ALSA-2021:4151

[ALSA-2021:4151] Moderate: python27:2.7 security update

Type:

security

Severity:

moderate

Release date:

2021-11-09

Description:

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619)

* python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)

* python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)

* python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270)

* python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336)

* python-pygments: ReDoS in multiple lexers (CVE-2021-27291)

* python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	python2-scipy-1.0.0-21.module_el8.6.0+2781+fed64c13.aarch64.rpm	1eb5d6581e55edb7baa9ec65a37cf7e319f969691f521beb45ebd53fe73456ac
aarch64	python-psycopg2-doc-2.7.5-7.module_el8.6.0+2781+fed64c13.aarch64.rpm	268cb518d03ad67213b5a14751d8876f7ec3b21cdc7e9d980163b4c1b62f0155
aarch64	python2-numpy-1.14.2-16.module_el8.6.0+2781+fed64c13.aarch64.rpm	285bd04032ff5926903c09d122bf651504df9f2df3fd9aec56608c927094011c
aarch64	python2-backports-1.0-16.module_el8.6.0+2781+fed64c13.aarch64.rpm	35888a91996066fbebd7543113524e07f706d55fcaacdf0e117867b6db10428a
aarch64	python2-bson-3.7.0-1.module_el8.6.0+2781+fed64c13.aarch64.rpm	372bfcf2fa88e4e20b83990404225464506f278dcec8e69eb2dd8588fd82b70b
aarch64	python2-psycopg2-debug-2.7.5-7.module_el8.6.0+2781+fed64c13.aarch64.rpm	4385e2456c28b5c9fc21ba5d7b291028e29fd4432e5ba11da0dbf7c7f4309a66
aarch64	python2-Cython-0.28.1-7.module_el8.6.0+2781+fed64c13.aarch64.rpm	4fe0221b4c60da2042adc812ae223663b8379ae638e05db9d9d016fa01597ab3
aarch64	python2-markupsafe-0.23-19.module_el8.6.0+2781+fed64c13.aarch64.rpm	63d42274de243d293e0d49e60cdd4c53eaf5d5086499cc3c260c6a7ce9a95c3a
aarch64	python2-sqlalchemy-1.3.2-2.module_el8.6.0+2781+fed64c13.aarch64.rpm	65db15fbfff5dda540fd9cfc60b00f722d3ec82866c98404e71bd6c30bd6b0a8
aarch64	python2-pymongo-3.7.0-1.module_el8.6.0+2781+fed64c13.aarch64.rpm	6f8769f0a7f9447e9b82ce74fa4f94ec49a307d4892f2d9c5a550b5f1198fc34
aarch64	python2-pyyaml-3.12-16.module_el8.6.0+2781+fed64c13.aarch64.rpm	7b2a5473b6953d3f88816b6c355c19e40cd2e38f71f3b735c39bf19f5b574774
aarch64	python2-pymongo-gridfs-3.7.0-1.module_el8.6.0+2781+fed64c13.aarch64.rpm	aabc6f0bd327e8ea0634389d7261557ef21d749ea7eca14a73d44f1787820dd1
aarch64	python2-numpy-f2py-1.14.2-16.module_el8.6.0+2781+fed64c13.aarch64.rpm	c4d975c7158d5773ad0c94d08de1737964cbd27d7a468e387de81cb735f23364
aarch64	python2-coverage-4.5.1-4.module_el8.6.0+2781+fed64c13.aarch64.rpm	e1d1897770f9f0583507669aef569fc622d8c66468a88b105ad9abf86e8fd304
