Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:3252
HistoryAug 24, 2021 - 7:29 a.m.

(RHSA-2021:3252) Moderate: python27 security update

2021-08-2407:29:51
access.redhat.com
61

0.038 Low

EPSS

Percentile

92.0%

JSON

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)

  • python-jinja2: ReDoS vulnerability due to the sub-pattern (CVE-2020-28493)

  • python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177)

  • python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095)

  • python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270)

  • python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336)

  • python-pygments: ReDoS via crafted malicious input (CVE-2021-27291)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional information

  • Changes in the default separator for the Python urllib parsing functions

To mitigate the Web Cache Poisoning CVE-2021-23336 in the Python urllib library, the default separator for the urllib.parse.parse_qsl and urllib.parse.parse_qs functions is being changed from both ampersand (&) and semicolon (;) to only an ampersand.

The change of the default separator is potentially backwards incompatible, therefore Red Hat provides a way to configure the behavior in Python packages where the default separator has been changed. In addition, the affected urllib parsing functions issue a warning if they detect that a customer’s application has been affected by the change.

For more information, see the Knowledgebase article “Mitigation of Web Cache Poisoning in the Python urllib library (CVE-2021-23336)” linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7x86_64python27-python-devel< 2.7.18-3.el7python27-python-devel-2.7.18-3.el7.x86_64.rpm
RedHat7ppc64lepython27-python-debug< 2.7.18-3.el7python27-python-debug-2.7.18-3.el7.ppc64le.rpm
RedHat7x86_64python27-python-debuginfo< 2.7.18-3.el7python27-python-debuginfo-2.7.18-3.el7.x86_64.rpm
RedHat7noarchpython27-babel< 0.9.6-10.el7python27-babel-0.9.6-10.el7.noarch.rpm
RedHat7ppc64lepython27-python-test< 2.7.18-3.el7python27-python-test-2.7.18-3.el7.ppc64le.rpm
RedHat7s390xpython27-python-test< 2.7.18-3.el7python27-python-test-2.7.18-3.el7.s390x.rpm
RedHat7ppc64lepython27-tkinter< 2.7.18-3.el7python27-tkinter-2.7.18-3.el7.ppc64le.rpm
RedHat7s390xpython27-tkinter< 2.7.18-3.el7python27-tkinter-2.7.18-3.el7.s390x.rpm
RedHat7ppc64lepython27-python-libs< 2.7.18-3.el7python27-python-libs-2.7.18-3.el7.ppc64le.rpm
RedHat7s390xpython27-python-tools< 2.7.18-3.el7python27-python-tools-2.7.18-3.el7.s390x.rpm
Rows per page:
1-10 of 281

Related

nessus 71
redhat 8
osv 20
oraclelinux 6
rocky 6
almalinux 6
openvas 46
debian 2
ubuntu 6
freebsd 1
fedora 7
ubuntucve 2
cloudfoundry 3
archlinux 3
amazon 1
photon 1
github 2
cve 1
alpinelinux 1
redhatcve 1
ibm 1
nvd 1
gitlab 1
gentoo 1
veracode 1
nessus
nessus
RHEL 7 : python27 (RHSA-2021:3252)
2021-08-24 00:00:00
RHEL 8 : python27:2.7 (RHSA-2021:4151)
2021-11-11 00:00:00
Oracle Linux 8 : python27:2.7 (ELSA-2021-4151)
2021-12-10 00:00:00
redhat
redhat
(RHSA-2021:4151) Moderate: python27:2.7 security update
2021-11-09 08:24:39
(RHSA-2021:1633) Moderate: python3 security update
2021-05-18 05:42:46
(RHSA-2021:4139) Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
osv
osv
Moderate: python27:2.7 security update
2021-11-09 08:24:39
Moderate: python27:2.7 security update
2021-11-09 08:24:39
pygments vulnerabilities
2023-08-14 10:38:30
oraclelinux
oraclelinux
python27:2.7 security update
2021-11-16 00:00:00
python3 security update
2021-05-25 00:00:00
resource-agents security update
2021-11-19 00:00:00
rocky
rocky
python27:2.7 security update
2021-11-09 08:24:39
babel security and bug fix update
2021-11-09 08:37:19
resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
almalinux
almalinux
Moderate: python27:2.7 security update
2021-11-09 08:24:39
Moderate: python3 security update
2021-05-18 05:42:46
Moderate: resource-agents security, bug fix, and enhancement update
2021-11-09 08:20:04
openvas
openvas
Ubuntu: Security Advisory (USN-4897-2)
2023-08-14 00:00:00
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2021-2096)
2021-07-07 00:00:00
Huawei EulerOS: Security Advisory for python-pygments (EulerOS-SA-2021-2054)
2021-07-01 00:00:00
debian
debian
[SECURITY] [DLA 2790-1] python-babel security update
2021-10-21 09:56:09
[SECURITY] [DLA 2619-1] python3.5 security update
2021-04-05 16:08:19
ubuntu
ubuntu
Pygments vulnerabilities
2023-08-14 00:00:00
Python vulnerabilities
2021-02-25 00:00:00
Python regression
2021-02-25 00:00:00
freebsd
freebsd
py-pygments -- multiple DoS vulnerabilities
2021-03-17 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: python2.7-2.7.18-11.fc34
2021-05-29 01:06:40
[SECURITY] Fedora 33 Update: python2.7-2.7.18-11.fc33
2021-05-29 01:17:31
[SECURITY] Fedora 33 Update: python3.7-3.7.10-1.fc33
2021-02-20 01:26:55
ubuntucve
ubuntucve
CVE-2021-42771
2021-10-20 00:00:00
CVE-2020-28493
2021-02-01 00:00:00
cloudfoundry
cloudfoundry
USN-4754-2: Python regression | Cloud Foundry
2021-03-02 00:00:00
USN-4754-1: Python vulnerabilities | Cloud Foundry
2021-03-02 00:00:00
USN-4754-4: Python 2.7 vulnerability | Cloud Foundry
2021-03-22 00:00:00
archlinux
archlinux
[ASA-202102-37] python: multiple issues
2021-02-27 00:00:00
[ASA-202103-27] python2: multiple issues
2021-03-25 00:00:00
[ASA-202102-19] python-jinja: denial of service
2021-02-07 00:00:00
amazon
amazon
Medium: python-babel
2023-03-30 22:50:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0123
2021-11-03 00:00:00
github
github
Directory Traversal in Babel
2021-10-21 17:49:59
Regular Expression Denial of Service (ReDoS) in Jinja2
2021-03-19 21:28:05
cve
cve
CVE-2020-28493
2021-02-01 20:15:12
alpinelinux
alpinelinux
CVE-2020-28493
2021-02-01 20:15:12
redhatcve
redhatcve
CVE-2020-28493
2021-02-15 12:33:42
ibm
ibm
Security Bulletin: IBM Security QRadar Network Threat Analytics uses component jinja2 with a denial of service vulnerability (CVE-2020-28493)
2022-09-16 15:41:17
nvd
nvd
CVE-2020-28493
2021-02-01 20:15:12
gitlab
gitlab
Regular Expression Denial of Service
2021-02-01 00:00:00
gentoo
gentoo
Jinja: Denial of service
2021-07-08 00:00:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-02-02 01:28:40

0.038 Low

EPSS

Percentile

92.0%

JSON
Related for RHSA-2021:3252
nessus71redhat8osv20oraclelinux6rocky6almalinux6openvas46debian2ubuntu6freebsd1fedora7ubuntucve2cloudfoundry3archlinux3amazon1photon1github2cve1alpinelinux1redhatcve1ibm1nvd1gitlab1gentoo1veracode1