8.2.0+5234+f98739b6.src.rpm
python-cffi-1.13.2-3.module+el8.2.0+5234+f98739b6.src.rpm
python-chardet-3.0.4-19.module+el8.2.0+5234+f98739b6.src.rpm
python-cryptography-2.8-3.module+el8.2.0+5234+f98739b6.src.rpm
python-idna-2.8-6.module+el8.2.0+5234+f98739b6.src.rpm
python-jinja2-2.10.3-4.module+el8.2.0+5234+f98739b6.src.rpm
python-lxml-4.4.1-4.module+el8.2.0+5234+f98739b6.src.rpm
python-markupsafe-1.1.1-6.module+el8.2.0+5234+f98739b6.src.rpm
python-ply-3.11-8.module+el8.2.0+5234+f98739b6.src.rpm
python-psutil-5.6.4-3.module+el8.2.0+5234+f98739b6.src.rpm
python-psycopg2-2.8.4-4.module+el8.2.0+5234+f98739b6.src.rpm
python-pycparser-2.19-3.module+el8.2.0+5234+f98739b6.src.rpm
python-pysocks-1.7.1-4.module+el8.2.0+5234+f98739b6.src.rpm
python-requests-2.22.0-9.module+el8.2.0+5234+f98739b6.src.rpm
python-six-1.12.0-9.module+el8.2.0+5234+f98739b6.src.rpm
python-urllib3-1.25.7-4.module+el8.2.0+5234+f98739b6.src.rpm
python-wheel-0.33.6-5.module+el8.3.0+7187+a27ec44b.src.rpm
python38-3.8.3-3.module+el8.3.0+7680+79e7e61a.src.rpm
python3x-pip-19.3.1-1.module+el8.3.0+7187+a27ec44b.src.rpm
python3x-setuptools-41.6.0-4.module+el8.3.0+7187+a27ec44b.src.rpm
pytz-2019.3-3.module+el8.2.0+5234+f98739b6.src.rpm
scipy-1.3.1-4.module+el8.2.0+5234+f98739b6.src.rpm

aarch64:
Cython-debugsource-0.29.14-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
PyYAML-debugsource-5.3.1-1.module+el8.3.0+7187+a27ec44b.aarch64.rpm
numpy-debugsource-1.17.3-5.module+el8.3.0+7187+a27ec44b.aarch64.rpm
python-cffi-debugsource-1.13.2-3.module+el8.2.0+5234+f98739b6.aarch64.rpm
python-cryptography-debugsource-2.8-3.module+el8.2.0+5234+f98739b6.aarch64.rpm
python-lxml-debugsource-4.4.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.2.0+5234+f98739b6.aarch64.rpm
python-psutil-debugsource-5.6.4-3.module+el8.2.0+5234+f98739b6.aarch64.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm
python38-Cython-0.29.14-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-cffi-1.13.2-3.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-cryptography-2.8-3.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-debug-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm
python38-debuginfo-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm
python38-debugsource-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm
python38-devel-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm
python38-idle-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm
python38-libs-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm
python38-lxml-4.4.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-lxml-debuginfo-4.4.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-markupsafe-1.1.1-6.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-mod_wsgi-4.6.8-3.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-numpy-1.17.3-5.module+el8.3.0+7187+a27ec44b.aarch64.rpm
python38-numpy-debuginfo-1.17.3-5.module+el8.3.0+7187+a27ec44b.aarch64.rpm
python38-numpy-f2py-1.17.3-5.module+el8.3.0+7187+a27ec44b.aarch64.rpm
python38-psutil-5.6.4-3.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-psutil-debuginfo-5.6.4-3.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-psycopg2-2.8.4-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-pyyaml-5.3.1-1.module+el8.3.0+7187+a27ec44b.aarch64.rpm
python38-pyyaml-debuginfo-5.3.1-1.module+el8.3.0+7187+a27ec44b.aarch64.rpm
python38-scipy-1.3.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
python38-test-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm
python38-tkinter-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm
scipy-debugsource-1.3.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm

noarch:
python38-PyMySQL-0.9.3-3.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-asn1crypto-1.2.0-3.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-babel-2.7.0-10.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-chardet-3.0.4-19.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-idna-2.8-6.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-jinja2-2.10.3-4.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-numpy-doc-1.17.3-5.module+el8.3.0+7187+a27ec44b.noarch.rpm
python38-pip-19.3.1-1.module+el8.3.0+7187+a27ec44b.noarch.rpm
python38-pip-wheel-19.3.1-1.module+el8.3.0+7187+a27ec44b.noarch.rpm
python38-ply-3.11-8.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-pycparser-2.19-3.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-pysocks-1.7.1-4.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-pytz-2019.3-3.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-requests-2.22.0-9.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-rpm-macros-3.8.3-3.module+el8.3.0+7680+79e7e61a.noarch.rpm
python38-setuptools-41.6.0-4.module+el8.3.0+7187+a27ec44b.noarch.rpm
python38-setuptools-wheel-41.6.0-4.module+el8.3.0+7187+a27ec44b.noarch.rpm
python38-six-1.12.0-9.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-urllib3-1.25.7-4.module+el8.2.0+5234+f98739b6.noarch.rpm
python38-wheel-0.33.6-5.module+el8.3.0+7187+a27ec44b.noarch.rpm
python38-wheel-wheel-0.33.6-5.module+el8.3.0+7187+a27ec44b.noarch.rpm

ppc64le:
Cython-debugsource-0.29.14-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
PyYAML-debugsource-5.3.1-1.module+el8.3.0+7187+a27ec44b.ppc64le.rpm
numpy-debugsource-1.17.3-5.module+el8.3.0+7187+a27ec44b.ppc64le.rpm
python-cffi-debugsource-1.13.2-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python-cryptography-debugsource-2.8-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python-lxml-debugsource-4.4.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python-psutil-debugsource-5.6.4-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm
python38-Cython-0.29.14-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-cffi-1.13.2-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-cryptography-2.8-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-debug-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm
python38-debuginfo-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm
python38-debugsource-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm
python38-devel-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm
python38-idle-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm
python38-libs-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm
python38-lxml-4.4.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-lxml-debuginfo-4.4.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-markupsafe-1.1.1-6.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-mod_wsgi-4.6.8-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-numpy-1.17.3-5.module+el8.3.0+7187+a27ec44b.ppc64le.rpm
python38-numpy-debuginfo-1.17.3-5.module+el8.3.0+7187+a27ec44b.ppc64le.rpm
python38-numpy-f2py-1.17.3-5.module+el8.3.0+7187+a27ec44b.ppc64le.rpm
python38-psutil-5.6.4-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-psutil-debuginfo-5.6.4-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-psycopg2-2.8.4-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-pyyaml-5.3.1-1.module+el8.3.0+7187+a27ec44b.ppc64le.rpm
python38-pyyaml-debuginfo-5.3.1-1.module+el8.3.0+7187+a27ec44b.ppc64le.rpm
python38-scipy-1.3.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
python38-test-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm
python38-tkinter-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm
scipy-debugsource-1.3.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm

s390x:
Cython-debugsource-0.29.14-4.module+el8.2.0+5234+f98739b6.s390x.rpm
PyYAML-debugsource-5.3.1-1.module+el8.3.0+7187+a27ec44b.s390x.rpm
numpy-debugsource-1.17.3-5.module+el8.3.0+7187+a27ec44b.s390x.rpm
python-cffi-debugsource-1.13.2-3.module+el8.2.0+5234+f98739b6.s390x.rpm
python-cryptography-debugsource-2.8-3.module+el8.2.0+5234+f98739b6.s390x.rpm
python-lxml-debugsource-4.4.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.2.0+5234+f98739b6.s390x.rpm
python-psutil-debugsource-5.6.4-3.module+el8.2.0+5234+f98739b6.s390x.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm
python38-Cython-0.29.14-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-cffi-1.13.2-3.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-cryptography-2.8-3.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-debug-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm
python38-debuginfo-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm
python38-debugsource-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm
python38-devel-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm
python38-idle-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm
python38-libs-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm
python38-lxml-4.4.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-lxml-debuginfo-4.4.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-markupsafe-1.1.1-6.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-mod_wsgi-4.6.8-3.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-numpy-1.17.3-5.module+el8.3.0+7187+a27ec44b.s390x.rpm
python38-numpy-debuginfo-1.17.3-5.module+el8.3.0+7187+a27ec44b.s390x.rpm
python38-numpy-f2py-1.17.3-5.module+el8.3.0+7187+a27ec44b.s390x.rpm
python38-psutil-5.6.4-3.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-psutil-debuginfo-5.6.4-3.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-psycopg2-2.8.4-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-pyyaml-5.3.1-1.module+el8.3.0+7187+a27ec44b.s390x.rpm
python38-pyyaml-debuginfo-5.3.1-1.module+el8.3.0+7187+a27ec44b.s390x.rpm
python38-scipy-1.3.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm
python38-test-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm
python38-tkinter-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm
scipy-debugsource-1.3.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm

x86_64:
Cython-debugsource-0.29.14-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
PyYAML-debugsource-5.3.1-1.module+el8.3.0+7187+a27ec44b.x86_64.rpm
numpy-debugsource-1.17.3-5.module+el8.3.0+7187+a27ec44b.x86_64.rpm
python-cffi-debugsource-1.13.2-3.module+el8.2.0+5234+f98739b6.x86_64.rpm
python-cryptography-debugsource-2.8-3.module+el8.2.0+5234+f98739b6.x86_64.rpm
python-lxml-debugsource-4.4.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.2.0+5234+f98739b6.x86_64.rpm
python-psutil-debugsource-5.6.4-3.module+el8.2.0+5234+f98739b6.x86_64.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm
python38-Cython-0.29.14-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-cffi-1.13.2-3.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-cryptography-2.8-3.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-debug-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm
python38-debuginfo-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm
python38-debugsource-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm
python38-devel-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm
python38-idle-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm
python38-libs-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm
python38-lxml-4.4.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-lxml-debuginfo-4.4.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-markupsafe-1.1.1-6.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-mod_wsgi-4.6.8-3.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-numpy-1.17.3-5.module+el8.3.0+7187+a27ec44b.x86_64.rpm
python38-numpy-debuginfo-1.17.3-5.module+el8.3.0+7187+a27ec44b.x86_64.rpm
python38-numpy-f2py-1.17.3-5.module+el8.3.0+7187+a27ec44b.x86_64.rpm
python38-psutil-5.6.4-3.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-psutil-debuginfo-5.6.4-3.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-psycopg2-2.8.4-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-pyyaml-5.3.1-1.module+el8.3.0+7187+a27ec44b.x86_64.rpm
python38-pyyaml-debuginfo-5.3.1-1.module+el8.3.0+7187+a27ec44b.x86_64.rpm
python38-scipy-1.3.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
python38-test-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm
python38-tkinter-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm
scipy-debugsource-1.3.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-20477
https://access.redhat.com/security/cve/CVE-2019-20907
https://access.redhat.com/security/cve/CVE-2020-1747
https://access.redhat.com/security/cve/CVE-2020-8492
https://access.redhat.com/security/cve/CVE-2020-14422
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX6Iy8NzjgjWX9erEAQi7IQ/9EGHHJR5/WWgIWxTF9fEZjZ4kkadnBl5j
GeOVmKimjB3PeTuNSuSQXjmNQ4XdvyFyTAcJgMqXafv3uQv3TFoGMR6/GJkECZ9w
/qBVlGz8EDjFFGC55isweALu0pQrHgb92dkHrFE5hkgRm5plLG0hwywaCrbV89BM
hhH4FucIp4gEhrVzIhnRl68eao3eXTJriDMGNVlw2mSgWGVcKKw8iuOCFEvjhtGk
CAg4qVkAM0UXEKS0rWgzNa8JxhNE6a+Rev7v9ci0luqi0S7ZjAubAHif/id1PUqx
0F0ZDmEChHn6YznDdL0wDvHo0dcr7i4ItWjqm6yUgFhAVs2h77JvTraKrF7Lxgp+
Yfbi8gRYeTC9vk7r+j1ayon5o4AtbTIcq6NgX6NBgyRNTDEn9dH3n6NoUmdH7gLW
IV8BwFAibH1nB0YCQ9DpV+903E51bwx53RTiGcMSU3jzvyG54X4lnxpgEj4D9yzs
WeM9M/OoLgTqmUlp1deAVmB6/1nyJOKNS/PHnZgYxuv18DJdiavt0TFeCHitM6OU
t5iDUFP9j+JW/NwqZIqD6BRPbgipH1c0dcB2JbMi4/kiY7KPkLJHTq6rmTCWeIKJ
c0JZhC/vPpuKOQS2QkI9Zqq2H4sI7wjrnwPHhdnDICFY5j4+cJOHjiPXK2eLjXd/
uY7JyuphpgQ=Y0uH
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-4641:01 Moderate: python38:3.8 security, bug fix,

