RLSA-2020:1605
Moderate: python27:2.7 security, bug fix, and enhancement update
Topic
An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet, python-markupsafe, python-pluggy, python-pygments, Cython, python-virtualenv, babel, python-dns, python-wheel, python-pysocks, python-coverage, python-setuptools_scm, pytz, python-nose, scipy, python-idna.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Description
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.
The following packages have been upgraded to a later upstream version: python2 (2.7.17). (BZ#1759944)
Security Fix(es):
* python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060)
* python: Cookie domain check returns incorrect results (CVE-2018-20852)
* python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236)
* python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324)
* python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056)
* python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.2 Release Notes linked from the References section.
Rocky Linux 8
SRPMs
- babel-0:2.5.1-9.module+el8.4.0+403+9ae17a31.src.rpm
- Cython-0:0.28.1-7.module+el8.5.0+706+735ec4b3.src.rpm
- Cython-0:0.28.1-7.module+el8.4.0+403+9ae17a31.src.rpm
- pytest-0:3.4.2-13.module+el8.5.0+706+735ec4b3.src.rpm
- pytest-0:3.4.2-13.module+el8.4.0+403+9ae17a31.src.rpm
- python2-rpm-macros-0:3-38.module+el8.4.0+403+9ae17a31.src.rpm
- python-attrs-0:17.4.0-10.module+el8.5.0+706+735ec4b3.src.rpm
- python-attrs-0:17.4.0-10.module+el8.4.0+403+9ae17a31.src.rpm
- python-chardet-0:3.0.4-10.module+el8.5.0+706+735ec4b3.src.rpm
- python-chardet-0:3.0.4-10.module+el8.4.0+403+9ae17a31.src.rpm
- python-coverage-0:4.5.1-4.module+el8.5.0+706+735ec4b3.src.rpm
- python-coverage-0:4.5.1-4.module+el8.4.0+403+9ae17a31.src.rpm
- python-dns-0:1.15.0-10.module+el8.7.0+1062+663ba31c.src.rpm
- python-dns-0:1.15.0-10.el8.src.rpm
- python-dns-0:1.15.0-10.module+el8.4.0+403+9ae17a31.src.rpm
- python-docs-0:2.7.16-2.module+el8.4.0+403+9ae17a31.src.rpm
- python-docutils-0:0.14-12.module+el8.4.0+403+9ae17a31.src.rpm
- python-docutils-0:0.14-12.module+el8.3.0+120+426d8baf.src.rpm
- python-funcsigs-0:1.0.2-13.module+el8.4.0+403+9ae17a31.src.rpm
- python-idna-0:2.5-7.module+el8.5.0+706+735ec4b3.src.rpm
- python-idna-0:2.5-7.module+el8.4.0+403+9ae17a31.src.rpm
- python-ipaddress-0:1.0.18-6.module+el8.4.0+403+9ae17a31.src.rpm
- python-jinja2-0:2.10-8.module+el8.4.0+403+9ae17a31.src.rpm
- python-lxml-0:4.2.3-3.el8.src.rpm
- python-markupsafe-0:0.23-19.el8.src.rpm
- python-mock-0:2.0.0-13.module+el8.4.0+403+9ae17a31.src.rpm
- python-nose-0:1.3.7-30.module+el8.3.0+120+426d8baf.src.rpm
- python-pluggy-0:0.6.0-8.module+el8.5.0+706+735ec4b3.src.rpm
- python-pluggy-0:0.6.0-8.module+el8.4.0+403+9ae17a31.src.rpm
- python-psycopg2-0:2.7.5-7.el8.src.rpm
- python-py-0:1.5.3-6.module+el8.5.0+706+735ec4b3.src.rpm
- python-py-0:1.5.3-6.module+el8.4.0+403+9ae17a31.src.rpm
- python-pygments-0:2.2.0-20.module+el8.3.0+120+426d8baf.src.rpm
- python-pymongo-0:3.6.1-11.module+el8.3.0+120+426d8baf.src.rpm
- python-PyMySQL-0:0.8.0-10.module+el8.5.0+706+735ec4b3.src.rpm
- python-PyMySQL-0:0.8.0-10.module+el8.3.0+120+426d8baf.src.rpm
- python-pysocks-0:1.6.8-6.module+el8.5.0+706+735ec4b3.src.rpm
- python-pysocks-0:1.6.8-6.module+el8.4.0+403+9ae17a31.src.rpm
- python-pytest-mock-0:1.9.0-4.module+el8.4.0+403+9ae17a31.src.rpm
- python-requests-0:2.20.0-3.module+el8.5.0+706+735ec4b3.src.rpm
- python-requests-0:2.20.0-3.module+el8.4.0+403+9ae17a31.src.rpm
- python-setuptools_scm-0:1.15.7-6.module+el8.4.0+403+9ae17a31.src.rpm
- python-virtualenv-0:15.1.0-19.module+el8.3.0+120+426d8baf.src.rpm
- python-wheel-1:0.31.1-2.module+el8.3.0+120+426d8baf.src.rpm
- pytz-0:2017.2-12.module+el8.5.0+706+735ec4b3.src.rpm
- pytz-0:2017.2-12.module+el8.4.0+403+9ae17a31.src.rpm
- PyYAML-0:3.12-16.module+el8.5.0+706+735ec4b3.src.rpm
- PyYAML-0:3.12-16.module+el8.4.0+403+9ae17a31.src.rpm
- scipy-0:1.0.0-20.module+el8.3.0+120+426d8baf.src.rpm
- python-markupsafe-0:0.23-19.module+el8.5.0+706+735ec4b3.src.rpm
- python-psycopg2-0:2.7.5-7.module+el8.5.0+706+735ec4b3.src.rpm
RPMs
- babel-0:2.5.1-9.module+el8.4.0+403+9ae17a31.noarch.rpm
- Cython-debugsource-0:0.28.1-7.module+el8.5.0+706+735ec4b3.aarch64.rpm
- Cython-debugsource-0:0.28.1-7.module+el8.4.0+403+9ae17a31.aarch64.rpm
- Cython-debugsource-0:0.28.1-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
- Cython-debugsource-0:0.28.1-7.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-attrs-0:17.4.0-10.module+el8.5.0+706+735ec4b3.noarch.rpm
