Lucene search

Rockylinux Product ErrataRLSA-2022:1932

HistoryMay 10, 2022 - 8:08 a.m.

python-lxml security update

2022-05-1008:08:19

Rockylinux Product Errata

errata.rockylinux.org

python-lxml

security update

rocky linux 8

html cleaner

cve-2021-43818

xml processing

libxml2

libxslt libraries

cvss

rocky linux 8.6 release notes

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

EPSS

0.007

Percentile

80.3%

JSON

An update is available for python-lxml.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API.

Security Fix(es):

python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
rocky8aarch64python3-lxml< 4.2.3-4.el8python3-lxml-0:4.2.3-4.el8.aarch64.rpm
rocky8x86_64python3-lxml< 4.2.3-4.el8python3-lxml-0:4.2.3-4.el8.x86_64.rpm
rocky8aarch64python3-lxml-debuginfo< 4.2.3-4.el8python3-lxml-debuginfo-0:4.2.3-4.el8.aarch64.rpm
rocky8x86_64python3-lxml-debuginfo< 4.2.3-4.el8python3-lxml-debuginfo-0:4.2.3-4.el8.x86_64.rpm
rocky8aarch64python-lxml-debugsource< 4.2.3-4.module+el8.4.0+403+9ae17a31python-lxml-debugsource-0:4.2.3-4.module+el8.4.0+403+9ae17a31.aarch64.rpm
rocky8x86_64python-lxml-debugsource< 4.2.3-4.module+el8.4.0+403+9ae17a31python-lxml-debugsource-0:4.2.3-4.module+el8.4.0+403+9ae17a31.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
rocky	8	aarch64	python3-lxml	< 4.2.3-4.el8	python3-lxml-0:4.2.3-4.el8.aarch64.rpm
rocky	8	x86_64	python3-lxml	< 4.2.3-4.el8	python3-lxml-0:4.2.3-4.el8.x86_64.rpm
rocky	8	aarch64	python3-lxml-debuginfo	< 4.2.3-4.el8	python3-lxml-debuginfo-0:4.2.3-4.el8.aarch64.rpm
rocky	8	x86_64	python3-lxml-debuginfo	< 4.2.3-4.el8	python3-lxml-debuginfo-0:4.2.3-4.el8.x86_64.rpm
rocky	8	aarch64	python-lxml-debugsource	< 4.2.3-4.module+el8.4.0+403+9ae17a31	python-lxml-debugsource-0:4.2.3-4.module+el8.4.0+403+9ae17a31.aarch64.rpm
rocky	8	x86_64	python-lxml-debugsource	< 4.2.3-4.module+el8.4.0+403+9ae17a31	python-lxml-debugsource-0:4.2.3-4.module+el8.4.0+403+9ae17a31.x86_64.rpm