python security update

2024-02-2014:49:49

CentOS Project

lists.centos.org

centos_errata python-reportlab-library security-fix code-injection pdf-generation cve-2019-19450 centos-advisory unix-affected-packages red-hat-errata

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.9%

JSON

CentOS Errata and Security Advisory CESA-2023:5616

Python-reportlab is a library used for generation of PDF documents.

Security Fix(es):

python-reportlab: code injection in paraparser.py allows code execution (CVE-2019-19450)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2024-February/099226.html

Affected packages:
python-reportlab
python-reportlab-docs

Upstream details at:
https://access.redhat.com/errata/RHSA-2023:5616

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64python-reportlab< 2.5-11.el7_9python-reportlab-2.5-11.el7_9.x86_64.rpm
CentOS7x86_64python-reportlab-docs< 2.5-11.el7_9python-reportlab-docs-2.5-11.el7_9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	x86_64	python-reportlab	< 2.5-11.el7_9	python-reportlab-2.5-11.el7_9.x86_64.rpm
CentOS	7	x86_64	python-reportlab-docs	< 2.5-11.el7_9	python-reportlab-docs-2.5-11.el7_9.x86_64.rpm