Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3820
python38:3.8 and python38-devel:3.8 security update
10 November 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: python38:3.8 and python38-devel:3.8
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Overwrite Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-42771 CVE-2021-33503 CVE-2021-29921
CVE-2021-28957 CVE-2021-23336 CVE-2021-20095
CVE-2021-3572 CVE-2021-3426 CVE-2020-28493
CVE-2019-18874
Reference: ESB-2021.3520
ESB-2021.2904
ESB-2021.2902
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:4162
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: python38:3.8 and python38-devel:3.8 security update
Advisory ID: RHSA-2021:4162-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4162
Issue date: 2021-11-09
CVE Names: CVE-2019-18874 CVE-2020-28493 CVE-2021-3426
CVE-2021-3572 CVE-2021-20095 CVE-2021-23336
CVE-2021-28957 CVE-2021-29921 CVE-2021-33503
CVE-2021-42771
=====================================================================
1. Summary:
An update for the python38:3.8 and python38-devel:3.8 modules is now
available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - noarch
3. Description:
Python is an interpreted, interactive, object-oriented programming
language, which includes modules, classes, exceptions, very high level
dynamic data types and dynamic typing. Python supports interfaces to many
system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python-psutil: Double free because of refcount mishandling
(CVE-2019-18874)
* python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)
* python: Information disclosure via pydoc (CVE-2021-3426)
* python-babel: Relative path traversal allows attacker to load arbitrary
locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)
* python: Web cache poisoning via urllib.parse.parse_qsl and
urllib.parse.parse_qs by using a semicolon in query parameters
(CVE-2021-23336)
* python-lxml: Missing input sanitization for formaction HTML5 attributes
may lead to XSS (CVE-2021-28957)
* python-ipaddress: Improper input validation of octal strings
(CVE-2021-29921)
* python-urllib3: ReDoS in the parsing of authority part of URL
(CVE-2021-33503)
* python-pip: Incorrect handling of unicode separators in git references
(CVE-2021-3572)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1772014 - CVE-2019-18874 python-psutil: Double free because of refcount mishandling
1928707 - CVE-2020-28493 python-jinja2: ReDoS vulnerability in the urlize filter
1928904 - CVE-2021-23336 python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters
1935913 - CVE-2021-3426 python: Information disclosure via pydoc
1941534 - CVE-2021-28957 python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS
1955615 - CVE-2021-20095 CVE-2021-42771 python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code
1957458 - CVE-2021-29921 python-ipaddress: Improper input validation of octal strings
1962856 - CVE-2021-3572 python-pip: Incorrect handling of unicode separators in git references
1968074 - CVE-2021-33503 python-urllib3: ReDoS in the parsing of authority part of URL
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.src.rpm
PyYAML-5.4.1-1.module+el8.5.0+10721+14d8e0d5.src.rpm
babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.src.rpm
mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.src.rpm
numpy-1.17.3-6.module+el8.5.0+12205+a865257a.src.rpm
python-PyMySQL-0.10.1-1.module+el8.4.0+9692+8e86ab84.src.rpm
python-asn1crypto-1.2.0-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-chardet-3.0.4-19.module+el8.4.0+8888+89bc7e79.src.rpm
python-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-idna-2.8-6.module+el8.4.0+8888+89bc7e79.src.rpm
python-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.src.rpm
python-lxml-4.4.1-6.module+el8.5.0+10542+ba057329.src.rpm
python-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.src.rpm
python-ply-3.11-10.module+el8.4.0+9579+e9717e18.src.rpm
python-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.src.rpm
python-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.src.rpm
python-pycparser-2.19-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-pysocks-1.7.1-4.module+el8.4.0+8888+89bc7e79.src.rpm
python-requests-2.22.0-9.module+el8.4.0+8888+89bc7e79.src.rpm
python-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.src.rpm
python-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.src.rpm
python38-3.8.8-4.module+el8.5.0+12205+a865257a.src.rpm
python3x-pip-19.3.1-4.module+el8.5.0+12205+a865257a.src.rpm
python3x-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a.src.rpm
python3x-six-1.12.0-10.module+el8.4.0+8888+89bc7e79.src.rpm
pytz-2019.3-3.module+el8.4.0+8888+89bc7e79.src.rpm
scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.src.rpm
aarch64:
Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm
numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm
