(RHSA-2020:4654) Moderate: python27:2.7 security update

2020-11-0312:24:08

access.redhat.com

117

0.012 Low

EPSS

Percentile

85.1%

JSON

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.

Security Fix(es):

python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)
python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanys390xcython-debugsource< 0.28.1-7.module+el8.1.0+3111+de3f2d8eCython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
RedHatanyppc64lepython-lxml-debugsource< 4.2.3-3.module+el8.1.0+3111+de3f2d8epython-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
RedHatanynoarchpython2-setuptools_scm< 1.15.7-6.module+el8.1.0+3111+de3f2d8epython2-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
RedHatanyppc64lepython2-scipy-debuginfo< 1.0.0-20.module+el8.1.0+3323+7ac3e00fpython2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
RedHatanyppc64lepython2-coverage< 4.5.1-4.module+el8.1.0+3111+de3f2d8epython2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
RedHatanynoarchpython2-mock< 2.0.0-13.module+el8.1.0+3111+de3f2d8epython2-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
RedHatanyppc64lepython2-numpy< 1.14.2-13.module+el8.1.0+3323+7ac3e00fpython2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
RedHatanyx86_64python2-backports< 1.0-15.module+el8.1.0+3111+de3f2d8epython2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
RedHatanyppc64lepython2-coverage-debuginfo< 4.5.1-4.module+el8.1.0+3111+de3f2d8epython2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
RedHatanyaarch64python-psycopg2-doc< 2.7.5-7.module+el8.1.0+3111+de3f2d8epython-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	s390x	cython-debugsource	< 0.28.1-7.module+el8.1.0+3111+de3f2d8e	Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
RedHat	any	ppc64le	python-lxml-debugsource	< 4.2.3-3.module+el8.1.0+3111+de3f2d8e	python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
RedHat	any	noarch	python2-setuptools_scm	< 1.15.7-6.module+el8.1.0+3111+de3f2d8e	python2-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
RedHat	any	ppc64le	python2-scipy-debuginfo	< 1.0.0-20.module+el8.1.0+3323+7ac3e00f	python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
RedHat	any	ppc64le	python2-coverage	< 4.5.1-4.module+el8.1.0+3111+de3f2d8e	python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
RedHat	any	noarch	python2-mock	< 2.0.0-13.module+el8.1.0+3111+de3f2d8e	python2-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm
RedHat	any	ppc64le	python2-numpy	< 1.14.2-13.module+el8.1.0+3323+7ac3e00f	python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm
RedHat	any	x86_64	python2-backports	< 1.0-15.module+el8.1.0+3111+de3f2d8e	python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.x86_64.rpm
RedHat	any	ppc64le	python2-coverage-debuginfo	< 4.5.1-4.module+el8.1.0+3111+de3f2d8e	python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
RedHat	any	aarch64	python-psycopg2-doc	< 2.7.5-7.module+el8.1.0+3111+de3f2d8e	python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm