[ALSA-2020:1605] Moderate: python27:2.7 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2020-04-28
Description:
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The following packages have been upgraded to a later upstream version: python2 (2.7.17). (BZ#1759944) Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages:
  • python2-pluggy-0.6.0-8.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-pytz-2017.2-12.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-rpm-macros-3-38.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python-psycopg2-doc-2.7.5-7.module_el8.6.0+2781+fed64c13.aarch64.rpm
  • python2-setuptools_scm-1.15.7-6.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-docutils-0.14-12.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-psycopg2-debug-2.7.5-7.module_el8.6.0+2781+fed64c13.aarch64.rpm
  • python2-dns-1.15.0-10.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-Cython-0.28.1-7.module_el8.6.0+2781+fed64c13.aarch64.rpm
  • python2-mock-2.0.0-13.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-pysocks-1.6.8-6.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-PyMySQL-0.8.0-10.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-markupsafe-0.23-19.module_el8.6.0+2781+fed64c13.aarch64.rpm
  • python2-attrs-17.4.0-10.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-pyyaml-3.12-16.module_el8.6.0+2781+fed64c13.aarch64.rpm
  • python2-pytest-mock-1.9.0-4.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-ipaddress-1.0.18-6.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-chardet-3.0.4-10.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-requests-2.20.0-3.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-idna-2.5-7.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-docs-2.7.16-2.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-docs-info-2.7.16-2.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-pytest-3.4.2-13.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-coverage-4.5.1-4.module_el8.6.0+2781+fed64c13.aarch64.rpm
  • python2-psycopg2-2.7.5-7.module_el8.6.0+2781+fed64c13.aarch64.rpm
  • python2-psycopg2-tests-2.7.5-7.module_el8.6.0+2781+fed64c13.aarch64.rpm
  • python2-py-1.5.3-6.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python2-funcsigs-1.0.2-13.module_el8.6.0+2781+fed64c13.noarch.rpm
  • python-psycopg2-doc-2.7.5-7.module_el8.6.0+2781+fed64c13.x86_64.rpm
  • python2-psycopg2-tests-2.7.5-7.module_el8.6.0+2781+fed64c13.x86_64.rpm
  • python2-pyyaml-3.12-16.module_el8.6.0+2781+fed64c13.x86_64.rpm
  • python2-psycopg2-debug-2.7.5-7.module_el8.6.0+2781+fed64c13.x86_64.rpm
  • python2-Cython-0.28.1-7.module_el8.6.0+2781+fed64c13.x86_64.rpm
  • python2-markupsafe-0.23-19.module_el8.6.0+2781+fed64c13.x86_64.rpm
  • python2-psycopg2-2.7.5-7.module_el8.6.0+2781+fed64c13.x86_64.rpm
  • python2-coverage-4.5.1-4.module_el8.6.0+2781+fed64c13.x86_64.rpm
  • python-psycopg2-doc-2.7.5-7.module_el8.6.0+2781+fed64c13.ppc64le.rpm
  • python2-coverage-4.5.1-4.module_el8.6.0+2781+fed64c13.ppc64le.rpm
  • python2-markupsafe-0.23-19.module_el8.6.0+2781+fed64c13.ppc64le.rpm
  • python2-psycopg2-debug-2.7.5-7.module_el8.6.0+2781+fed64c13.ppc64le.rpm
  • python2-psycopg2-2.7.5-7.module_el8.6.0+2781+fed64c13.ppc64le.rpm
  • python2-psycopg2-tests-2.7.5-7.module_el8.6.0+2781+fed64c13.ppc64le.rpm
  • python2-pyyaml-3.12-16.module_el8.6.0+2781+fed64c13.ppc64le.rpm
  • python2-Cython-0.28.1-7.module_el8.6.0+2781+fed64c13.ppc64le.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.