An update for the python38:3.8 module is now available for Red Hat Enterprise Linux 8

Summary

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
The following packages have been upgraded to a later upstream version: python38 (3.8.3). (BZ#1847416)
Security Fix(es):
* PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477)
* python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)
* PyYAML: arbitrary command execution through python/object/new when FullLoader is used (CVE-2020-1747)
* python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS (CVE-2020-8492)
* python: DoS via inefficiency in IPv{4,6}Interface classes (CVE-2020-14422)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2019-20477 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2020-1747 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: Cython-0.29.14-4.module+el8.2.0+5234+f98739b6.src.rpm PyYAML-5.3.1-1.module+el8.3.0+7187+a27ec44b.src.rpm babel-2.7.0-10.module+el8.2.0+5234+f98739b6.src.rpm mod_wsgi-4.6.8-3.module+el8.2.0+5234+f98739b6.src.rpm numpy-1.17.3-5.module+el8.3.0+7187+a27ec44b.src.rpm python-PyMySQL-0.9.3-3.module+el8.2.0+5234+f98739b6.src.rpm python-asn1crypto-1.2.0-3.module+el8.2.0+5234+f98739b6.src.rpm python-cffi-1.13.2-3.module+el8.2.0+5234+f98739b6.src.rpm python-chardet-3.0.4-19.module+el8.2.0+5234+f98739b6.src.rpm python-cryptography-2.8-3.module+el8.2.0+5234+f98739b6.src.rpm python-idna-2.8-6.module+el8.2.0+5234+f98739b6.src.rpm python-jinja2-2.10.3-4.module+el8.2.0+5234+f98739b6.src.rpm python-lxml-4.4.1-4.module+el8.2.0+5234+f98739b6.src.rpm python-markupsafe-1.1.1-6.module+el8.2.0+5234+f98739b6.src.rpm python-ply-3.11-8.module+el8.2.0+5234+f98739b6.src.rpm python-psutil-5.6.4-3.module+el8.2.0+5234+f98739b6.src.rpm python-psycopg2-2.8.4-4.module+el8.2.0+5234+f98739b6.src.rpm python-pycparser-2.19-3.module+el8.2.0+5234+f98739b6.src.rpm python-pysocks-1.7.1-4.module+el8.2.0+5234+f98739b6.src.rpm python-requests-2.22.0-9.module+el8.2.0+5234+f98739b6.src.rpm python-six-1.12.0-9.module+el8.2.0+5234+f98739b6.src.rpm python-urllib3-1.25.7-4.module+el8.2.0+5234+f98739b6.src.rpm python-wheel-0.33.6-5.module+el8.3.0+7187+a27ec44b.src.rpm python38-3.8.3-3.module+el8.3.0+7680+79e7e61a.src.rpm python3x-pip-19.3.1-1.module+el8.3.0+7187+a27ec44b.src.rpm python3x-setuptools-41.6.0-4.module+el8.3.0+7187+a27ec44b.src.rpm pytz-2019.3-3.module+el8.2.0+5234+f98739b6.src.rpm scipy-1.3.1-4.module+el8.2.0+5234+f98739b6.src.rpm
aarch64: Cython-debugsource-0.29.14-4.module+el8.2.0+5234+f98739b6.aarch64.rpm PyYAML-debugsource-5.3.1-1.module+el8.3.0+7187+a27ec44b.aarch64.rpm numpy-debugsource-1.17.3-5.module+el8.3.0+7187+a27ec44b.aarch64.rpm python-cffi-debugsource-1.13.2-3.module+el8.2.0+5234+f98739b6.aarch64.rpm python-cryptography-debugsource-2.8-3.module+el8.2.0+5234+f98739b6.aarch64.rpm python-lxml-debugsource-4.4.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.2.0+5234+f98739b6.aarch64.rpm python-psutil-debugsource-5.6.4-3.module+el8.2.0+5234+f98739b6.aarch64.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm python38-Cython-0.29.14-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-cffi-1.13.2-3.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-cryptography-2.8-3.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-cryptography-debuginfo-2.8-3.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-debug-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm python38-debuginfo-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm python38-debugsource-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm python38-devel-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm python38-idle-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm python38-libs-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm python38-lxml-4.4.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-lxml-debuginfo-4.4.