MGASA-2021-0386
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 27 Jul 2021, 20:21
Last modified:16 Apr 2026, 04:24
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
27 Jul 2021, 20:21
Published
Vulnerability first disclosed
16 Apr 2026, 04:24
Last Modified
Vulnerability information updated
Description
Updated python3 packages fix security vulnerabilities Update python3 to 3.8.11 to fix several security issues. Fixes in 3.8.10 are also included. Bundled pip and setuptools were updated in 3.8.11 so python-pip needs to be updated to 21.1.3 and python-setuptools to 56.2.0 at the same time. Also, we fix the following issue: In Python before 3.9.5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses (CVE-2021-29921).
Affected Systems
- mageia•python-pip
< 21.1.3-1.mga8
- mageia•python-setuptools
< 56.2.0-1.mga8
- mageia•python3
< 3.8.11-1.1.mga8
References (6)
- https://advisories.mageia.org/MGASA-2021-0386.html
- https://bugs.mageia.org/show_bug.cgi?id=29288
- https://docs.python.org/release/3.8.11/whatsnew/changelog.html#changelog
- https://docs.python.org/release/3.8.10/whatsnew/changelog.html#changelog
- https://ubuntu.com/security/notices/USN-4973-1
- https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html