aarch64	python2-psycopg2-2.7.5-7.module_el8.6.0+2781+fed64c13.aarch64.rpm	e9e08b7da39d8367d10d70001ec46e8494c0afb10d02174e915ff6275b5e040d
aarch64	python2-psycopg2-tests-2.7.5-7.module_el8.6.0+2781+fed64c13.aarch64.rpm	f35b3393280a34d59fcb7bf772ed1c4b6ddf501b7c5ed22e680c7ddc346dc661
noarch	python2-pluggy-0.6.0-8.module_el8.6.0+2781+fed64c13.noarch.rpm	08adf4c4c608ab9cfbe42ca66b8e5cdc2cf929e09998dcab11672d121b1d66d5
noarch	python2-pytz-2017.2-12.module_el8.6.0+2781+fed64c13.noarch.rpm	0f6e3729104265ba4c1d4a8e9604ece1cf980f45450990e58a4a4da1dc99c142
noarch	python2-rpm-macros-3-38.module_el8.6.0+2781+fed64c13.noarch.rpm	0f707f1676370cdc6d0cb6938fcafc5e36895f7eca9d6c478bef3307bcaea4bf
noarch	python2-setuptools-39.0.1-13.module_el8.6.0+2781+fed64c13.noarch.rpm	16a6eb8e4d62c20a8a362e52af472c19fea2c4b4fb9d66b8d4b5e8b34038ebd5
noarch	python-sqlalchemy-doc-1.3.2-2.module_el8.6.0+2781+fed64c13.noarch.rpm	1a2b6d7555ac97bb559a6df6fcaa464e542c36734c9fd3defe509ceff6681116
noarch	python2-setuptools_scm-1.15.7-6.module_el8.6.0+2781+fed64c13.noarch.rpm	2708c00d2388bd78588f0d1352c95b9c18be47e8b52416df1d3026b0eecbbf98
noarch	python-sqlalchemy-doc-1.3.2-2.module_el8.5.0+2569+5c5719bc.noarch.rpm	327e8ad6a86a1a65fc3b4d2da5eb2a83ca3c01a68f13ecaf054699e3da21e489
noarch	python2-docutils-0.14-12.module_el8.6.0+2781+fed64c13.noarch.rpm	350ecda34776fceaca8b89a180d5255ea8dc17443217540ba7243e2a13b53ec2
noarch	python2-dns-1.15.0-10.module_el8.6.0+2781+fed64c13.noarch.rpm	4ccfd396082173299bc64629fc3e5831c5fc85b40be33f6f51723c270bb749f1
noarch	python2-mock-2.0.0-13.module_el8.6.0+2781+fed64c13.noarch.rpm	537d2a427fb179e87b859dc1a4f81cabbfbd8f0dbb11c830a79f20a4b265c6d6
noarch	python2-pysocks-1.6.8-6.module_el8.6.0+2781+fed64c13.noarch.rpm	579a0042752c846eaaf44726c4a801695374030dca5e55a3b01e48b0fc7b2315
noarch	python2-PyMySQL-0.8.0-10.module_el8.6.0+2781+fed64c13.noarch.rpm	5e48758e9ae93f416345bca0af5004e79befa568f12f2bbea23a8360af88e490
noarch	python2-numpy-doc-1.14.2-16.module_el8.6.0+2781+fed64c13.noarch.rpm	63032687bbe54071c0e53140232c52ec19ccc6fa19f68f4bed0f419445e55cea
noarch	python2-attrs-17.4.0-10.module_el8.6.0+2781+fed64c13.noarch.rpm	65ed4d1e8109ab82edc3f0b452e9279d3ddcfe27829fd8c98a1d7941f5944fbb
noarch	python-nose-docs-1.3.7-31.module_el8.6.0+2781+fed64c13.noarch.rpm	69e2b0778140f85862628d6f2db2aaaa647f6a5193c0db46a5a44463b53e7126
noarch	python-nose-docs-1.3.7-31.module_el8.5.0+2569+5c5719bc.noarch.rpm	78108d9c26834ebc584f739ab28e493c116bb99cf9123ff0743eb9d87923efa7
