RHSA-2021:3254

Description

Red Hat Security Advisory: rh-python38 security, bug fix, and enhancement update

CVSS Metrics

• v3.1•CRITICAL•Score: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Systems

• redhat•rh-python38-babel

  < 0:2.7.0-12.el7

• redhat•rh-python38-python

  < 0:3.8.11-2.el7

• redhat•rh-python38-python-babel

  < 0:2.7.0-12.el7

• redhat•rh-python38-python-cryptography

  < 0:2.8-5.el7

• redhat•rh-python38-python-cryptography-debuginfo

  < 0:2.8-5.el7

• redhat•rh-python38-python-debug

  < 0:3.8.11-2.el7

• redhat•rh-python38-python-debuginfo

  < 0:3.8.11-2.el7

• redhat•rh-python38-python-devel

  < 0:3.8.11-2.el7

• redhat•rh-python38-python-idle

  < 0:3.8.11-2.el7

• redhat•rh-python38-python-jinja2

  < 0:2.10.3-6.el7

• redhat•rh-python38-python-libs

  < 0:3.8.11-2.el7

• redhat•rh-python38-python-lxml

  < 0:4.4.1-7.el7

• redhat•rh-python38-python-lxml-debuginfo

  < 0:4.4.1-7.el7

• redhat•rh-python38-python-pip

  < 0:19.3.1-2.el7

• redhat•rh-python38-python-pip-wheel

  < 0:19.3.1-2.el7

• redhat•rh-python38-python-rpm-macros

  < 0:3.8.11-2.el7

• redhat•rh-python38-python-srpm-macros

  < 0:3.8.11-2.el7

• redhat•rh-python38-python-test

  < 0:3.8.11-2.el7

• redhat•rh-python38-python-tkinter

  < 0:3.8.11-2.el7

• redhat•rh-python38-python-urllib3

  < 0:1.25.7-7.el7

References (84)

• https://access.redhat.com/errata/RHSA-2021:3254
• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/articles/5860431
• https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html-single/3.7_release_notes/index#sect-RHSCL-Other-notes
• https://bugzilla.redhat.com/show_bug.cgi?id=1889886
• https://bugzilla.redhat.com/show_bug.cgi?id=1889988
• https://bugzilla.redhat.com/show_bug.cgi?id=1901633
• https://bugzilla.redhat.com/show_bug.cgi?id=1918168
• https://bugzilla.redhat.com/show_bug.cgi?id=1926226
• https://bugzilla.redhat.com/show_bug.cgi?id=1928707
• https://bugzilla.redhat.com/show_bug.cgi?id=1928904
• https://bugzilla.redhat.com/show_bug.cgi?id=1935913
• https://bugzilla.redhat.com/show_bug.cgi?id=1941534
• https://bugzilla.redhat.com/show_bug.cgi?id=1955615
• https://bugzilla.redhat.com/show_bug.cgi?id=1957458
• https://bugzilla.redhat.com/show_bug.cgi?id=1962856
• https://bugzilla.redhat.com/show_bug.cgi?id=1968074
• https://bugzilla.redhat.com/show_bug.cgi?id=1969523
• https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3254.json
• https://access.redhat.com/security/cve/CVE-2020-25659
• https://www.cve.org/CVERecord?id=CVE-2020-25659
• https://nvd.nist.gov/vuln/detail/CVE-2020-25659
• https://cryptography.io/en/latest/changelog.html#v3-2
• https://access.redhat.com/security/cve/CVE-2020-27619
• https://www.cve.org/CVERecord?id=CVE-2020-27619
• https://nvd.nist.gov/vuln/detail/CVE-2020-27619
• https://access.redhat.com/security/cve/CVE-2020-27783
• https://www.cve.org/CVERecord?id=CVE-2020-27783
• https://nvd.nist.gov/vuln/detail/CVE-2020-27783
• https://access.redhat.com/security/cve/CVE-2020-28493
• https://www.cve.org/CVERecord?id=CVE-2020-28493
• https://nvd.nist.gov/vuln/detail/CVE-2020-28493
• https://access.redhat.com/security/cve/CVE-2020-36242
• https://www.cve.org/CVERecord?id=CVE-2020-36242
• https://nvd.nist.gov/vuln/detail/CVE-2020-36242
• https://cryptography.io/en/latest/changelog.html#v3-3-2
• https://access.redhat.com/security/cve/CVE-2021-3177
• https://www.cve.org/CVERecord?id=CVE-2021-3177
• https://nvd.nist.gov/vuln/detail/CVE-2021-3177
• https://access.redhat.com/security/cve/CVE-2021-3426
• https://www.cve.org/CVERecord?id=CVE-2021-3426
• https://nvd.nist.gov/vuln/detail/CVE-2021-3426
• https://access.redhat.com/security/cve/CVE-2021-3572
• https://www.cve.org/CVERecord?id=CVE-2021-3572
• https://nvd.nist.gov/vuln/detail/CVE-2021-3572
• https://access.redhat.com/security/cve/CVE-2021-3733
• https://bugzilla.redhat.com/show_bug.cgi?id=1995234
• https://www.cve.org/CVERecord?id=CVE-2021-3733
• https://nvd.nist.gov/vuln/detail/CVE-2021-3733
• https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-14-final
• https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-11-final
• https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-10-final
• https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-5-final
• https://access.redhat.com/security/cve/CVE-2021-4189
• https://bugzilla.redhat.com/show_bug.cgi?id=2036020
• https://www.cve.org/CVERecord?id=CVE-2021-4189
• https://nvd.nist.gov/vuln/detail/CVE-2021-4189
• https://bugs.python.org/issue43285
• https://access.redhat.com/security/cve/CVE-2021-20095
• https://www.cve.org/CVERecord?id=CVE-2021-20095
• https://nvd.nist.gov/vuln/detail/CVE-2021-20095
• https://www.tenable.com/security/research/tra-2021-14
• https://access.redhat.com/security/cve/CVE-2021-23336
• https://www.cve.org/CVERecord?id=CVE-2021-23336
• https://nvd.nist.gov/vuln/detail/CVE-2021-23336
• https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933
• https://access.redhat.com/security/cve/CVE-2021-28957
• https://www.cve.org/CVERecord?id=CVE-2021-28957
• https://nvd.nist.gov/vuln/detail/CVE-2021-28957
• https://access.redhat.com/security/cve/CVE-2021-29921
• https://www.cve.org/CVERecord?id=CVE-2021-29921
• https://nvd.nist.gov/vuln/detail/CVE-2021-29921
• https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
• https://access.redhat.com/security/cve/CVE-2021-33503
• https://www.cve.org/CVERecord?id=CVE-2021-33503
• https://nvd.nist.gov/vuln/detail/CVE-2021-33503
• https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
• https://access.redhat.com/security/cve/CVE-2021-42771
• https://www.cve.org/CVERecord?id=CVE-2021-42771
• https://nvd.nist.gov/vuln/detail/CVE-2021-42771
• https://access.redhat.com/security/cve/CVE-2022-0391
• https://bugzilla.redhat.com/show_bug.cgi?id=2047376
• https://www.cve.org/CVERecord?id=CVE-2022-0391
• https://nvd.nist.gov/vuln/detail/CVE-2022-0391