Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
almalinuxAlmaLinuxALSA-2020:4654
HistoryNov 03, 2020 - 12:24 p.m.

Moderate: python27:2.7 security update

2020-11-0312:24:08
errata.almalinux.org
30

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.012 Low

EPSS

Percentile

85.1%

JSON

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.

Security Fix(es):

  • python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)

  • python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8noarchpython2-pluggy< 0.6.0-8.module_el8.6.0+2781+fed64c13python2-pluggy-0.6.0-8.module_el8.6.0+2781+fed64c13.noarch.rpm
almalinux8noarchpython2-pytz< 2017.2-12.module_el8.6.0+2781+fed64c13python2-pytz-2017.2-12.module_el8.6.0+2781+fed64c13.noarch.rpm
almalinux8noarchpython2-rpm-macros< 3-38.module_el8.6.0+2781+fed64c13python2-rpm-macros-3-38.module_el8.6.0+2781+fed64c13.noarch.rpm
almalinux8aarch64python-psycopg2-doc< 2.7.5-7.module_el8.6.0+2781+fed64c13python-psycopg2-doc-2.7.5-7.module_el8.6.0+2781+fed64c13.aarch64.rpm
almalinux8noarchpython2-setuptools_scm< 1.15.7-6.module_el8.6.0+2781+fed64c13python2-setuptools_scm-1.15.7-6.module_el8.6.0+2781+fed64c13.noarch.rpm
almalinux8noarchpython-sqlalchemy-doc< 1.3.2-2.module_el8.5.0+2569+5c5719bcpython-sqlalchemy-doc-1.3.2-2.module_el8.5.0+2569+5c5719bc.noarch.rpm
almalinux8noarchpython2-docutils< 0.14-12.module_el8.6.0+2781+fed64c13python2-docutils-0.14-12.module_el8.6.0+2781+fed64c13.noarch.rpm
almalinux8aarch64python2-psycopg2-debug< 2.7.5-7.module_el8.6.0+2781+fed64c13python2-psycopg2-debug-2.7.5-7.module_el8.6.0+2781+fed64c13.aarch64.rpm
almalinux8noarchpython2-dns< 1.15.0-10.module_el8.6.0+2781+fed64c13python2-dns-1.15.0-10.module_el8.6.0+2781+fed64c13.noarch.rpm
almalinux8aarch64python2-cython< 0.28.1-7.module_el8.6.0+2781+fed64c13python2-Cython-0.28.1-7.module_el8.6.0+2781+fed64c13.aarch64.rpm
Rows per page:
1-10 of 491