noarch	python2-jinja2-2.10-9.module_el8.6.0+2781+fed64c13.noarch.rpm	7b98cb329cec82984f6dcb8d438d5b0665129f995b37b7579a895c7c47ce8941
noarch	python2-pytest-mock-1.9.0-4.module_el8.6.0+2781+fed64c13.noarch.rpm	85c7e375727a8943285f198c444d52e3ec910f1de1431b170e86892d34b327d3
noarch	python2-backports-ssl_match_hostname-3.5.0.1-12.module_el8.6.0+2781+fed64c13.noarch.rpm	86cbf61be84c761e1ac2653185165795d6ece7c167b2385983b90c78c1845a90
noarch	python2-ipaddress-1.0.18-6.module_el8.6.0+2781+fed64c13.noarch.rpm	909577600262b834c5f9ccf59c4cc969e784b6b949b797599ccc3878635ed72a
noarch	python2-urllib3-1.24.2-3.module_el8.6.0+2781+fed64c13.noarch.rpm	90cd5cc7aa8f3fdfc6de2f59da95d9b664d4374c8447688864a134270ad6e13f
noarch	python2-chardet-3.0.4-10.module_el8.6.0+2781+fed64c13.noarch.rpm	92024f7522fa403c63b09c5b7ccc6ff43ae6cff21dd1d3e714b7cae19021f715
noarch	python2-setuptools-wheel-39.0.1-13.module_el8.6.0+2781+fed64c13.noarch.rpm	9e56c6b7cebb52cfada7395183f6db696c34f3dc6ddad353b9a543ee593f1d68
noarch	python2-requests-2.20.0-3.module_el8.6.0+2781+fed64c13.noarch.rpm	a204b03dadb4fe82d7b2c8c132a5d0b76b114f2ba15c2a80a04b82b6ffb4e07a
noarch	python2-wheel-wheel-0.31.1-3.module_el8.6.0+2781+fed64c13.noarch.rpm	a3032e49a7fd2c96e0c67ba6637ca2970f58a03045a7513b5823843aef68c5d2
noarch	python2-babel-2.5.1-10.module_el8.6.0+2781+fed64c13.noarch.rpm	a5639da5086796dfbb4d1c95de41aa1787898e0ac65d0e48591f899444d70532
noarch	python2-virtualenv-15.1.0-21.module_el8.6.0+2781+fed64c13.noarch.rpm	a68c8804eefebd6215539a629631d8a2a4ed5a8a6fd8688f8e1bb4eb46acdf7d
noarch	python2-nose-1.3.7-31.module_el8.6.0+2781+fed64c13.noarch.rpm	a7aa021010426257560df0c8cd6a7b4f495ce2a362c8fb8243629e086a0323aa
noarch	python2-six-1.11.0-6.module_el8.6.0+2781+fed64c13.noarch.rpm	b09064b4124ae9d73fe33f1db7389e94983b1fbde900520221461d1e07eb65c5
noarch	python2-wheel-0.31.1-3.module_el8.6.0+2781+fed64c13.noarch.rpm	b29f83905eaaaec1d6fd2be5e9654f4f4709471679309ee7e486363c3d17e836
noarch	python2-idna-2.5-7.module_el8.6.0+2781+fed64c13.noarch.rpm	b442b9345edd3d6779e67b56c3e5fc61a4d1ba811942857ecdf8826e3909501d
noarch	python2-pygments-2.2.0-22.module_el8.6.0+2781+fed64c13.noarch.rpm	b6d9a5c9d3dd1dde2e5c77767341042167f5826c6805194cd149fbc233f17ced
noarch	python2-docs-2.7.16-2.module_el8.6.0+2781+fed64c13.noarch.rpm	bbf51ddf481e6a33777df9549840437bc568c58d0e18dec22b51fb8a73834cc3
noarch	babel-2.5.1-10.module_el8.6.0+2781+fed64c13.noarch.rpm	c340bdb61e1b2119589d8effc7382017825a35080a1d13727ade8d59e71bf492
