-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: python27:2.7 security update
Advisory ID:       RHSA-2021:4151-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:4151
Issue date:        2021-11-09
CVE Names:         CVE-2020-27619 CVE-2020-28493 CVE-2021-20095 
                   CVE-2021-20270 CVE-2021-23336 CVE-2021-27291 
                   CVE-2021-28957 CVE-2021-42771 
====================================================================
1. Summary:

An update for the python27:2.7 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming
language, which includes modules, classes, exceptions, very high level
dynamic data types and dynamic typing. Python supports interfaces to many
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: Unsafe use of eval() on data retrieved via HTTP in the test suite
(CVE-2020-27619)

* python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)

* python-babel: Relative path traversal allows attacker to load arbitrary
locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)

* python-pygments: Infinite loop in SML lexer may lead to DoS
(CVE-2021-20270)

* python: Web cache poisoning via urllib.parse.parse_qsl and
urllib.parse.parse_qs by using a semicolon in query parameters(CVE-2021-23336)

* python-pygments: ReDoS in multiple lexers (CVE-2021-27291)

* python-lxml: Missing input sanitization for formaction HTML5 attributes
may lead to XSS (CVE-2021-28957)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1889886 - CVE-2020-27619 python: Unsafe use of eval() on data retrieved via HTTP in the test suite
1922136 - CVE-2021-20270 python-pygments: Infinite loop in SML lexer may lead to DoS
1928707 - CVE-2020-28493 python-jinja2: ReDoS vulnerability in the urlize filter
1928904 - CVE-2021-23336 python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters1940603 - CVE-2021-27291 python-pygments: ReDoS in multiple lexers1941534 - CVE-2021-28957 python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS
1945483 - python27:2.7: RFE: virtualenv to prefer wheels from /usr/share/pythonXY-wheels when creating environment for Python X.Y
1955615 - CVE-2021-20095 CVE-2021-42771 python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.src.rpm
PyYAML-3.12-16.module+el8.1.0+3111+de3f2d8e.src.rpm
babel-2.5.1-10.module+el8.5.0+11014+88fc0d0b.src.rpm
numpy-1.14.2-16.module+el8.4.0+9406+221a4565.src.rpm
pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.src.rpm
python-backports-ssl_match_hostname-3.5.0.1-12.module+el8.4.0+9193+f3daf6ef.src.rpm
python-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.src.rpm
python-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.src.rpm
python-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm
python-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-jinja2-2.10-9.module+el8.5.0+10541+706bb066.src.rpm
python-lxml-4.2.3-5.module+el8.5.0+10534+22332931.src.rpm
python-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.src.rpm
python-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-nose-1.3.7-31.module+el8.5.0+12203+77770ab7.src.rpm
python-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.src.rpm
python-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm
python-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pygments-2.2.0-22.module+el8.5.0+10788+a4cea9e0.src.rpm
python-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.src.rpm
python-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.src.rpm
python-requests-2.20.0-3.module+el8.2.0+4577+feefd9b8.src.rpm
python-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.src.rpm
python-urllib3-1.24.2-3.module+el8.4.0+9193+f3daf6ef.src.rpm
python-virtualenv-15.1.0-21.module+el8.5.0+12203+77770ab7.src.rpm
python-wheel-0.31.1-3.module+el8.5.0+12203+77770ab7.src.rpm
python2-2.7.18-7.module+el8.5.0+12203+77770ab7.src.rpm
python2-pip-9.0.3-18.module+el8.3.0+7707+eb4bba01.src.rpm
python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.src.rpm
python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c.src.rpm
python2-six-1.11.0-6.module+el8.4.0+9287+299307c7.src.rpm
pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.src.rpm
scipy-1.0.0-21.module+el8.5.0+10858+05337455.src.rpm

aarch64:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.aarch64.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.aarch64.rpm
python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.aarch64.rpm
python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.aarch64.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm
python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm
python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.aarch64.rpm
python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.aarch64.rpm
python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.aarch64.rpm
python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.aarch64.rpm