- python2-attrs-0:17.4.0-10.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-babel-0:2.5.1-9.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-bson-0:3.6.1-11.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-bson-0:3.6.1-11.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-bson-debuginfo-0:3.6.1-11.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-bson-debuginfo-0:3.6.1-11.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-chardet-0:3.0.4-10.module+el8.5.0+706+735ec4b3.noarch.rpm
- python2-chardet-0:3.0.4-10.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-coverage-0:4.5.1-4.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-coverage-0:4.5.1-4.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-coverage-0:4.5.1-4.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-coverage-0:4.5.1-4.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-coverage-debuginfo-0:4.5.1-4.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-coverage-debuginfo-0:4.5.1-4.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-coverage-debuginfo-0:4.5.1-4.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-coverage-debuginfo-0:4.5.1-4.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-Cython-0:0.28.1-7.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-Cython-0:0.28.1-7.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-Cython-0:0.28.1-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-Cython-0:0.28.1-7.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-Cython-debuginfo-0:0.28.1-7.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-Cython-debuginfo-0:0.28.1-7.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-Cython-debuginfo-0:0.28.1-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-Cython-debuginfo-0:0.28.1-7.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-dns-0:1.15.0-10.module+el8.7.0+1062+663ba31c.noarch.rpm
- python2-dns-0:1.15.0-10.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-docs-0:2.7.16-2.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-docs-info-0:2.7.16-2.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-docutils-0:0.14-12.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-funcsigs-0:1.0.2-13.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-idna-0:2.5-7.module+el8.5.0+706+735ec4b3.noarch.rpm
- python2-idna-0:2.5-7.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-ipaddress-0:1.0.18-6.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-jinja2-0:2.10-8.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-markupsafe-0:0.23-19.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-markupsafe-0:0.23-19.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-markupsafe-0:0.23-19.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-markupsafe-0:0.23-19.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-mock-0:2.0.0-13.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-nose-0:1.3.7-30.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-pluggy-0:0.6.0-8.module+el8.5.0+706+735ec4b3.noarch.rpm
- python2-pluggy-0:0.6.0-8.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-psycopg2-0:2.7.5-7.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-psycopg2-0:2.7.5-7.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-psycopg2-0:2.7.5-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-psycopg2-0:2.7.5-7.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-psycopg2-debug-0:2.7.5-7.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-psycopg2-debug-0:2.7.5-7.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-psycopg2-debug-0:2.7.5-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-psycopg2-debug-0:2.7.5-7.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-psycopg2-debug-debuginfo-0:2.7.5-7.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-psycopg2-debug-debuginfo-0:2.7.5-7.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-psycopg2-debug-debuginfo-0:2.7.5-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-psycopg2-debug-debuginfo-0:2.7.5-7.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-psycopg2-debuginfo-0:2.7.5-7.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-psycopg2-debuginfo-0:2.7.5-7.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-psycopg2-debuginfo-0:2.7.5-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-psycopg2-debuginfo-0:2.7.5-7.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-psycopg2-tests-0:2.7.5-7.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-psycopg2-tests-0:2.7.5-7.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-psycopg2-tests-0:2.7.5-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-psycopg2-tests-0:2.7.5-7.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-py-0:1.5.3-6.module+el8.5.0+706+735ec4b3.noarch.rpm