noarch	python2-docs-info-2.7.16-2.module_el8.6.0+2781+fed64c13.noarch.rpm	c45a2a862df0e3dab50c42b3c21f555ef4943cd5ebc4178f0aef83a060535422
noarch	python2-pytest-3.4.2-13.module_el8.6.0+2781+fed64c13.noarch.rpm	ce317bc44c45290a853dfe8d880a7447d8819cb90077730041c79f0fbec65b61
noarch	python2-py-1.5.3-6.module_el8.6.0+2781+fed64c13.noarch.rpm	fcb588e2011cbee8960377755b67b2414430947af876b981e4b491298e293245
noarch	python2-funcsigs-1.0.2-13.module_el8.6.0+2781+fed64c13.noarch.rpm	fdd155b2957a59e67ee7a0566cb2913167afbdc764547bbbb7b5f40743fc8a9d
ppc64le	python2-numpy-f2py-1.14.2-16.module_el8.6.0+2781+fed64c13.ppc64le.rpm	07f9d6fbddc216e0440d754ce9d0bf89b0c48b54640bf5312ae4fc9b74407661
ppc64le	python-psycopg2-doc-2.7.5-7.module_el8.6.0+2781+fed64c13.ppc64le.rpm	24446b6b2a465ac1a73b0a77a532df55732ffd01e3162419a780d0c494a52ccc
ppc64le	python2-coverage-4.5.1-4.module_el8.6.0+2781+fed64c13.ppc64le.rpm	2ab8f974d1a9d6078661bf376debe33407d0e94b66f4b369347276725f29ac2e
ppc64le	python2-sqlalchemy-1.3.2-2.module_el8.6.0+2781+fed64c13.ppc64le.rpm	4c14d60bc93a5bb2e7a708ad599bea1bf22151b249c436df4ef9d572dd687a0c
ppc64le	python2-numpy-1.14.2-16.module_el8.6.0+2781+fed64c13.ppc64le.rpm	6562fae865e67b29c85fe3871f143fb716f64e25bd04dd88140bcbd4be2116a1
ppc64le	python2-markupsafe-0.23-19.module_el8.6.0+2781+fed64c13.ppc64le.rpm	69620e07787d40268505e00cb14e572f2dbad7b17b93a31ac49bb3a51a5a4c40
ppc64le	python2-psycopg2-debug-2.7.5-7.module_el8.6.0+2781+fed64c13.ppc64le.rpm	6af22a3ee6318862fbac9c462a7fe6f1fe3118c87c9abe85dd21b93abf118229
ppc64le	python2-psycopg2-2.7.5-7.module_el8.6.0+2781+fed64c13.ppc64le.rpm	76a1720e3e47e54dccd6f29a1c482db91fcc65bd23193dc22e52081bac2f6ac4
ppc64le	python2-pymongo-gridfs-3.7.0-1.module_el8.6.0+2781+fed64c13.ppc64le.rpm	8da03298689e068a9655284014358ce61fdab210f9aa62de37824e57eaaa4e50
ppc64le	python2-backports-1.0-16.module_el8.6.0+2781+fed64c13.ppc64le.rpm	b3b94a33c58f5f0b00aed887231e363aac3f0069b245c83b880d0defc5816721
ppc64le	python2-psycopg2-tests-2.7.5-7.module_el8.6.0+2781+fed64c13.ppc64le.rpm	c53c4ed75c46006dd39e567f658b9d47ef795fc3c27bb6706f38b1e10add256b
ppc64le	python2-bson-3.7.0-1.module_el8.6.0+2781+fed64c13.ppc64le.rpm	d30d1595762f5fdbc04eba71a4676e4914d06ddb38e5cb167a80c1b368df3a79
ppc64le	python2-scipy-1.0.0-21.module_el8.6.0+2781+fed64c13.ppc64le.rpm	d9ae21bcc6305cf2bae245d5cd58faf4b5f85cec2644d52eea511c2c27d00d07
ppc64le	python2-pyyaml-3.12-16.module_el8.6.0+2781+fed64c13.ppc64le.rpm	e09dc7672ba6ebf7515753ef1270173d710b16d5a3a2407bf26470715c02b38f
