Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:1763

Опубликовано: 10 мая 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: python39:3.9 and python39-devel:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
python39-cffix86_642.module+el8.4.0+574+843c4898python39-cffi-1.14.3-2.module+el8.4.0+574+843c4898.x86_64.rpm
python39-cryptographyx86_642.module+el8.5.0+673+10283621python39-cryptography-3.3.1-2.module+el8.5.0+673+10283621.x86_64.rpm
python39-idnanoarch3.module+el8.4.0+574+843c4898python39-idna-2.10-3.module+el8.4.0+574+843c4898.noarch.rpm
python39-lxmlx86_641.module+el8.6.0+795+de4edbccpython39-lxml-4.6.5-1.module+el8.6.0+795+de4edbcc.x86_64.rpm
python39-numpyx86_643.module+el8.5.0+673+10283621python39-numpy-1.19.4-3.module+el8.5.0+673+10283621.x86_64.rpm
python39-numpy-docnoarch3.module+el8.5.0+673+10283621python39-numpy-doc-1.19.4-3.module+el8.5.0+673+10283621.noarch.rpm
python39-numpy-f2pyx86_643.module+el8.5.0+673+10283621python39-numpy-f2py-1.19.4-3.module+el8.5.0+673+10283621.x86_64.rpm
python39-pipnoarch7.module+el8.7.0+1064+ad564229python39-pip-20.2.4-7.module+el8.7.0+1064+ad564229.noarch.rpm
python39-pip-wheelnoarch7.module+el8.7.0+1064+ad564229python39-pip-wheel-20.2.4-7.module+el8.7.0+1064+ad564229.noarch.rpm
python39-psutilx86_644.module+el8.5.0+673+10283621python39-psutil-5.8.0-4.module+el8.5.0+673+10283621.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-43818

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2021-43818

CVSS3: 8.2
ubuntu
больше 3 лет назад

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.

redhat логотип

CVE-2021-43818

CVSS3: 8.8
redhat
больше 3 лет назад

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.

nvd логотип

CVE-2021-43818

CVSS3: 8.2
nvd
больше 3 лет назад

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.

msrc логотип

CVE-2021-43818

CVSS3: 7.1
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2021-43818

CVSS3: 8.2
debian
больше 3 лет назад

lxml is a library for processing XML and HTML in the Python language. ...