Lucene search
DebianDEBIAN:DSA-4880-1:0276DHistoryMar 29, 2021 - 4:20 p.m.
[SECURITY] [DSA 4880-1] lxml security update
2021-03-2916:20:53
lists.debian.org
24
0.002 Low
EPSS
Percentile
61.7%
Debian Security Advisory DSA-4880-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
March 29, 2021 https://www.debian.org/security/faq
Package : lxml
CVE ID : CVE-2021-28957
Debian Bug : 985643
Kevin Chung discovered that lxml, a Python binding for the libxml2 and
libxslt libraries, did not properly sanitize its input. This would
allow a malicious user to mount a cross-site scripting attack.
For the stable distribution (buster), this problem has been fixed in
version 4.3.2-1+deb10u3.
We recommend that you upgrade your lxml packages.
For the detailed security status of lxml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lxml
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | mips | python3-lxml | < 4.3.2-1+deb10u3 | python3-lxml_4.3.2-1+deb10u3_mips.deb |
| Debian | 10 | armel | python3-lxml-dbg | < 4.3.2-1+deb10u3 | python3-lxml-dbg_4.3.2-1+deb10u3_armel.deb |
| Debian | 9 | arm64 | python-lxml-dbg | < 3.7.1-1+deb9u4 | python-lxml-dbg_3.7.1-1+deb9u4_arm64.deb |
| Debian | 10 | s390x | python3-lxml-dbg | < 4.3.2-1+deb10u3 | python3-lxml-dbg_4.3.2-1+deb10u3_s390x.deb |
| Debian | 10 | armhf | python3-lxml-dbg | < 4.3.2-1+deb10u3 | python3-lxml-dbg_4.3.2-1+deb10u3_armhf.deb |
| Debian | 10 | mips | python3-lxml-dbg | < 4.3.2-1+deb10u3 | python3-lxml-dbg_4.3.2-1+deb10u3_mips.deb |
| Debian | 10 | ppc64el | python3-lxml-dbg | < 4.3.2-1+deb10u3 | python3-lxml-dbg_4.3.2-1+deb10u3_ppc64el.deb |
| Debian | 9 | armel | python-lxml | < 3.7.1-1+deb9u4 | python-lxml_3.7.1-1+deb9u4_armel.deb |
| Debian | 10 | armhf | python3-lxml | < 4.3.2-1+deb10u3 | python3-lxml_4.3.2-1+deb10u3_armhf.deb |
| Debian | 10 | s390x | python-lxml-dbg | < 4.3.2-1+deb10u3 | python-lxml-dbg_4.3.2-1+deb10u3_s390x.deb |
Related
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : lxml vulnerability (USN-4896-1)
2021-03-30 00:00:00
EulerOS Virtualization 3.0.6.6 : python-lxml (EulerOS-SA-2022-1141)
2022-02-12 00:00:00
EulerOS Virtualization 3.0.2.0 : python-lxml (EulerOS-SA-2021-2830)
2021-12-29 00:00:00
ubuntucve
ubuntucve
CVE-2021-28957
2021-03-21 00:00:00
rocky
rocky
python-lxml security update
2021-11-09 08:26:20
python27:2.7 security update
2021-11-09 08:24:39
python39:3.9 and python39-devel:3.9 security update
2021-11-09 08:26:25
alpinelinux
alpinelinux
CVE-2021-28957
2021-03-21 05:15:13
prion
prion
Cross site scripting
2021-03-21 05:15:00
osv
osv
lxml vulnerability
2021-04-08 12:46:21
lxml - security update
2021-03-29 00:00:00
CVE-2021-28957
2021-03-21 05:15:13
openvas
openvas
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2483)
2021-09-24 00:00:00
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2022-1141)
2022-02-13 00:00:00
Ubuntu: Security Advisory (USN-4896-2)
2022-08-26 00:00:00
github
github
lxml vulnerable to Cross-Site Scripting
2021-03-22 16:53:53
redhatcve
redhatcve
CVE-2021-28957
2021-03-22 10:58:48
debiancve
debiancve
CVE-2021-28957
2021-03-21 05:15:13
veracode
veracode
Cross-site Scripting (XSS)
2021-03-22 05:25:18
almalinux
almalinux
Moderate: python-lxml security update
2021-11-09 08:26:20
Moderate: python39:3.9 and python39-devel:3.9 security update
2021-11-09 08:26:25
Moderate: python27:2.7 security update
2021-11-09 08:24:39
mageia
mageia
Updated python-lxml packages fix a security vulnerability
2021-06-14 00:32:39
cbl_mariner
cbl_mariner
CVE-2021-28957 affecting package python-lxml 4.2.4-7
2021-08-11 06:39:25
CVE-2021-28957 affecting package python-lxml for versions less than 4.8.0-1
2022-04-26 19:57:36
cvelist
cvelist
CVE-2021-28957
2021-03-21 04:39:35
redhat
redhat
(RHSA-2021:4158) Moderate: python-lxml security update
2021-11-09 08:26:20
(RHSA-2021:4151) Moderate: python27:2.7 security update
2021-11-09 08:24:39
ubuntu
ubuntu
lxml vulnerability
2021-04-08 00:00:00
lxml vulnerability
2021-03-30 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: python-lxml-4.5.1-4.fc33
2021-06-04 01:03:49
[SECURITY] Fedora 34 Update: python-lxml-4.6.3-1.fc34
2021-05-28 01:01:22
debian
debian
[SECURITY] [DSA 4880-1] lxml security update
2021-03-29 16:20:53
[SECURITY] [DLA 2606-1] lxml security update
2021-03-24 18:10:42
cve
cve
CVE-2021-28957
2021-03-21 05:15:13
nvd
nvd
CVE-2021-28957
2021-03-21 05:15:13
suse
suse
Security update for python-lxml (moderate)
2022-11-01 00:00:00
Security update for python-lxml (important)
2022-03-10 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2021-0072
2021-07-28 00:00:00
Moderate Photon OS Security Update - PHSA-2021-4.0-0072
2021-07-29 00:00:00
Critical Photon OS Security Update - PHSA-2022-0406
2022-06-17 00:00:00
gentoo
gentoo
lxml: Multiple Vulnerabilities
2022-08-10 00:00:00
oraclelinux
oraclelinux
python27:2.7 security update
2021-11-16 00:00:00
python39:3.9 and python39-devel:3.9 security update
2021-11-16 00:00:00
python38:3.8 and python38-devel:3.8 security update
2021-11-16 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00