ppc64le	python2-Cython-0.28.1-7.module_el8.6.0+2781+fed64c13.ppc64le.rpm	e23f3293dcb3227ea70284a62b0a22a6efdb4dd006163dfe6783a3a6d19e366c
ppc64le	python2-pymongo-3.7.0-1.module_el8.6.0+2781+fed64c13.ppc64le.rpm	f360e6dd1d3fc65907d0cc1b493b1c4fd0724fe39e5601d4ae61b2e13e294810
x86_64	python-psycopg2-doc-2.7.5-7.module_el8.6.0+2781+fed64c13.x86_64.rpm	0e072a71d43783a6a20af215eb1976af080661cbac8bba1d2dd8a4144644d2da
x86_64	python2-backports-1.0-16.module_el8.6.0+2781+fed64c13.x86_64.rpm	0f2b4a2c7f2473de40c9f138e9df7bfdb2e59c8ff1cdb15f4931057576985a6a
x86_64	python2-psycopg2-tests-2.7.5-7.module_el8.6.0+2781+fed64c13.x86_64.rpm	2f0a68ba40aed0431c3c3e3dfd400f50cdeed313c01b01349eb3d3a86f5caa13
x86_64	python2-pyyaml-3.12-16.module_el8.6.0+2781+fed64c13.x86_64.rpm	437bb7ba3c82271515d58f1a3169f155a6cedcf84a1fb87ff8020b2e1c48dd26
x86_64	python2-numpy-1.14.2-16.module_el8.6.0+2781+fed64c13.x86_64.rpm	5df39ac81dd440d8d103a45356361796b375795b4713525e800b3c847c29d4a0
x86_64	python2-psycopg2-debug-2.7.5-7.module_el8.6.0+2781+fed64c13.x86_64.rpm	672a61a8b5eda31bc08b5c01783a88f606baf8fee4cb2ffaca8082183083a6d3
x86_64	python2-Cython-0.28.1-7.module_el8.6.0+2781+fed64c13.x86_64.rpm	67947b53184d533452458c7354bd26707265d931cc1ad91f289fbefb0f946039
x86_64	python2-scipy-1.0.0-21.module_el8.6.0+2781+fed64c13.x86_64.rpm	6e21712d786127e466ce74d7ce3b960f057fff2e3d0e47d270fa7c5530d7022b
x86_64	python2-pymongo-3.7.0-1.module_el8.6.0+2781+fed64c13.x86_64.rpm	83afa515ecc445ad447cff0e2659bc86227ece752182184e379235c28374cdbe
x86_64	python2-numpy-f2py-1.14.2-16.module_el8.6.0+2781+fed64c13.x86_64.rpm	8c72c4e499c7e3ce814fc95d4090206d0a95f3ddc70f180bc4181cbaa48377d7
x86_64	python2-markupsafe-0.23-19.module_el8.6.0+2781+fed64c13.x86_64.rpm	a4d71692bac0c905d804a1edfda8ae592fa102e3983877ac4ebe2bf7516634f3
x86_64	python2-psycopg2-2.7.5-7.module_el8.6.0+2781+fed64c13.x86_64.rpm	ced41fe26fbfb43b950c02fe0e7ba32143950496276b9a11d97da5cd3cb34856
x86_64	python2-bson-3.7.0-1.module_el8.6.0+2781+fed64c13.x86_64.rpm	d9d25e63bb952a90fb6829b2aa032ac92cdd0ba1c7ad294674d7ee2c6ef9a83b
x86_64	python2-coverage-4.5.1-4.module_el8.6.0+2781+fed64c13.x86_64.rpm	dde557783dcf06f144efb1b8877c2b1167d178e9e59931c52fb68fc8fed8768e
x86_64	python2-pymongo-gridfs-3.7.0-1.module_el8.6.0+2781+fed64c13.x86_64.rpm	e9281de0191a94192c4f0f7999b6b2dfb003bd728457efd453e6979cf01d3317
x86_64	python2-sqlalchemy-1.3.2-2.module_el8.6.0+2781+fed64c13.x86_64.rpm	f1c143a4358c56485496a8601a06f9a37259fc69f15516db63c3ad11f4bab099

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.