-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3812
                       python27:2.7 security update
                             10 November 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           python27:2.7
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-42771 CVE-2021-28957 CVE-2021-27291
                   CVE-2021-23336 CVE-2021-20270 CVE-2021-20095
                   CVE-2020-28493 CVE-2020-27619 

Reference:         ESB-2021.3788
                   ESB-2021.3786
                   ESB-2021.3718
                   ESB-2021.2902

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:4151

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: python27:2.7 security update
Advisory ID:       RHSA-2021:4151-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:4151
Issue date:        2021-11-09
CVE Names:         CVE-2020-27619 CVE-2020-28493 CVE-2021-20095 
                   CVE-2021-20270 CVE-2021-23336 CVE-2021-27291 
                   CVE-2021-28957 CVE-2021-42771 
=====================================================================

1. Summary:

An update for the python27:2.7 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming
language, which includes modules, classes, exceptions, very high level
dynamic data types and dynamic typing. Python supports interfaces to many
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: Unsafe use of eval() on data retrieved via HTTP in the test suite
(CVE-2020-27619)

* python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)

* python-babel: Relative path traversal allows attacker to load arbitrary
locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)

* python-pygments: Infinite loop in SML lexer may lead to DoS
(CVE-2021-20270)

* python: Web cache poisoning via urllib.parse.parse_qsl and
urllib.parse.parse_qs by using a semicolon in query parameters
(CVE-2021-23336)

* python-pygments: ReDoS in multiple lexers (CVE-2021-27291)

* python-lxml: Missing input sanitization for formaction HTML5 attributes
may lead to XSS (CVE-2021-28957)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1889886 - CVE-2020-27619 python: Unsafe use of eval() on data retrieved via HTTP in the test suite
1922136 - CVE-2021-20270 python-pygments: Infinite loop in SML lexer may lead to DoS
1928707 - CVE-2020-28493 python-jinja2: ReDoS vulnerability in the urlize filter
1928904 - CVE-2021-23336 python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters
1940603 - CVE-2021-27291 python-pygments: ReDoS in multiple lexers
1941534 - CVE-2021-28957 python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS
1945483 - python27:2.7: RFE: virtualenv to prefer wheels from /usr/share/pythonXY-wheels when creating environment for Python X.Y
1955615 - CVE-2021-20095 CVE-2021-42771 python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.src.rpm
PyYAML-3.12-16.module+el8.1.0+3111+de3f2d8e.src.rpm
babel-2.5.1-10.module+el8.5.0+11014+88fc0d0b.src.rpm
numpy-1.14.2-16.module+el8.4.0+9406+221a4565.src.rpm
pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.src.rpm
python-backports-ssl_match_hostname-3.5.0.1-12.module+el8.4.0+9193+f3daf6ef.src.rpm
python-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.src.rpm
python-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.src.rpm
python-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.src.rpm
python-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm
python-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-jinja2-2.10-9.module+el8.5.0+10541+706bb066.src.rpm
python-lxml-4.2.3-5.module+el8.5.0+10534+22332931.src.rpm
python-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.src.rpm
python-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.src.rpm
python-nose-1.3.7-31.module+el8.5.0+12203+77770ab7.src.rpm
python-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.src.rpm
python-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm
python-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pygments-2.2.0-22.module+el8.5.0+10788+a4cea9e0.src.rpm
python-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.src.rpm
python-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.src.rpm
python-requests-2.20.0-3.module+el8.2.0+4577+feefd9b8.src.rpm
python-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.src.rpm
python-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.src.rpm
python-urllib3-1.24.2-3.module+el8.4.0+9193+f3daf6ef.src.rpm
python-virtualenv-15.1.0-21.module+el8.5.0+12203+77770ab7.src.rpm
python-wheel-0.31.1-3.module+el8.5.0+12203+77770ab7.src.rpm
python2-2.7.18-7.module+el8.5.0+12203+77770ab7.src.rpm
python2-pip-9.0.3-18.module+el8.3.0+7707+eb4bba01.src.rpm
python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.src.rpm
python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c.src.rpm
python2-six-1.11.0-6.module+el8.4.0+9287+299307c7.src.rpm
pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.src.rpm
scipy-1.0.0-21.module+el8.5.0+10858+05337455.src.rpm

aarch64:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.aarch64.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.aarch64.rpm
python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.aarch64.rpm
python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.aarch64.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm
python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm
python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.aarch64.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.aarch64.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.aarch64.rpm
python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.aarch64.rpm
python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.aarch64.rpm
python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.aarch64.rpm
scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.aarch64.rpm

noarch:
babel-2.5.1-10.module+el8.5.0+11014+88fc0d0b.noarch.rpm
python-nose-docs-1.3.7-31.module+el8.5.0+12203+77770ab7.noarch.rpm
python-sqlalchemy-doc-1.3.2-2.module+el8.3.0+6647+8d010749.noarch.rpm
python2-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-babel-2.5.1-10.module+el8.5.0+11014+88fc0d0b.noarch.rpm
python2-backports-ssl_match_hostname-3.5.0.1-12.module+el8.4.0+9193+f3daf6ef.noarch.rpm
python2-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docs-info-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-jinja2-2.10-9.module+el8.5.0+10541+706bb066.noarch.rpm
python2-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-nose-1.3.7-31.module+el8.5.0+12203+77770ab7.noarch.rpm
python2-numpy-doc-1.14.2-16.module+el8.4.0+9406+221a4565.noarch.rpm
python2-pip-9.0.3-18.module+el8.3.0+7707+eb4bba01.noarch.rpm
python2-pip-wheel-9.0.3-18.module+el8.3.0+7707+eb4bba01.noarch.rpm
python2-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pygments-2.2.0-22.module+el8.5.0+10788+a4cea9e0.noarch.rpm
python2-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-requests-2.20.0-3.module+el8.2.0+4577+feefd9b8.noarch.rpm
python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-setuptools-39.0.1-13.module+el8.4.0+9442+27d0e81c.noarch.rpm
python2-setuptools-wheel-39.0.1-13.module+el8.4.0+9442+27d0e81c.noarch.rpm
python2-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
python2-six-1.11.0-6.module+el8.4.0+9287+299307c7.noarch.rpm
python2-urllib3-1.24.2-3.module+el8.4.0+9193+f3daf6ef.noarch.rpm
python2-virtualenv-15.1.0-21.module+el8.5.0+12203+77770ab7.noarch.rpm
python2-wheel-0.31.1-3.module+el8.5.0+12203+77770ab7.noarch.rpm
python2-wheel-wheel-0.31.1-3.module+el8.5.0+12203+77770ab7.noarch.rpm

ppc64le:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.ppc64le.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.ppc64le.rpm
python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.ppc64le.rpm
python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.ppc64le.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm
python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm
python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.ppc64le.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.ppc64le.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.ppc64le.rpm
python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.ppc64le.rpm
python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.ppc64le.rpm
python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.ppc64le.rpm
scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.ppc64le.rpm

s390x:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.s390x.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.s390x.rpm
python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.s390x.rpm
python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.s390x.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm
python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm
python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.s390x.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.s390x.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm
python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.s390x.rpm
python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.s390x.rpm
python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.s390x.rpm
python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.s390x.rpm
scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.s390x.rpm

