ELSA-2020-0201

Опубликовано: 22 янв. 2020

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2020-0201: python-reportlab security update (IMPORTANT)

[3.4.0-6.el8_1_0.2]

Fix Requires for doc subpackage
Resolves: #1788556

[3.4.0-6.el8_1_0.1]

Do not eval strings passed to toColor
Resolves: #1788555

Обновленные пакеты

Oracle Linux 8

Oracle Linux x86_64

python3-reportlab

3.4.0-6.el8_1.2

Связанные CVE

CVE-2019-17626

Ссылки на источники

Связанные уязвимости

CVE-2019-17626

CVSS3: 9.8

ubuntu

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

CVE-2019-17626

CVSS3: 9.8

redhat

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

CVE-2019-17626

CVSS3: 9.8

nvd

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.

CVE-2019-17626

CVSS3: 9.8

debian

больше 6 лет назад

ReportLab through 3.5.26 allows remote code execution because of toCol ...

openSUSE-SU-2020:0160-1

suse-cvrf

около 6 лет назад

Security update for python-reportlab