Red Hat Security Advisory: python27 security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2020-27619 — python: Unsafe use of eval() on data retrieved via HTTP in the test suite CVE-2020-28493 — python-jinja2: ReDoS vulnerability in the urlize filter CVE-2021-3177 — python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c CVE-2021-20095 — python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code CVE-2021-20270 — python-pygments: Infinite loop in SML lexer may lead to DoS CVE-2021-23336 — python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters CVE-2021-27291 — python-pygments: ReDoS in multiple lexers CVE-2021-42771 — python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2021:3252
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/articles/5860431
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1889886
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1918168
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1922136
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1928707
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1928904
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1940603
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1955615
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3252.json