[ALSA-2020:4641] Moderate: python38:3.8 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2020-11-03
Description:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packages have been upgraded to a later upstream version: python38 (3.8.3). (BZ#1847416) Security Fix(es): * PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477) * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * PyYAML: arbitrary command execution through python/object/new when FullLoader is used (CVE-2020-1747) * python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS (CVE-2020-8492) * python: DoS via inefficiency in IPv{4,6}Interface classes (CVE-2020-14422) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 python38-markupsafe-1.1.1-6.module_el8.6.0+2778+cd494b30.aarch64.rpm 3f488db760321468941121cb12ad0fc0e9475b3622136942dcd630cffd24e58b
aarch64 python38-scipy-1.3.1-4.module_el8.6.0+2778+cd494b30.aarch64.rpm 7a8f643660f230b6d5a8d0f3292141748a5c38bc3030e618f6f103c63af0f44f
aarch64 python38-Cython-0.29.14-4.module_el8.6.0+2778+cd494b30.aarch64.rpm a4e1d3d54e2a12f52aab2227978ee9e0a7af759c5d2e2564214321c648ef9ae5
aarch64 python38-psycopg2-2.8.4-4.module_el8.6.0+2778+cd494b30.aarch64.rpm b2e43444b2dabaa46628615d6263e07945d5eb190e4af36952cfb19c511d4864
aarch64 python38-mod_wsgi-4.6.8-3.module_el8.6.0+2778+cd494b30.aarch64.rpm b323ee37330a883fc856e013571f5135df2fb8713757dd2590096cde7bd6614f
aarch64 python38-cffi-1.13.2-3.module_el8.6.0+2778+cd494b30.aarch64.rpm b40a44d392b221398be147937cdf5987d0f3d4e8bfec2e1e3a55271aafe281d8
aarch64 python38-cryptography-2.8-3.module_el8.6.0+2778+cd494b30.aarch64.rpm bf72b57867e7b5e38597ff7d7cd4c14a8f5917cabef72b72aa927ddf62cd84f6
aarch64 python38-psycopg2-doc-2.8.4-4.module_el8.6.0+2778+cd494b30.aarch64.rpm c4a25a77c5201ef4da0194f13891bae13417ab45a23def0e8b7e9cbd09966f7a
aarch64 python38-psycopg2-tests-2.8.4-4.module_el8.6.0+2778+cd494b30.aarch64.rpm eba86f1d719f3bf1b524322a7ef1f22f20a539a644c465831f8e3e102a5176bb
noarch python38-asn1crypto-1.2.0-3.module_el8.6.0+2778+cd494b30.noarch.rpm 02dd00e439241ec1b0a1151948e9445a82f9eecf9740cd9e21f365ddd0dce291
noarch python38-pycparser-2.19-3.module_el8.6.0+2778+cd494b30.noarch.rpm 323e4624b4a15564a85ebcbfd841409d1642e4623ee4ec2d3aed59bc7e1ab829
noarch python38-chardet-3.0.4-19.module_el8.6.0+2778+cd494b30.noarch.rpm 3fa07e33c9abbda7289a9afec9ed4b0923a21b740c5011f4111055590466435a
noarch python38-requests-2.22.0-9.module_el8.6.0+2778+cd494b30.noarch.rpm f0aae6da0c3adc1ce2afc8002e1de2085429c2f1251e8a1b0a4ba94868e10e74
noarch python38-idna-2.8-6.module_el8.6.0+2778+cd494b30.noarch.rpm f2a5e3f36b6b6dcfb406a36e33d0cb2a5ccecdb58f6ad2b6ef2be364fbc98eb6
noarch python38-pytz-2019.3-3.module_el8.6.0+2778+cd494b30.noarch.rpm f7e39d7913177c47998e2b3a6be29a29cb15561a3baad01deb9754a388c3762f