Related

nessus 76
oraclelinux 5
osv 9
rocky 1
redhat 8
openvas 47
cvelist 2
debiancve 2
suse 16
cbl_mariner 4
almalinux 1
redhatcve 2
debian 1
prion 2
github 1
cve 2
ubuntucve 2
nvd 2
centos 2
veracode 2
ubuntu 1
amazon 3
ibm 4
fedora 2
f5 1
alpinelinux 1
nessus
nessus
Oracle Linux 8 : python27:2.7 (ELSA-2020-4654)
2023-09-07 00:00:00
Rocky Linux 8 : python27:2.7 (RLSA-2020:4654)
2023-11-06 00:00:00
CentOS 8 : python27:2.7 (CESA-2020:4654)
2021-02-01 00:00:00
oraclelinux
oraclelinux
python27:2.7 security update
2020-11-10 00:00:00
python-pip security update
2020-11-10 00:00:00
python-virtualenv security update
2022-06-29 00:00:00
osv
osv
Moderate: python27:2.7 security update
2020-11-03 12:24:08
Moderate: python27:2.7 security update
2020-11-03 12:24:08
PYSEC-2020-173
2020-09-04 20:15:00
rocky
rocky
python27:2.7 security update
2020-11-03 12:24:08
redhat
redhat
(RHSA-2020:4654) Moderate: python27:2.7 security update
2020-11-03 12:24:08
(RHSA-2020:4273) Moderate: python27 security, bug fix, and enhancement update
2020-10-20 15:44:20
(RHSA-2020:4432) Moderate: python-pip security update
2020-11-03 12:04:06
openvas
openvas
openSUSE: Security Advisory for python-pip (openSUSE-SU-2020:1613-1)
2020-10-05 00:00:00
Debian: Security Advisory (DLA-2370-1)
2020-09-12 00:00:00
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2020-2490)
2020-12-01 00:00:00
cvelist
cvelist
CVE-2019-20916
2020-09-04 19:20:55
CVE-2019-20907
2020-07-13 00:00:00
debiancve
debiancve
CVE-2019-20916
2020-09-04 20:15:11
CVE-2019-20907
2020-07-13 13:15:10
suse
suse
Security update for python-pip (moderate)
2022-04-28 00:00:00
Security update for python (important)
2020-12-09 00:00:00
Security update for python-pip (important)
2020-12-05 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-20916 affecting package python-pip 18.0-5
2021-01-11 21:49:40
CVE-2019-20907 affecting package python3 3.7.7-2
2021-07-08 21:56:42
CVE-2019-20907 affecting package python2 2.7.18-9
2020-11-30 19:30:47
almalinux
almalinux
Moderate: python-pip security update
2020-11-03 12:04:06
redhatcve
redhatcve
CVE-2019-20916
2020-09-07 14:21:56
CVE-2019-20907
2020-07-13 19:16:55
debian
debian
[SECURITY] [DLA 2370-1] python-pip security update
2020-09-11 10:16:16
prion
prion
Directory traversal
2020-09-04 20:15:00
Input validation
2020-07-13 13:15:00
github
github
Path Traversal in pip
2021-06-09 17:35:04
cve
cve
CVE-2019-20916
2020-09-04 20:15:11
CVE-2019-20907
2020-07-13 13:15:10
ubuntucve
ubuntucve
CVE-2019-20916
2020-09-04 00:00:00
CVE-2019-20907
2020-07-13 00:00:00
nvd
nvd
CVE-2019-20916
2020-09-04 20:15:11
CVE-2019-20907
2020-07-13 13:15:10
centos
centos
python security update
2022-08-02 19:21:51
python, tkinter security update
2020-11-18 17:21:38
veracode
veracode
Denial Of Service (DoS)
2020-08-06 21:29:42
Directory Traversal
2019-06-13 01:55:10
ubuntu
ubuntu
pip vulnerability
2020-10-22 00:00:00
amazon
amazon
Medium: python-pip
2021-05-20 16:07:00
Medium: python
2020-09-01 00:40:00
Medium: python27
2020-08-27 00:20:00
ibm
ibm
Security Bulletin: A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2019-20916)
2023-01-12 21:59:00
Security Bulletin: Publicly disclosed vulnerability from Python affects IBM Netezza Host Management
2020-11-10 10:59:11
Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907)
2023-08-17 17:52:34
fedora
fedora
[SECURITY] Fedora 32 Update: python39-3.9.0~b5-1.fc32
2020-07-30 18:57:22
[SECURITY] Fedora 31 Update: python39-3.9.0~b5-1.fc31
2020-07-30 19:09:04
f5
f5
K78284681 : Python tarfile library vulnerability CVE-2019-20907
2021-06-01 00:00:00
alpinelinux
alpinelinux
CVE-2019-20907
2020-07-13 13:15:10

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.012 Low

EPSS

Percentile

85.1%

JSON
Related for ALSA-2020:4654
nessus76oraclelinux5osv9rocky1redhat8openvas47cvelist2debiancve2suse16cbl_mariner4almalinux1redhatcve2debian1prion2github1cve2ubuntucve2nvd2centos2veracode2ubuntu1amazon3ibm4fedora2f51alpinelinux1