alsa-2021:1761
Vulnerability from osv_almalinux
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.
Security Fix(es):
-
python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116)
-
python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)
-
python-lxml: mXSS due to the use of improper parser (CVE-2020-27783)
-
python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python-psycopg2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python-sqlalchemy-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2-2.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python-sqlalchemy-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2-2.module_el8.5.0+2569+5c5719bc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-Cython"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.28.1-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-PyMySQL"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.0-10.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-attrs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "17.4.0-10.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-backports"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0-16.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-backports-ssl_match_hostname"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.0.1-12.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-chardet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.4-10.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-coverage"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.1-4.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-dns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.0-10.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.16-2.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-docs-info"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.16-2.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-docutils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.14-12.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-funcsigs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.2-13.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-idna"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-ipaddress"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.18-6.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-markupsafe"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23-19.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-mock"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0-13.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-numpy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.14.2-16.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-numpy-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.14.2-16.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-numpy-f2py"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.14.2-16.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pluggy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.0-8.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-psycopg2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-psycopg2-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-psycopg2-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.5-7.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-py"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.3-6.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pysocks"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.8-6.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pytest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.2-13.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pytest-mock"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0-4.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pytz"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2017.2-12.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-pyyaml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.12-16.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-requests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.20.0-3.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3-38.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-setuptools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0.1-13.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-setuptools-wheel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "39.0.1-13.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-setuptools_scm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.7-6.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-six"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.11.0-6.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-sqlalchemy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2-2.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python2-urllib3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.2-3.module_el8.6.0+2781+fed64c13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.\n\nSecurity Fix(es):\n\n* python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116)\n\n* python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)\n\n* python-lxml: mXSS due to the use of improper parser (CVE-2020-27783)\n\n* python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:1761",
"modified": "2021-05-18T06:01:53Z",
"published": "2021-05-18T06:02:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-1761.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-26116"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-26137"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-27783"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-3177"
}
],
"related": [
"CVE-2020-26116",
"CVE-2020-26137",
"CVE-2020-27783",
"CVE-2021-3177"
],
"summary": "Moderate: python27:2.7 security and bug fix update"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.