Explore top 10 tips to secure your open-source projects now. Read More
×
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
Python is an interpreted, interactive, object-oriented programming
language, which includes modules, classes, exceptions, very high level
dynamic data types and dynamic typing. Python supports interfaces to many
system calls and libraries, as well as to various windowing systems.
The following packages have been upgraded to a later upstream version:
python38 (3.8), python38-devel (3.8). (BZ#1997680, BZ#1997860)
Security Fix(es):
* python: urllib: Regular expression DoS in AbstractBasicAuthHandler
(CVE-2021-3733)
* python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass
through (CVE-2021-43818)
* python: urllib.parse does not sanitize URLs containing ASCII newline and
tabs (CVE-2022-0391)
* python: urllib: HTTP client possible infinite loop on a 100 Continue
response (CVE-2021-3737)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.6 Release Notes linked from the References section.
https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-43818 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.6_release_notes/index
Red Hat Enterprise Linux AppStream (v. 8):
Source:
Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.src.rpm
PyYAML-5.4.1-1.module+el8.5.0+10721+14d8e0d5.src.rpm
babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.src.rpm
mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.src.rpm
numpy-1.17.3-6.module+el8.5.0+12205+a865257a.src.rpm
python-PyMySQL-0.10.1-1.module+el8.4.0+9692+8e86ab84.src.rpm
python-asn1crypto-1.2.0-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-chardet-3.0.4-19.module+el8.4.0+8888+89bc7e79.src.rpm
python-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-idna-2.8-6.module+el8.4.0+8888+89bc7e79.src.rpm
python-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.src.rpm
python-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.src.rpm
python-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.src.rpm
python-ply-3.11-10.module+el8.4.0+9579+e9717e18.src.rpm
python-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.src.rpm
python-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.src.rpm
python-pycparser-2.19-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-pysocks-1.7.1-4.module+el8.4.0+8888+89bc7e79.src.rpm
python-requests-2.22.0-9.module+el8.4.0+8888+89bc7e79.src.rpm
python-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.src.rpm
Read the Full Advisory
An update for the python38:3.8 and python38-devel:3.8 modules is nowavailable for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Red Hat CodeReady Linux Builder (v. 8) - noarch
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
1995162 - CVE-2021-3737 python: urllib: HTTP client possible infinite loop on a 100 Continue response
1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler
2004587 - Update the python interpreter to the latest security release 3.8.12
2006789 - RHEL 8 Python 3.8: pip contains bundled pre-built exe files in site-packages/pip/_vendor/distlib/
2032569 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through
2047376 - CVE-2022-0391 python: urllib.parse does not sanitize URLs containing ASCII newline and tabs
Get the latest Linux and open source security news straight to your inbox.