noarch:
babel-2.5.1-10.module+el8.5.0+11014+88fc0d0b.noarch.rpm
python-nose-docs-1.3.7-31.module+el8.5.0+12203+77770ab7.noarch.rpm
python-sqlalchemy-doc-1.3.2-2.module+el8.3.0+6647+8d010749.noarch.rpm
python2-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-babel-2.5.1-10.module+el8.5.0+11014+88fc0d0b.noarch.rpm
python2-backports-ssl_match_hostname-3.5.0.1-12.module+el8.4.0+9193+f3daf6ef.noarch.rpm
python2-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docs-info-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-jinja2-2.10-9.module+el8.5.0+10541+706bb066.noarch.rpm
python2-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-nose-1.3.7-31.module+el8.5.0+12203+77770ab7.noarch.rpm
python2-numpy-doc-1.14.2-16.module+el8.4.0+9406+221a4565.noarch.rpm
python2-pip-9.0.3-18.module+el8.3.0+7707+eb4bba01.noarch.rpm
python2-pip-wheel-9.0.3-18.module+el8.3.0+7707+eb4bba01.noarch.rpm
python2-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pygments-2.2.0-22.module+el8.5.0+10788+a4cea9e0.noarch.rpm
python2-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-requests-2.20.0-3.module+el8.2.0+4577+feefd9b8.noarch.rpm
python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c.noarch.rpm
python2-setuptools-wheel-39.0.1-13.module+el8.4.0+9442+27d0e81c.noarch.rpm
python2-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-six-1.11.0-6.module+el8.4.0+9287+299307c7.noarch.rpm
python2-urllib3-1.24.2-3.module+el8.4.0+9193+f3daf6ef.noarch.rpm
python2-virtualenv-15.1.0-21.module+el8.5.0+12203+77770ab7.noarch.rpm
python2-wheel-0.31.1-3.module+el8.5.0+12203+77770ab7.noarch.rpm
python2-wheel-wheel-0.31.1-3.module+el8.5.0+12203+77770ab7.noarch.rpm

ppc64le:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.ppc64le.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.ppc64le.rpm
python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.ppc64le.rpm
python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.ppc64le.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm
python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm
python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.ppc64le.rpm
python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.ppc64le.rpm
python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.ppc64le.rpm
python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.ppc64le.rpm

s390x:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.s390x.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.s390x.rpm
python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.s390x.rpm
python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.s390x.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm
python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm
python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.s390x.rpm
python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.s390x.rpm
python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.s390x.rpm
python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.s390x.rpm

x86_64:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.x86_64.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.x86_64.rpm
python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.x86_64.rpm
python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.x86_64.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm
python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm
python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.x86_64.rpm
python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.x86_64.rpm
python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.x86_64.rpm
python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-27619
https://access.redhat.com/security/cve/CVE-2020-28493
https://access.redhat.com/security/cve/CVE-2021-20095
https://access.redhat.com/security/cve/CVE-2021-20270
https://access.redhat.com/security/cve/CVE-2021-23336
https://access.redhat.com/security/cve/CVE-2021-27291
https://access.redhat.com/security/cve/CVE-2021-28957
https://access.redhat.com/security/cve/CVE-2021-42771
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYYrey9zjgjWX9erEAQhyZw//WlW+iPL5ykIzprK4E+jpID6r6VjEcZ18
82fke96K6yLpWRAubbW6hNnWeuT2XWKQe22/ZSLCh8nBlpHBfsxHFt+2/LmTWazo
iTxht/vTaJOdt5XbuuJjOhBPJ5BDE8WhwiVRqfccP/+DuBrIABfUIi/RuDv4Xacj
VO3VdbTy8GjZFuDuTLCfOfnejg20/cDwBwQ6dHhJP/rn+fYf3nPVpeobFDuu1Xrq
cGhwCZ9iUmzKnJFl0elJHkdw2xlfjsRFwWuQjByFacpaDGNOksWeVXUJNvFccXX0
6OE9juSWKieRCh5GTJJKVdaSTgx1dYfINqblVc7VS/rfsxb3vI2tlxyGVv3tKvVE
zKc69E5QrjYvZzoLcWBdPvkqMv9CIBK9KZ5V0FIG3cyh7jO8qV8lRJSrrWlQjOJq
n+Q0eY/fBwQ5U5+MURg0T/GUKA5JODClltr1AKpbOvecVy7mZyT3ZnTsxLfHvp9l
zapoN8GDEyqCm6IyMucY8qhdYOx+c9B3eK3EqhR1hHgoRhgRze6sgqI+Aafv73ll
PLg3snjFrSZNup5Lagf7UDn3QXYzoTjTSWDPEEOmSQ4TyTe4QTAqZsfWEjBbKSbX
AjhcdeykTfBbTH3XKL6jFNptCCnRkvwTQJ00BnCIPSgG291DPSUbL14SNEsZgi4e
3NjcOVOCf9Y=SmdA
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-4151:06 Moderate: python27:2.7 security update