noarch python38-pysocks-1.7.1-4.module_el8.6.0+2778+cd494b30.noarch.rpm fc640ac497749830a68c783a3d77e3d53ac14c9c72fb74ec533f5f12c0a6c05e
ppc64le python38-psycopg2-doc-2.8.4-4.module_el8.6.0+2778+cd494b30.ppc64le.rpm 6b34bcec0c6e1da96fe43fe20f534fe61aa21e50a7a13eecbf996edfb1e5657f
ppc64le python38-mod_wsgi-4.6.8-3.module_el8.6.0+2778+cd494b30.ppc64le.rpm 883dd4bcf9997e0b060d790e78bff647e3bb656ac71d76493674d4c72188f0ff
ppc64le python38-psycopg2-tests-2.8.4-4.module_el8.6.0+2778+cd494b30.ppc64le.rpm a63dae7824cfc6b625ef07bc19027688e2262692635a0b8c8da25056c481a332
ppc64le python38-cffi-1.13.2-3.module_el8.6.0+2778+cd494b30.ppc64le.rpm aacfd9bd3cb4495f4aa594caf7f03479bad0827a1c5df7ea251be34ca7263ba9
ppc64le python38-cryptography-2.8-3.module_el8.6.0+2778+cd494b30.ppc64le.rpm bd9fcf4ac2ab77d536a7f6bc32ac933d088c0db36817f4ce1c8c09c81c2f4ee6
ppc64le python38-psycopg2-2.8.4-4.module_el8.6.0+2778+cd494b30.ppc64le.rpm d20742d1f385d2570868b45daa29370a34dddbaad00a8fd61437de89094b0b59
ppc64le python38-Cython-0.29.14-4.module_el8.6.0+2778+cd494b30.ppc64le.rpm d5ab0324cb57894c65ae8e4b7ac04ae711cfcdecdea5234dff3317ed69ff4f3d
ppc64le python38-scipy-1.3.1-4.module_el8.6.0+2778+cd494b30.ppc64le.rpm d6dde26d35cd675b4a2d552cb2bbf0d8d353b6b25ca6f7d1c77e43a9fcea98d2
ppc64le python38-markupsafe-1.1.1-6.module_el8.6.0+2778+cd494b30.ppc64le.rpm f6f0cd84192980d972315452158fa711e7275cffa13574cdd8d0fabad40c4aa9
x86_64 python38-psycopg2-tests-2.8.4-4.module_el8.6.0+2778+cd494b30.x86_64.rpm 297774bf7efc03efb275822cce163f78569c2096af6cf968fbed9111e10bb77b
x86_64 python38-psycopg2-doc-2.8.4-4.module_el8.6.0+2778+cd494b30.x86_64.rpm 42c503c28d2094d6f714411f460927b51d0c3eceb2e9b94ad6701866f5d1d44a
x86_64 python38-scipy-1.3.1-4.module_el8.6.0+2778+cd494b30.x86_64.rpm 72fe569372b560af7f09419c45e25f9c8c62b1886de2d475a48692f294e720d2
x86_64 python38-psycopg2-2.8.4-4.module_el8.6.0+2778+cd494b30.x86_64.rpm 7e8562f43621449635453ceb19beba2b4e4cdfc4bbc6201326dc733b4a7798cd
x86_64 python38-markupsafe-1.1.1-6.module_el8.6.0+2778+cd494b30.x86_64.rpm 83c18e67f826f15390dab196aabb0383434f863553f3b1ca841fee8c38e18695
x86_64 python38-cffi-1.13.2-3.module_el8.6.0+2778+cd494b30.x86_64.rpm a1283a30a43e0310e0bc23723857fe56c9a1e6cd2c78050acd27a6159037e385
x86_64 python38-mod_wsgi-4.6.8-3.module_el8.6.0+2778+cd494b30.x86_64.rpm c7ecf3d670eaf8d8047cbd0e7407880b4bac1de2f76b35d5690e75690f678efd
x86_64 python38-cryptography-2.8-3.module_el8.6.0+2778+cd494b30.x86_64.rpm cdc102a8338bcf5d4c9681345a1243cc0bcc0893fba2cf1ef9ca6c14e38dd566
x86_64 python38-Cython-0.29.14-4.module_el8.6.0+2778+cd494b30.x86_64.rpm ce45d8d4e62578be39bc2fad0cf25b5af26abdd28ebf45bdd239ebc95c9f49f1
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.