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-markupsafe-1.1.1-6.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-mod_wsgi-4.6.8-3.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-numpy-1.17.3-5.module+el8.3.0+7187+a27ec44b.aarch64.rpm python38-numpy-debuginfo-1.17.3-5.module+el8.3.0+7187+a27ec44b.aarch64.rpm python38-numpy-f2py-1.17.3-5.module+el8.3.0+7187+a27ec44b.aarch64.rpm python38-psutil-5.6.4-3.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-psutil-debuginfo-5.6.4-3.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-psycopg2-2.8.4-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-psycopg2-doc-2.8.4-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-psycopg2-tests-2.8.4-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-pyyaml-5.3.1-1.module+el8.3.0+7187+a27ec44b.aarch64.rpm python38-pyyaml-debuginfo-5.3.1-1.module+el8.3.0+7187+a27ec44b.aarch64.rpm python38-scipy-1.3.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm python38-test-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm python38-tkinter-3.8.3-3.module+el8.3.0+7680+79e7e61a.aarch64.rpm scipy-debugsource-1.3.1-4.module+el8.2.0+5234+f98739b6.aarch64.rpm
noarch: python38-PyMySQL-0.9.3-3.module+el8.2.0+5234+f98739b6.noarch.rpm python38-asn1crypto-1.2.0-3.module+el8.2.0+5234+f98739b6.noarch.rpm python38-babel-2.7.0-10.module+el8.2.0+5234+f98739b6.noarch.rpm python38-chardet-3.0.4-19.module+el8.2.0+5234+f98739b6.noarch.rpm python38-idna-2.8-6.module+el8.2.0+5234+f98739b6.noarch.rpm python38-jinja2-2.10.3-4.module+el8.2.0+5234+f98739b6.noarch.rpm python38-numpy-doc-1.17.3-5.module+el8.3.0+7187+a27ec44b.noarch.rpm python38-pip-19.3.1-1.module+el8.3.0+7187+a27ec44b.noarch.rpm python38-pip-wheel-19.3.1-1.module+el8.3.0+7187+a27ec44b.noarch.rpm python38-ply-3.11-8.module+el8.2.0+5234+f98739b6.noarch.rpm python38-pycparser-2.19-3.module+el8.2.0+5234+f98739b6.noarch.rpm python38-pysocks-1.7.1-4.module+el8.2.0+5234+f98739b6.noarch.rpm python38-pytz-2019.3-3.module+el8.2.0+5234+f98739b6.noarch.rpm python38-requests-2.22.0-9.module+el8.2.0+5234+f98739b6.noarch.rpm python38-rpm-macros-3.8.3-3.module+el8.3.0+7680+79e7e61a.noarch.rpm python38-setuptools-41.6.0-4.module+el8.3.0+7187+a27ec44b.noarch.rpm python38-setuptools-wheel-41.6.0-4.module+el8.3.0+7187+a27ec44b.noarch.rpm python38-six-1.12.0-9.module+el8.2.0+5234+f98739b6.noarch.rpm python38-urllib3-1.25.7-4.module+el8.2.0+5234+f98739b6.noarch.rpm python38-wheel-0.33.6-5.module+el8.3.0+7187+a27ec44b.noarch.rpm python38-wheel-wheel-0.33.6-5.module+el8.3.0+7187+a27ec44b.noarch.rpm
ppc64le: Cython-debugsource-0.29.14-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm PyYAML-debugsource-5.3.1-1.module+el8.3.0+7187+a27ec44b.ppc64le.rpm numpy-debugsource-1.17.3-5.module+el8.3.0+7187+a27ec44b.ppc64le.rpm python-cffi-debugsource-1.13.2-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm python-cryptography-debugsource-2.8-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm python-lxml-debugsource-4.4.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.2.0+5234+f98739b6.ppc64le.rpm python-psutil-debugsource-5.6.4-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm python38-Cython-0.29.14-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-cffi-1.13.2-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-cryptography-2.8-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-cryptography-debuginfo-2.8-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-debug-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm python38-debuginfo-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm python38-debugsource-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm python38-devel-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm python38-idle-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm python38-libs-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm python38-lxml-4.4.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-lxml-debuginfo-4.4.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-markupsafe-1.1.1-6.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-mod_wsgi-4.6.8-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-numpy-1.17.3-5.module+el8.3.0+7187+a27ec44b.ppc64le.rpm python38-numpy-debuginfo-1.17.3-5.module+el8.3.0+7187+a27ec44b.ppc64le.rpm python38-numpy-f2py-1.17.3-5.module+el8.3.0+7187+a27ec44b.ppc64le.rpm python38-psutil-5.6.4-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-psutil-debuginfo-5.6.4-3.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-psycopg2-2.8.4-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-psycopg2-doc-2.8.4-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-psycopg2-tests-2.8.4-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-pyyaml-5.3.1-1.module+el8.3.0+7187+a27ec44b.ppc64le.rpm python38-pyyaml-debuginfo-5.3.1-1.module+el8.3.0+7187+a27ec44b.ppc64le.rpm python38-scipy-1.3.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm python38-test-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm python38-tkinter-3.8.3-3.module+el8.3.0+7680+79e7e61a.ppc64le.rpm scipy-debugsource-1.3.1-4.module+el8.2.0+5234+f98739b6.ppc64le.rpm
s390x: Cython-debugsource-0.29.14-4.module+el8.2.0+5234+f98739b6.s390x.rpm PyYAML-debugsource-5.3.1-1.module+el8.3.0+7187+a27ec44b.s390x.rpm numpy-debugsource-1.17.3-5.module+el8.3.0+7187+a27ec44b.s390x.rpm python-cffi-debugsource-1.13.2-3.module+el8.2.0+5234+f98739b6.s390x.rpm python-cryptography-debugsource-2.8-3.module+el8.2.0+5234+f98739b6.s390x.rpm python-lxml-debugsource-4.4.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.2.0+5234+f98739b6.s390x.rpm python-psutil-debugsource-5.6.4-3.module+el8.2.0+5234+f98739b6.s390x.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.2.0+5234+f98739b6.s390x.rpm python38-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm python38-Cython-0.29.14-4.module+el8.2.0+5234+f98739b6.s390x.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.2.0+5234+f98739b6.s390x.rpm python38-cffi-1.13.2-3.module+el8.2.0+5234+f98739b6.s390x.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.2.0+5234+f98739b6.s390x.rpm python38-cryptography-2.8-3.module+el8.2.0+5234+f98739b6.s390x.rpm python38-cryptography-debuginfo-2.8-3.module+el8.2.0+5234+f98739b6.s390x.rpm python38-debug-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm python38-debuginfo-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm python38-debugsource-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm python38-devel-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm python38-idle-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm python38-libs-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm python38-lxml-4.4.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm python38-lxml-debuginfo-4.4.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm python38-markupsafe-1.1.1-6.module+el8.2.0+5234+f98739b6.s390x.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.2.0+5234+f98739b6.s390x.rpm python38-mod_wsgi-4.6.8-3.module+el8.2.0+5234+f98739b6.s390x.rpm python38-numpy-1.17.3-5.module+el8.3.0+7187+a27ec44b.s390x.rpm python38-numpy-debuginfo-1.17.3-5.module+el8.3.0+7187+a27ec44b.s390x.rpm python38-numpy-f2py-1.17.3-5.module+el8.3.0+7187+a27ec44b.s390x.rpm python38-psutil-5.6.4-3.module+el8.2.0+5234+f98739b6.s390x.rpm python38-psutil-debuginfo-5.6.4-3.module+el8.2.0+5234+f98739b6.s390x.rpm python38-psycopg2-2.8.4-4.module+el8.2.0+5234+f98739b6.s390x.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.2.0+5234+f98739b6.s390x.rpm python38-psycopg2-doc-2.8.4-4.module+el8.2.0+5234+f98739b6.s390x.rpm python38-psycopg2-tests-2.8.4-4.module+el8.2.0+5234+f98739b6.s390x.rpm python38-pyyaml-5.3.1-1.module+el8.3.0+7187+a27ec44b.s390x.rpm python38-pyyaml-debuginfo-5.3.1-1.module+el8.3.0+7187+a27ec44b.s390x.rpm python38-scipy-1.3.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm python38-test-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm python38-tkinter-3.8.3-3.module+el8.3.0+7680+79e7e61a.s390x.rpm scipy-debugsource-1.3.1-4.module+el8.2.0+5234+f98739b6.s390x.rpm
x86_64: Cython-debugsource-0.29.14-4.module+el8.2.0+5234+f98739b6.x86_64.rpm PyYAML-debugsource-5.3.1-1.module+el8.3.0+7187+a27ec44b.x86_64.rpm numpy-debugsource-1.17.3-5.module+el8.3.0+7187+a27ec44b.x86_64.rpm python-cffi-debugsource-1.13.2-3.module+el8.2.0+5234+f98739b6.x86_64.rpm python-cryptography-debugsource-2.8-3.module+el8.2.0+5234+f98739b6.x86_64.rpm python-lxml-debugsource-4.4.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.2.0+5234+f98739b6.x86_64.rpm python-psutil-debugsource-5.6.4-3.module+el8.2.0+5234+f98739b6.x86_64.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm python38-Cython-0.29.14-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-cffi-1.13.2-3.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-cryptography-2.8-3.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-cryptography-debuginfo-2.8-3.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-debug-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm python38-debuginfo-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm python38-debugsource-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm python38-devel-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm python38-idle-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm python38-libs-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm python38-lxml-4.4.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-lxml-debuginfo-4.4.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-markupsafe-1.1.1-6.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-mod_wsgi-4.6.8-3.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-numpy-1.17.3-5.module+el8.3.0+7187+a27ec44b.x86_64.rpm python38-numpy-debuginfo-1.17.3-5.module+el8.3.0+7187+a27ec44b.x86_64.rpm python38-numpy-f2py-1.17.3-5.module+el8.3.0+7187+a27ec44b.x86_64.rpm python38-psutil-5.6.4-3.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-psutil-debuginfo-5.6.4-3.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-psycopg2-2.8.4-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-psycopg2-doc-2.8.4-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-psycopg2-tests-2.8.4-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-pyyaml-5.3.1-1.module+el8.3.0+7187+a27ec44b.x86_64.rpm python38-pyyaml-debuginfo-5.3.1-1.module+el8.3.0+7187+a27ec44b.x86_64.rpm python38-scipy-1.3.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm python38-test-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm python38-tkinter-3.8.3-3.module+el8.3.0+7680+79e7e61a.x86_64.rpm scipy-debugsource-1.3.1-4.module+el8.2.0+5234+f98739b6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2020:4641-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4641
Issued Date: : 2020-11-03
CVE Names: CVE-2019-20477 CVE-2019-20907 CVE-2020-1747 CVE-2020-8492 CVE-2020-14422

Topic

An update for the python38:3.8 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64


Bugs Fixed

1806005 - CVE-2019-20477 PyYAML: command execution through python/object/apply constructor in FullLoader

1807367 - CVE-2020-1747 PyYAML: arbitrary command execution through python/object/new when FullLoader is used

1809065 - CVE-2020-8492 python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS

1815643 - test_site is failing on an installed python3

1847416 - python38: Update to new bugfix release to 3.8.3

1854926 - CVE-2020-14422 python: DoS via inefficiency in IPv{4,6}Interface classes

1856481 - CVE-2019-20907 python: infinite loop in the tarfile module via crafted TAR archive