An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8

Summary

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)
* python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)
* python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)
* python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270)
* python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters(CVE-2021-23336)
* python-pygments: ReDoS in multiple lexers (CVE-2021-27291)
* python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2020-27619 https://access.redhat.com/security/cve/CVE-2020-28493 https://access.redhat.com/security/cve/CVE-2021-20095 https://access.redhat.com/security/cve/CVE-2021-20270 https://access.redhat.com/security/cve/CVE-2021-23336 https://access.redhat.com/security/cve/CVE-2021-27291 https://access.redhat.com/security/cve/CVE-2021-28957 https://access.redhat.com/security/cve/CVE-2021-42771 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.src.rpm PyYAML-3.12-16.module+el8.1.0+3111+de3f2d8e.src.rpm babel-2.5.1-10.module+el8.5.0+11014+88fc0d0b.src.rpm numpy-1.14.2-16.module+el8.4.0+9406+221a4565.src.rpm pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm python-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm python-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm python-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.src.rpm python-backports-ssl_match_hostname-3.5.0.1-12.module+el8.4.0+9193+f3daf6ef.src.rpm python-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.src.rpm python-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.src.rpm python-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm python-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.src.rpm python-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.src.rpm python-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm python-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm python-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.src.rpm python-jinja2-2.10-9.module+el8.5.0+10541+706bb066.src.rpm python-lxml-4.2.3-5.module+el8.5.0+10534+22332931.src.rpm python-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.src.rpm python-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.src.rpm python-nose-1.3.7-31.module+el8.5.0+12203+77770ab7.src.rpm python-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.src.rpm python-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm python-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.src.rpm python-pygments-2.2.0-22.module+el8.5.0+10788+a4cea9e0.src.rpm python-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.src.rpm python-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.src.rpm python-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.src.rpm python-requests-2.20.0-3.module+el8.2.0+4577+feefd9b8.src.rpm python-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.src.rpm python-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.src.rpm python-urllib3-1.24.2-3.module+el8.4.0+9193+f3daf6ef.src.rpm python-virtualenv-15.1.0-21.module+el8.5.0+12203+77770ab7.src.rpm python-wheel-0.31.1-3.module+el8.5.0+12203+77770ab7.src.rpm python2-2.7.18-7.module+el8.5.0+12203+77770ab7.src.rpm python2-pip-9.0.3-18.module+el8.3.0+7707+eb4bba01.src.rpm python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.src.rpm python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c.src.rpm python2-six-1.11.0-6.module+el8.4.0+9287+299307c7.src.rpm pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.src.rpm scipy-1.0.0-21.module+el8.5.0+10858+05337455.src.rpm
aarch64: Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.aarch64.rpm python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm python2-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.aarch64.rpm python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.aarch64.rpm python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.aarch64.rpm python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.aarch64.rpm python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.aarch64.rpm python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.aarch64.rpm python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.aarch64.rpm
