Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2020:4654

Опубликовано: 03 нояб. 2020
Источник: rocky
Оценка: Moderate

Описание

Moderate: python27:2.7 security update

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.

Security Fix(es):

  • python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)

  • python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.3 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
python2-attrsnoarch10.module+el8.5.0+706+735ec4b3python2-attrs-17.4.0-10.module+el8.5.0+706+735ec4b3.noarch.rpm
python2-chardetnoarch10.module+el8.5.0+706+735ec4b3python2-chardet-3.0.4-10.module+el8.5.0+706+735ec4b3.noarch.rpm
python2-coveragex86_644.module+el8.5.0+706+735ec4b3python2-coverage-4.5.1-4.module+el8.5.0+706+735ec4b3.x86_64.rpm
python2-Cythonx86_647.module+el8.5.0+706+735ec4b3python2-Cython-0.28.1-7.module+el8.5.0+706+735ec4b3.x86_64.rpm
python2-dnsnoarch10.module+el8.7.0+1062+663ba31cpython2-dns-1.15.0-10.module+el8.7.0+1062+663ba31c.noarch.rpm
python2-docsnoarch2.module+el8.4.0+403+9ae17a31python2-docs-2.7.16-2.module+el8.4.0+403+9ae17a31.noarch.rpm
python2-docs-infonoarch2.module+el8.4.0+403+9ae17a31python2-docs-info-2.7.16-2.module+el8.4.0+403+9ae17a31.noarch.rpm
python2-docutilsnoarch12.module+el8.4.0+403+9ae17a31python2-docutils-0.14-12.module+el8.4.0+403+9ae17a31.noarch.rpm
python2-funcsigsnoarch13.module+el8.4.0+403+9ae17a31python2-funcsigs-1.0.2-13.module+el8.4.0+403+9ae17a31.noarch.rpm
python2-idnanoarch7.module+el8.5.0+706+735ec4b3python2-idna-2.5-7.module+el8.5.0+706+735ec4b3.noarch.rpm

Показывать по

Связанные CVE

CVE-2019-20907
CVE-2019-20916

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2020-4654

oracle-oval
больше 4 лет назад

ELSA-2020-4654: python27:2.7 security update (MODERATE)

suse-cvrf логотип

SUSE-SU-2020:3563-1

suse-cvrf
больше 4 лет назад

Security update for python36

ubuntu логотип

CVE-2019-20907

CVSS3: 7.5
ubuntu
почти 5 лет назад

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

redhat логотип

CVE-2019-20907

CVSS3: 7.5
redhat
больше 5 лет назад

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

nvd логотип

CVE-2019-20907

CVSS3: 7.5
nvd
почти 5 лет назад

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.