x86_64:
Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
numpy-debugsource-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm
python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-lxml-debugsource-4.2.3-5.module+el8.5.0+10534+22332931.x86_64.rpm
python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python-pymongo-debugsource-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-backports-1.0-16.module+el8.4.0+9193+f3daf6ef.x86_64.rpm
python2-bson-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-bson-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-debug-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-debuginfo-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-debugsource-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-devel-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-libs-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-lxml-4.2.3-5.module+el8.5.0+10534+22332931.x86_64.rpm
python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+10534+22332931.x86_64.rpm
python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-numpy-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm
python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm
python2-numpy-f2py-1.14.2-16.module+el8.4.0+9406+221a4565.x86_64.rpm
python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-pymongo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+10264+e5753a40.x86_64.rpm
python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
python2-scipy-1.0.0-21.module+el8.5.0+10858+05337455.x86_64.rpm
python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+10858+05337455.x86_64.rpm
python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.x86_64.rpm
python2-test-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-tkinter-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
python2-tools-2.7.18-7.module+el8.5.0+12203+77770ab7.x86_64.rpm
scipy-debugsource-1.0.0-21.module+el8.5.0+10858+05337455.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-27619
https://access.redhat.com/security/cve/CVE-2020-28493
https://access.redhat.com/security/cve/CVE-2021-20095
https://access.redhat.com/security/cve/CVE-2021-20270
https://access.redhat.com/security/cve/CVE-2021-23336
https://access.redhat.com/security/cve/CVE-2021-27291
https://access.redhat.com/security/cve/CVE-2021-28957
https://access.redhat.com/security/cve/CVE-2021-42771
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYYrey9zjgjWX9erEAQhyZw//WlW+iPL5ykIzprK4E+jpID6r6VjEcZ18
82fke96K6yLpWRAubbW6hNnWeuT2XWKQe22/ZSLCh8nBlpHBfsxHFt+2/LmTWazo
iTxht/vTaJOdt5XbuuJjOhBPJ5BDE8WhwiVRqfccP/+DuBrIABfUIi/RuDv4Xacj
VO3VdbTy8GjZFuDuTLCfOfnejg20/cDwBwQ6dHhJP/rn+fYf3nPVpeobFDuu1Xrq
cGhwCZ9iUmzKnJFl0elJHkdw2xlfjsRFwWuQjByFacpaDGNOksWeVXUJNvFccXX0
6OE9juSWKieRCh5GTJJKVdaSTgx1dYfINqblVc7VS/rfsxb3vI2tlxyGVv3tKvVE
zKc69E5QrjYvZzoLcWBdPvkqMv9CIBK9KZ5V0FIG3cyh7jO8qV8lRJSrrWlQjOJq
n+Q0eY/fBwQ5U5+MURg0T/GUKA5JODClltr1AKpbOvecVy7mZyT3ZnTsxLfHvp9l
zapoN8GDEyqCm6IyMucY8qhdYOx+c9B3eK3EqhR1hHgoRhgRze6sgqI+Aafv73ll
PLg3snjFrSZNup5Lagf7UDn3QXYzoTjTSWDPEEOmSQ4TyTe4QTAqZsfWEjBbKSbX
AjhcdeykTfBbTH3XKL6jFNptCCnRkvwTQJ00BnCIPSgG291DPSUbL14SNEsZgi4e
3NjcOVOCf9Y=
=SmdA
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYYtdduNLKJtyKPYoAQhSqg//QD2BEonuRwyUkpTJmdC1saw2w4QumF8M
cgpLF+ob7eihXhyvgzf8S7mZGHajZ55dGW1y78B9edxsZqw8R+5Y28II8R6V0qwD
hCCP8/Gus99lwrQCMrg6skKPYfSVaPoGoXXfN+IFyG3D+0lp2QlIxxjx9fsW5anO
J2yh9EDKRngOP9d11qtcmAHJswG8iLm9jlVSiYHNkjL8vfEe3q72sx+bT0Hd5RGl
LExUvmvPEEe3GdopshhSxiCsp+GAeMXT1hQvOiw0pJ66nRk5/Vq10w6B82oaMgZR
PTnGu6H6Ktpx9bd2oMs+b8G7YYd9R7CuQRY9y4UktGqVK/iWnnhQoNCGaVzT6bBN
uXNT5meQ1OOlcl9GfE4pvy9O2dJlX8/DLULht5p/E7i/KL8+wsOQmvoaMO/dTAhA
Hn9ODGm0j9BbRq1uENTRsXuxYnhQ6uaD1aa8ZMynGvUVjjb+OwM1XForYvwzBXPP
EsvS4v2V7jUavJA+QZndzh916FwbeGY3ts0Hh/0K3jkRHAwLM2Cb/Y0e3paLC+Ml
UQToWU13HLW75Lh3FYLUJVrQzw1oTO8TmsCJmcnKGzX/pVU3groVLfYfF5eNavYo
6bJmqmmBCC2FO/FG7ZHkzGK0l3bbbYQVuCoXAHqaTSzH27P/rtL/duf4PePvPk5U
/JsXdooyyY8=
=y76R
-----END PGP SIGNATURE-----