- python2-py-0:1.5.3-6.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-pygments-0:2.2.0-20.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-pymongo-0:3.6.1-11.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-pymongo-0:3.6.1-11.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-pymongo-debuginfo-0:3.6.1-11.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-pymongo-debuginfo-0:3.6.1-11.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-pymongo-gridfs-0:3.6.1-11.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-pymongo-gridfs-0:3.6.1-11.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-PyMySQL-0:0.8.0-10.module+el8.5.0+706+735ec4b3.noarch.rpm
- python2-PyMySQL-0:0.8.0-10.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-pysocks-0:1.6.8-6.module+el8.5.0+706+735ec4b3.noarch.rpm
- python2-pysocks-0:1.6.8-6.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-pytest-0:3.4.2-13.module+el8.5.0+706+735ec4b3.noarch.rpm
- python2-pytest-0:3.4.2-13.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-pytest-mock-0:1.9.0-4.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-pytz-0:2017.2-12.module+el8.5.0+706+735ec4b3.noarch.rpm
- python2-pytz-0:2017.2-12.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-pyyaml-0:3.12-16.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-pyyaml-0:3.12-16.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-pyyaml-0:3.12-16.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-pyyaml-0:3.12-16.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-pyyaml-debuginfo-0:3.12-16.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python2-pyyaml-debuginfo-0:3.12-16.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-pyyaml-debuginfo-0:3.12-16.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python2-pyyaml-debuginfo-0:3.12-16.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-requests-0:2.20.0-3.module+el8.5.0+706+735ec4b3.noarch.rpm
- python2-requests-0:2.20.0-3.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-rpm-macros-0:3-38.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-scipy-0:1.0.0-20.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-scipy-0:1.0.0-20.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-scipy-debuginfo-0:1.0.0-20.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python2-scipy-debuginfo-0:1.0.0-20.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python2-setuptools_scm-0:1.15.7-6.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-virtualenv-0:15.1.0-19.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-wheel-1:0.31.1-2.module+el8.4.0+403+9ae17a31.noarch.rpm
- python2-wheel-wheel-1:0.31.1-2.module+el8.4.0+403+9ae17a31.noarch.rpm
- python-coverage-debugsource-0:4.5.1-4.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python-coverage-debugsource-0:4.5.1-4.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python-coverage-debugsource-0:4.5.1-4.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python-coverage-debugsource-0:4.5.1-4.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python-nose-docs-0:1.3.7-30.module+el8.3.0+120+426d8baf.noarch.rpm
- python-psycopg2-debuginfo-0:2.7.5-7.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python-psycopg2-debuginfo-0:2.7.5-7.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python-psycopg2-debuginfo-0:2.7.5-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python-psycopg2-debuginfo-0:2.7.5-7.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python-psycopg2-debugsource-0:2.7.5-7.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python-psycopg2-debugsource-0:2.7.5-7.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python-psycopg2-debugsource-0:2.7.5-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python-psycopg2-debugsource-0:2.7.5-7.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python-psycopg2-doc-0:2.7.5-7.module+el8.5.0+706+735ec4b3.aarch64.rpm
- python-psycopg2-doc-0:2.7.5-7.module+el8.4.0+403+9ae17a31.aarch64.rpm
- python-psycopg2-doc-0:2.7.5-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
- python-psycopg2-doc-0:2.7.5-7.module+el8.4.0+403+9ae17a31.x86_64.rpm
- python-pymongo-debuginfo-0:3.6.1-11.module+el8.3.0+120+426d8baf.aarch64.rpm
- python-pymongo-debuginfo-0:3.6.1-11.module+el8.3.0+120+426d8baf.x86_64.rpm
- python-pymongo-debugsource-0:3.6.1-11.module+el8.3.0+120+426d8baf.aarch64.rpm
- python-pymongo-debugsource-0:3.6.1-11.module+el8.3.0+120+426d8baf.x86_64.rpm
- PyYAML-debugsource-0:3.12-16.module+el8.5.0+706+735ec4b3.aarch64.rpm
- PyYAML-debugsource-0:3.12-16.module+el8.4.0+403+9ae17a31.aarch64.rpm
- PyYAML-debugsource-0:3.12-16.module+el8.5.0+706+735ec4b3.x86_64.rpm
- PyYAML-debugsource-0:3.12-16.module+el8.4.0+403+9ae17a31.x86_64.rpm
- scipy-debugsource-0:1.0.0-20.module+el8.3.0+120+426d8baf.aarch64.rpm
- scipy-debugsource-0:1.0.0-20.module+el8.3.0+120+426d8baf.x86_64.rpm
Issued: 4/28/2020
Type: Security
Severity: Moderate
Affected Product
- Rocky Linux 8
Fixes
CVEs
References
- No references