python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python-lxml-debugsource-4.4.1-6.module+el8.5.0+10542+ba057329.aarch64.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-3.8.8-4.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-debug-3.8.8-4.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-debuginfo-3.8.8-4.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-debugsource-3.8.8-4.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-devel-3.8.8-4.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-idle-3.8.8-4.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-libs-3.8.8-4.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-lxml-4.4.1-6.module+el8.5.0+10542+ba057329.aarch64.rpm
python38-lxml-debuginfo-4.4.1-6.module+el8.5.0+10542+ba057329.aarch64.rpm
python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm
python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm
python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm
python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm
python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-test-3.8.8-4.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-tkinter-3.8.8-4.module+el8.5.0+12205+a865257a.aarch64.rpm
scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
noarch:
python38-PyMySQL-0.10.1-1.module+el8.4.0+9692+8e86ab84.noarch.rpm
python38-asn1crypto-1.2.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.noarch.rpm
python38-chardet-3.0.4-19.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-idna-2.8-6.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.noarch.rpm
python38-numpy-doc-1.17.3-6.module+el8.5.0+12205+a865257a.noarch.rpm
python38-pip-19.3.1-4.module+el8.5.0+12205+a865257a.noarch.rpm
python38-pip-wheel-19.3.1-4.module+el8.5.0+12205+a865257a.noarch.rpm
python38-ply-3.11-10.module+el8.4.0+9579+e9717e18.noarch.rpm
python38-pycparser-2.19-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-pysocks-1.7.1-4.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-pytz-2019.3-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-requests-2.22.0-9.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-rpm-macros-3.8.8-4.module+el8.5.0+12205+a865257a.noarch.rpm
python38-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a.noarch.rpm
python38-setuptools-wheel-41.6.0-5.module+el8.5.0+12205+a865257a.noarch.rpm
python38-six-1.12.0-10.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.noarch.rpm
python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm
python38-wheel-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm
ppc64le:
Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm
numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm
python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python-lxml-debugsource-4.4.1-6.module+el8.5.0+10542+ba057329.ppc64le.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-3.8.8-4.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-debug-3.8.8-4.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-debuginfo-3.8.8-4.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-debugsource-3.8.8-4.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-devel-3.8.8-4.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-idle-3.8.8-4.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-libs-3.8.8-4.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-lxml-4.4.1-6.module+el8.5.0+10542+ba057329.ppc64le.rpm
python38-lxml-debuginfo-4.4.1-6.module+el8.5.0+10542+ba057329.ppc64le.rpm
python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm
python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm
python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm
python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm
python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-test-3.8.8-4.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-tkinter-3.8.8-4.module+el8.5.0+12205+a865257a.ppc64le.rpm
scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
s390x:
Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm
numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm
python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python-lxml-debugsource-4.4.1-6.module+el8.5.0+10542+ba057329.s390x.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm
python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-3.8.8-4.module+el8.5.0+12205+a865257a.s390x.rpm
python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-debug-3.8.8-4.module+el8.5.0+12205+a865257a.s390x.rpm
python38-debuginfo-3.8.8-4.module+el8.5.0+12205+a865257a.s390x.rpm
python38-debugsource-3.8.8-4.module+el8.5.0+12205+a865257a.s390x.rpm
python38-devel-3.8.8-4.module+el8.5.0+12205+a865257a.s390x.rpm
python38-idle-3.8.8-4.module+el8.5.0+12205+a865257a.s390x.rpm
python38-libs-3.8.8-4.module+el8.5.0+12205+a865257a.s390x.rpm
python38-lxml-4.4.1-6.module+el8.5.0+10542+ba057329.s390x.rpm
python38-lxml-debuginfo-4.4.1-6.module+el8.5.0+10542+ba057329.s390x.rpm
python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm
python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm
python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm
python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm
python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm
python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm
python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm
python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-test-3.8.8-4.module+el8.5.0+12205+a865257a.s390x.rpm
python38-tkinter-3.8.8-4.module+el8.5.0+12205+a865257a.s390x.rpm
scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
x86_64:
Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm
numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm
python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python-lxml-debugsource-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-debug-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-debuginfo-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-debugsource-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-devel-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-idle-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-libs-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-lxml-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpm
python38-lxml-debuginfo-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpm
python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm
python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm
python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm
python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm
python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-test-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-tkinter-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm
scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
Source:
pytest-4.6.6-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-atomicwrites-1.3.0-8.module+el8.4.0+8888+89bc7e79.src.rpm
python-attrs-19.3.0-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-more-itertools-7.2.0-5.module+el8.4.0+8888+89bc7e79.src.rpm
python-packaging-19.2-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-pluggy-0.13.0-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-py-1.8.0-8.module+el8.4.0+8888+89bc7e79.src.rpm
python-wcwidth-0.1.7-16.module+el8.4.0+8888+89bc7e79.src.rpm
python3x-pyparsing-2.4.5-3.module+el8.4.0+8888+89bc7e79.src.rpm
noarch:
python38-atomicwrites-1.3.0-8.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-attrs-19.3.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-more-itertools-7.2.0-5.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-packaging-19.2-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-pluggy-0.13.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-py-1.8.0-8.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-pyparsing-2.4.5-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-pytest-4.6.6-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-wcwidth-0.1.7-16.module+el8.4.0+8888+89bc7e79.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-18874
https://access.redhat.com/security/cve/CVE-2020-28493
https://access.redhat.com/security/cve/CVE-2021-3426
https://access.redhat.com/security/cve/CVE-2021-3572
https://access.redhat.com/security/cve/CVE-2021-20095
https://access.redhat.com/security/cve/CVE-2021-23336
https://access.redhat.com/security/cve/CVE-2021-28957
https://access.redhat.com/security/cve/CVE-2021-29921
https://access.redhat.com/security/cve/CVE-2021-33503
https://access.redhat.com/security/cve/CVE-2021-42771
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYrccNzjgjWX9erEAQgcow/+J1I9zXK31HuQLiWziBHMJnIOYz8EbPgC
hLVd/V5gbg593I2Z9cnJUQg0gepzELPJo4XWJryolEbjyrgOCjXIBysKOUvIYlDw
TQMcYWzOLxgHnds6/OWE3XLTvMwHim6UqoWyqol92At5DGE8AT9dlJO0pO9PQ3a+
OlOe5y2XLtqUdweTypPVs+SrIaYUyuIUDW23YCzDvLGtN/mZcZ8REDHwGsBRoKXn
H7dPOVQvlNCrXk8fj+5plBfsPxZJ1ALHjTrNIOfUZCQEPc6jMNqZUxT9SmdsLxPu
fEu+aXV3J9Jz66xD/NZoRAzXuXeEsj4cpSqGQepY3nXe9CuYNhOQMUQggC/EFrxu
0UDOgeTHmgwTkSTnWqylmoOOLoOMHyw8McLNQnfzkWTwIQCzxwK9LuZLSMMD/48v
Fy4tPOfI38wq79R3QF96eCpLZ1crPhOMEzDzRm9/QF9CozBsXSDvWh3PEhbPDSdZ
sRPsv9c0VISzcZv0A1ZRwpFwfItqBZrQOAfELk3ndvWyC0MhCazwQ20dB8HGHQup
De7adLZHrUlNvuM8bIIEZUunxB3uVANz8nOzxz9y7rccV+kMlTEdGGKKgQcAp7jQ
qCu6C4EqvDKKGonrkkh4QXsMFQxSCIsi33m4xuVgKh3lWs4SKnhUTWNDbeuwsp8R
iO8H05zpsrI=
=3U2h
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYYtjYuNLKJtyKPYoAQh8TRAAkWMmrP9nVeOes62vvdc8QGQ1e+JKXnzy
7YSR/p9VCorSxa5dDWqN614tJ8/pKQmAelSzRZNMsKFMNt6vp6MjG63/7M9Hc2O7
bvPM9dRYQ3sep+yYjk1+nmcg2cALoidaIT+kLrZRRblgk1lz31w4Mvzv4WJJk/9d
44pamoqJr8uZp45z/ULZkrOhSFsko1Alco3SR/ncrsZFPXMnIwS0Hgt/IM5+nUkq
kfdSNpD+77mGgJOh8hruKsIcQtdWO9a0io9zuWrNOZTfNcKe1jTFDklqsLZ9VUCG
W/WsjFWhP6nfGOrvfnZUmjlPfSqxMpKIkxcDtg5SKJOrO/u7DQ0xZKXTqjFtqoMW
quvGtQTTPRT6XXufU476vYFOjDyB3+IhvrfZTx9S4Ryf4soIEig21a3A9T6/rT7V
2nGZy3FtewSOXlwGFpG+DCbndlBb5mmWWOD6lLIy6OxEiEAMzpZb6/N7gMqISEh4
JtK+y01g2SpnGCk6/VoQPaVwenoChjz/iuTNdk8j8jVCN0FpCq+xesy4t4p98S6C
MDYyuWqdXmogL55Axe4mebTczjxe/+IvcnS9BkbXznXOUAZ7mdtWuZvQ5dyN3tnO
+mo2roDVa1942bL8VLr+u9AOnIeDbqPe2IiIUFjrGm/JXy4wNh2uYn3Fc08gT5x6
5BpJj4RkbWI=
=gb0Q
-----END PGP SIGNATURE-----