Red Hat Security Advisory: rh-python38 security, bug fix, and enhancement update
🔗 CVE IDs covered (17)
📋 Description
CVE-2020-25659 — python-cryptography: Bleichenbacher timing oracle attack against RSA decryption CVE-2020-27619 — python: Unsafe use of eval() on data retrieved via HTTP in the test suite CVE-2020-27783 — python-lxml: mXSS due to the use of improper parser CVE-2020-28493 — python-jinja2: ReDoS vulnerability in the urlize filter CVE-2020-36242 — python-cryptography: Large inputs for symmetric encryption can trigger integer overflow leading to buffer overflow CVE-2021-3177 — python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c CVE-2021-3426 — python: Information disclosure via pydoc CVE-2021-3572 — python-pip: Incorrect handling of unicode separators in git references CVE-2021-3733 — python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-4189 — python: ftplib should not use the host from the PASV response CVE-2021-20095 — python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code CVE-2021-23336 — python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters CVE-2021-28957 — python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-29921 — python-ipaddress: Improper input validation of octal strings CVE-2021-33503 — python-urllib3: ReDoS in the parsing of authority part of URL CVE-2021-42771 — python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code CVE-2022-0391 — python: urllib.parse does not sanitize URLs containing ASCII newline and tabs
🔗 References (19)
- selfhttps://access.redhat.com/errata/RHSA-2021:3254
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://access.redhat.com/articles/5860431
- externalhttps://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html-single/3.7_release_notes/index#sect-RHSCL-Other-notes
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1889886
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1889988
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1901633
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1918168
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1926226
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1928707
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1928904
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1935913
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1941534
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1955615
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1957458
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1962856
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1968074
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1969523
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3254.json