noarch: babel-2.5.1-10.module+el8.5.0+11014+88fc0d0b.noarch.rpm python-nose-docs-1.3.7-31.module+el8.5.0+12203+77770ab7.noarch.rpm python-sqlalchemy-doc-1.3.2-2.module+el8.3.0+6647+8d010749.noarch.rpm python2-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-babel-2.5.1-10.module+el8.5.0+11014+88fc0d0b.noarch.rpm python2-backports-ssl_match_hostname-3.5.0.1-12.module+el8.4.0+9193+f3daf6ef.noarch.rpm python2-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-docs-info-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-jinja2-2.10-9.module+el8.5.0+10541+706bb066.noarch.rpm python2-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-nose-1.3.7-31.module+el8.5.0+12203+77770ab7.noarch.rpm python2-numpy-doc-1.14.2-16.module+el8.4.0+9406+221a4565.noarch.rpm python2-pip-9.0.3-18.module+el8.3.0+7707+eb4bba01.noarch.rpm python2-pip-wheel-9.0.3-18.module+el8.3.0+7707+eb4bba01.noarch.rpm python2-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-pygments-2.2.0-22.module+el8.5.0+10788+a4cea9e0.noarch.rpm python2-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-requests-2.20.0-3.module+el8.2.0+4577+feefd9b8.noarch.rpm python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c.noarch.rpm python2-setuptools-wheel-39.0.1-13.module+el8.4.0+9442+27d0e81c.noarch.rpm python2-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-six-1.11.0-6.module+el8.4.0+9287+299307c7.noarch.rpm python2-urllib3-1.24.2-3.module+el8.4.0+9193+f3daf6ef.noarch.rpm python2-virtualenv-15.1.0-21.module+el8.5.0+12203+77770ab7.noarch.rpm python2-wheel-0.31.1-3.module+el8.5.0+12203+77770ab7.noarch.rpm python2-wheel-wheel-0.31.1-3.module+el8.5.0+12203+77770ab7.noarch.rpm
ppc64le: Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.ppc64le.rpm python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm python2-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.ppc64le.rpm python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.ppc64le.rpm python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.ppc64le.rpm python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.ppc64le.rpm python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.ppc64le.rpm python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.ppc64le.rpm python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.ppc64le.rpm
s390x: Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.s390x.rpm python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm python2-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.s390x.rpm python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.s390x.rpm python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.s390x.rpm python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.s390x.rpm python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.s390x.rpm python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.s390x.rpm python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.s390x.rpm
x86_64: Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.x86_64.rpm python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm python2-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.x86_64.rpm python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.x86_64.rpm python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.x86_64.rpm python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.x86_64.rpm python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.x86_64.rpm python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.x86_64.rpm python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2021:4151-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4151
Issued Date: : 2021-11-09
CVE Names: CVE-2020-27619 CVE-2020-28493 CVE-2021-20095 CVE-2021-20270 CVE-2021-23336 CVE-2021-27291 CVE-2021-28957 CVE-2021-42771

Topic

An update for the python27:2.7 module is now available for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64


Bugs Fixed

1889886 - CVE-2020-27619 python: Unsafe use of eval() on data retrieved via HTTP in the test suite

1922136 - CVE-2021-20270 python-pygments: Infinite loop in SML lexer may lead to DoS

1928707 - CVE-2020-28493 python-jinja2: ReDoS vulnerability in the urlize filter

1928904 - CVE-2021-23336 python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters1940603 - CVE-2021-27291 python-pygments: ReDoS in multiple lexers1941534 - CVE-2021-28957 python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS

1945483 - python27:2.7: RFE: virtualenv to prefer wheels from /usr/share/pythonXY-wheels when creating environment for Python X.Y

1955615 - CVE-2021-20095 CVE-2021-42771 python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code


Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved