Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2021-4151.NASLHistoryNov 07, 2023 - 12:00 a.m.
Rocky Linux 8 : python27:2.7 (RLSA-2021:4151)
2023-11-0700:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
rocky linux 8
python 2.7
vulnerabilities
jinja2
pygments
babel
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.4%
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4151 advisory.
-
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. (CVE-2020-27619)
-
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the
_punctuation_re regexoperator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. (CVE-2020-28493) -
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the exception keyword. (CVE-2021-20270)
-
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. (CVE-2021-23336)
-
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
(CVE-2021-27291) -
An XSS vulnerability was discovered in python-lxml’s clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
(CVE-2021-28957) -
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. (CVE-2021-42771)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2021:4151.
##
include('compat.inc');
if (description)
{
script_id(185065);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id(
"CVE-2020-27619",
"CVE-2020-28493",
"CVE-2021-20270",
"CVE-2021-23336",
"CVE-2021-27291",
"CVE-2021-28957",
"CVE-2021-42771"
);
script_xref(name:"IAVA", value:"2021-A-0052-S");
script_xref(name:"IAVA", value:"2021-A-0263-S");
script_xref(name:"RLSA", value:"2021:4151");
script_name(english:"Rocky Linux 8 : python27:2.7 (RLSA-2021:4151)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2021:4151 advisory.
- In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content
retrieved via HTTP. (CVE-2020-27619)
- This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the
`_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most
exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format
user content instead of the urlize filter, or by implementing request timeouts and limiting process
memory. (CVE-2020-28493)
- An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when
performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only
contains the exception keyword. (CVE-2021-20270)
- The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before
3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and
urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query
parameters using a semicolon (;), they can cause a difference in the interpretation of the request between
the proxy (running with default configuration) and the server. This can result in malicious requests being
cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and
therefore would not include it in a cache key of an unkeyed parameter. (CVE-2021-23336)
- In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular
expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are
vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
(CVE-2021-27291)
- An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling
the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute
allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS
code on users who interact with incorrectly sanitized HTML. This issue is patched in lxml 4.6.3.
(CVE-2021-28957)
- Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing
serialized Python objects) via directory traversal, leading to code execution. (CVE-2021-42771)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2021:4151");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1889886");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1922136");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1928707");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1928904");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1940603");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1941534");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1945483");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1955615");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27619");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/10/22");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:Cython-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:PyYAML-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:babel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:numpy-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python-coverage-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python-lxml-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python-nose-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python-psycopg2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python-psycopg2-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python-psycopg2-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python-pymongo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python-pymongo-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python-sqlalchemy-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-Cython");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-Cython-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-PyMySQL");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-attrs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-babel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-backports");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-backports-ssl_match_hostname");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-bson");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-bson-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-chardet");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-coverage");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-coverage-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-dns");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-docs-info");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-docutils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-funcsigs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-idna");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-ipaddress");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-jinja2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-lxml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-lxml-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-markupsafe");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-mock");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-nose");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-numpy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-numpy-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-numpy-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-numpy-f2py");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pip");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pip-wheel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pluggy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-psycopg2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-psycopg2-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-psycopg2-debug-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-psycopg2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-psycopg2-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-py");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pygments");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pymongo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pymongo-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pymongo-gridfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pysocks");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pytest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pytest-mock");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pytz");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pyyaml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-pyyaml-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-requests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-rpm-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-scipy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-scipy-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-setuptools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-setuptools-wheel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-setuptools_scm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-six");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-sqlalchemy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-tkinter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-urllib3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-virtualenv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-wheel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:python2-wheel-wheel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:scipy-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var module_ver = get_kb_item('Host/RockyLinux/appstream/python27');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module python27:2.7');
if ('2.7' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module python27:' + module_ver);
var appstreams = {
'python27:2.7': [
{'reference':'babel-2.5.1-10.module+el8.5.0+706+735ec4b3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'Cython-debugsource-0.28.1-7.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'Cython-debugsource-0.28.1-7.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'Cython-debugsource-0.28.1-7.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'Cython-debugsource-0.28.1-7.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'numpy-debugsource-1.14.2-16.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'numpy-debugsource-1.14.2-16.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'numpy-debugsource-1.14.2-16.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'numpy-debugsource-1.14.2-16.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python-coverage-debugsource-4.5.1-4.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-coverage-debugsource-4.5.1-4.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-coverage-debugsource-4.5.1-4.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-coverage-debugsource-4.5.1-4.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-lxml-debugsource-4.2.3-5.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-lxml-debugsource-4.2.3-5.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-nose-docs-1.3.7-31.module+el8.5.0+671+195e4563', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-debuginfo-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-debuginfo-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-debuginfo-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-debuginfo-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-debugsource-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-debugsource-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-debugsource-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-debugsource-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-doc-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-doc-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-doc-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-psycopg2-doc-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-pymongo-debuginfo-3.7.0-1.module+el8.4.0+597+ddf0ddea', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-pymongo-debuginfo-3.7.0-1.module+el8.4.0+597+ddf0ddea', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+671+195e4563', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-pymongo-debuginfo-3.7.0-1.module+el8.5.0+671+195e4563', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-pymongo-debugsource-3.7.0-1.module+el8.4.0+597+ddf0ddea', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-pymongo-debugsource-3.7.0-1.module+el8.4.0+597+ddf0ddea', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-pymongo-debugsource-3.7.0-1.module+el8.5.0+671+195e4563', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-pymongo-debugsource-3.7.0-1.module+el8.5.0+671+195e4563', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-sqlalchemy-doc-1.3.2-2.module+el8.3.0+120+426d8baf', 'release':'8', 'el_string':'el8.3.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-sqlalchemy-doc-1.3.2-2.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-attrs-17.4.0-10.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-attrs-17.4.0-10.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-babel-2.5.1-10.module+el8.5.0+706+735ec4b3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-backports-1.0-16.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-backports-1.0-16.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-backports-ssl_match_hostname-3.5.0.1-12.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-bson-3.7.0-1.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-bson-3.7.0-1.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-bson-debuginfo-3.7.0-1.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-bson-debuginfo-3.7.0-1.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-chardet-3.0.4-10.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-chardet-3.0.4-10.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-coverage-4.5.1-4.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-coverage-4.5.1-4.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-coverage-4.5.1-4.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-coverage-4.5.1-4.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-coverage-debuginfo-4.5.1-4.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-coverage-debuginfo-4.5.1-4.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-coverage-debuginfo-4.5.1-4.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-coverage-debuginfo-4.5.1-4.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-Cython-0.28.1-7.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-Cython-0.28.1-7.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-Cython-0.28.1-7.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-Cython-0.28.1-7.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-Cython-debuginfo-0.28.1-7.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-Cython-debuginfo-0.28.1-7.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-Cython-debuginfo-0.28.1-7.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-Cython-debuginfo-0.28.1-7.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-debug-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-debug-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-debuginfo-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-debuginfo-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-debugsource-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-debugsource-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-devel-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-devel-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-dns-1.15.0-10.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-dns-1.15.0-10.module+el8.7.0+1062+663ba31c', 'release':'8', 'el_string':'el8.7.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-docs-2.7.16-2.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-docs-info-2.7.16-2.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-docutils-0.14-12.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-funcsigs-1.0.2-13.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-idna-2.5-7.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-idna-2.5-7.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-ipaddress-1.0.18-6.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-jinja2-2.10-9.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-jinja2-2.10-9.module+el8.7.0+1062+663ba31c', 'release':'8', 'el_string':'el8.7.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-libs-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-libs-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-lxml-4.2.3-5.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-lxml-4.2.3-5.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-lxml-debuginfo-4.2.3-5.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-markupsafe-0.23-19.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-markupsafe-0.23-19.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-markupsafe-0.23-19.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-markupsafe-0.23-19.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-mock-2.0.0-13.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-nose-1.3.7-31.module+el8.5.0+706+735ec4b3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-numpy-1.14.2-16.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-1.14.2-16.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-1.14.2-16.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-1.14.2-16.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-debuginfo-1.14.2-16.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-debuginfo-1.14.2-16.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-debuginfo-1.14.2-16.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-doc-1.14.2-16.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-doc-1.14.2-16.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-f2py-1.14.2-16.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-f2py-1.14.2-16.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-f2py-1.14.2-16.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-numpy-f2py-1.14.2-16.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-pip-9.0.3-18.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pip-wheel-9.0.3-18.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pluggy-0.6.0-8.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pluggy-0.6.0-8.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debug-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debug-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debug-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debug-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debuginfo-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debuginfo-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debuginfo-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-debuginfo-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-tests-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-tests-2.7.5-7.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-tests-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-psycopg2-tests-2.7.5-7.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-py-1.5.3-6.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-py-1.5.3-6.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pygments-2.2.0-22.module+el8.5.0+706+735ec4b3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pymongo-3.7.0-1.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pymongo-3.7.0-1.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pymongo-debuginfo-3.7.0-1.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pymongo-gridfs-3.7.0-1.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-PyMySQL-0.8.0-10.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-PyMySQL-0.8.0-10.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pysocks-1.6.8-6.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pysocks-1.6.8-6.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pytest-3.4.2-13.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pytest-3.4.2-13.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pytest-mock-1.9.0-4.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pytz-2017.2-12.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pytz-2017.2-12.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pyyaml-3.12-16.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pyyaml-3.12-16.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pyyaml-3.12-16.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pyyaml-3.12-16.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pyyaml-debuginfo-3.12-16.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pyyaml-debuginfo-3.12-16.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pyyaml-debuginfo-3.12-16.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-pyyaml-debuginfo-3.12-16.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-requests-2.20.0-3.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-requests-2.20.0-3.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-rpm-macros-3-38.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-scipy-1.0.0-21.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-scipy-1.0.0-21.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-scipy-debuginfo-1.0.0-21.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-setuptools-39.0.1-13.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-setuptools-wheel-39.0.1-13.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-setuptools_scm-1.15.7-6.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-six-1.11.0-6.module+el8.4.0+403+9ae17a31', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-sqlalchemy-1.3.2-2.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-sqlalchemy-1.3.2-2.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-test-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-test-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-tkinter-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-tkinter-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-tools-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-tools-2.7.18-7.module+el8.5.0+706+735ec4b3.rocky.0.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-urllib3-1.24.2-3.module+el8.4.0+403+9ae17a31', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-urllib3-1.24.2-3.module+el8.5.0+706+735ec4b3', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-virtualenv-15.1.0-21.module+el8.5.0+706+735ec4b3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python2-wheel-0.31.1-3.module+el8.5.0+706+735ec4b3', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'python2-wheel-wheel-0.31.1-3.module+el8.5.0+706+735ec4b3', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'PyYAML-debugsource-3.12-16.module+el8.4.0+403+9ae17a31', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'PyYAML-debugsource-3.12-16.module+el8.4.0+403+9ae17a31', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'PyYAML-debugsource-3.12-16.module+el8.5.0+706+735ec4b3', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'PyYAML-debugsource-3.12-16.module+el8.5.0+706+735ec4b3', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'scipy-debugsource-1.0.0-21.module+el8.5.0+671+195e4563', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'scipy-debugsource-1.0.0-21.module+el8.5.0+671+195e4563', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
};
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RockyLinux/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var package_array ( appstreams[module] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module python27:2.7');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Cython-debugsource / PyYAML-debugsource / babel / numpy-debugsource / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rocky | linux | cython-debugsource | p-cpe:/a:rocky:linux:cython-debugsource |
| rocky | linux | pyyaml-debugsource | p-cpe:/a:rocky:linux:pyyaml-debugsource |
| rocky | linux | babel | p-cpe:/a:rocky:linux:babel |
| rocky | linux | numpy-debugsource | p-cpe:/a:rocky:linux:numpy-debugsource |
| rocky | linux | python-coverage-debugsource | p-cpe:/a:rocky:linux:python-coverage-debugsource |
| rocky | linux | python-lxml-debugsource | p-cpe:/a:rocky:linux:python-lxml-debugsource |
| rocky | linux | python-nose-docs | p-cpe:/a:rocky:linux:python-nose-docs |
| rocky | linux | python-psycopg2-debuginfo | p-cpe:/a:rocky:linux:python-psycopg2-debuginfo |
| rocky | linux | python-psycopg2-debugsource | p-cpe:/a:rocky:linux:python-psycopg2-debugsource |
| rocky | linux | python-psycopg2-doc | p-cpe:/a:rocky:linux:python-psycopg2-doc |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28493
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20270
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28957
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42771
bugzilla.redhat.com/show_bug.cgi?id=1889886
bugzilla.redhat.com/show_bug.cgi?id=1922136
bugzilla.redhat.com/show_bug.cgi?id=1928707
bugzilla.redhat.com/show_bug.cgi?id=1928904
bugzilla.redhat.com/show_bug.cgi?id=1940603
bugzilla.redhat.com/show_bug.cgi?id=1941534
bugzilla.redhat.com/show_bug.cgi?id=1945483
bugzilla.redhat.com/show_bug.cgi?id=1955615
errata.rockylinux.org/RLSA-2021:4151
Related
nessus
nessus
CentOS 8 : python27:2.7 (CESA-2021:4151)
2021-11-11 00:00:00
RHEL 8 : python27:2.7 (RHSA-2021:4151)
2021-11-11 00:00:00
Oracle Linux 8 : python27:2.7 (ELSA-2021-4151)
2021-12-10 00:00:00
almalinux
almalinux
Moderate: python27:2.7 security update
2021-11-09 08:24:39
Moderate: python36:3.6 security and bug fix update
2021-11-09 08:24:37
Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
osv
osv
Moderate: python27:2.7 security update
2021-11-09 08:24:39
Moderate: python27:2.7 security update
2021-11-09 08:24:39
Moderate: python36:3.6 security and bug fix update
2021-11-09 08:24:37
redhat
redhat
(RHSA-2021:4151) Moderate: python27:2.7 security update
2021-11-09 08:24:39
(RHSA-2021:3252) Moderate: python27 security update
2021-08-24 07:29:51
oraclelinux
oraclelinux
python27:2.7 security update
2021-11-16 00:00:00
python36:3.6 security and bug fix update
2021-11-16 00:00:00
resource-agents security update
2021-11-19 00:00:00
rocky
rocky
python27:2.7 security update
2021-11-09 08:24:39
python36:3.6 security and bug fix update
2021-11-09 08:24:37
resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
openvas
openvas
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-2065)
2021-07-01 00:00:00
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-1887)
2021-05-19 00:00:00
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-2441)
2021-09-15 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: python2.7-2.7.18-11.fc34
2021-05-29 01:06:40
[SECURITY] Fedora 33 Update: python2.7-2.7.18-11.fc33
2021-05-29 01:17:31
[SECURITY] Fedora 33 Update: mingw-python-jinja2-2.11.3-1.fc33
2021-03-15 01:19:56
freebsd
freebsd
py-pygments -- multiple DoS vulnerabilities
2021-03-17 00:00:00
ubuntu
ubuntu
Pygments vulnerabilities
2023-08-14 00:00:00
Jinja2 vulnerability
2022-10-26 00:00:00
Pygments vulnerability
2021-03-22 00:00:00
ubuntucve
ubuntucve
CVE-2020-28493
2021-02-01 00:00:00
CVE-2021-28957
2021-03-21 00:00:00
amazon
amazon
Medium: python-babel
2023-03-30 22:50:00
Medium: babel
2023-03-30 18:56:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0123
2021-11-03 00:00:00
github
github
Directory Traversal in Babel
2021-10-21 17:49:59
lxml vulnerable to Cross-Site Scripting
2021-03-22 16:53:53
Regular Expression Denial of Service (ReDoS) in Jinja2
2021-03-19 21:28:05
ibm
ibm
alpinelinux
alpinelinux
redhatcve
redhatcve
nvd
nvd
CVE-2020-28493
2021-02-01 20:15:12
CVE-2021-42771
2021-10-20 21:15:07
cve
cve
CVE-2020-28493
2021-02-01 20:15:12
CVE-2021-42771
2021-10-20 21:15:07
prion
prion
Cross site scripting
2021-03-21 05:15:00
Design/Logic Flaw
2021-02-01 20:15:00
Directory traversal
2021-10-20 21:15:00
gitlab
gitlab
Regular Expression Denial of Service
2021-02-01 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-20270 affecting package python-pygments 2.4.2-6
2021-04-06 23:50:13
CVE-2021-42771 affecting package babel for versions less than 2.9.1-1
2022-04-09 06:51:57
archlinux
archlinux
[ASA-202102-19] python-jinja: denial of service
2021-02-07 00:00:00
[ASA-202102-20] python2-jinja: denial of service
2021-02-07 00:00:00
gentoo
gentoo
Jinja: Denial of service
2021-07-08 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-02-02 01:28:40
Directory Traversal
2021-10-21 04:31:28
Cross-site Scripting (XSS)
2021-03-22 05:25:18
debiancve
debiancve
CVE-2020-28493
2021-02-01 20:15:12
CVE-2021-28957
2021-03-21 05:15:13
suse
suse
Security update for python-Pygments (important)
2021-10-31 00:00:00
Security update for python-Babel (important)
2021-12-10 00:00:00
Security update for python-Babel (important)
2021-12-06 00:00:00
cvelist
cvelist
CVE-2021-20270
2021-03-23 16:40:22
CVE-2021-42771
2021-10-20 20:05:35
mageia
mageia
Updated python-jinja2 packages fix a security vulnerability
2021-04-12 22:59:59
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.4%
Related for ROCKY_LINUX_RLSA-2021-4151.NASL