RHSA-2020_1346
Vulnerability from csaf_redhat - Published: 2020-04-07 09:36 - Updated: 2024-11-15 08:28Summary
Red Hat Security Advisory: python security update
Severity
Moderate
Notes
Topic: An update for python is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061)
* python: Missing salt initialization in _elementtree.c module (CVE-2018-14647)
* python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)
* python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)
* python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948)
* python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
4.3 (Medium)
Affected products
Fixed
82 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
6.5 (Medium)
Affected products
Fixed
82 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.
5.3 (Medium)
Affected products
Fixed
82 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
6.5 (Medium)
Affected products
Fixed
82 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.
6.5 (Medium)
Affected products
Fixed
82 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
7.4 (High)
Affected products
Fixed
82 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
35 references
Acknowledgments
the Python security response team
the Python Security Response Team
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for python is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061)\n\n* python: Missing salt initialization in _elementtree.c module (CVE-2018-14647)\n\n* python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)\n\n* python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)\n\n* python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948)\n\n* python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:1346",
"url": "https://access.redhat.com/errata/RHSA-2020:1346"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1549191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549191"
},
{
"category": "external",
"summary": "1549192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549192"
},
{
"category": "external",
"summary": "1631822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631822"
},
{
"category": "external",
"summary": "1688169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1688169"
},
{
"category": "external",
"summary": "1695570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695570"
},
{
"category": "external",
"summary": "1695572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695572"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_1346.json"
}
],
"title": "Red Hat Security Advisory: python security update",
"tracking": {
"current_release_date": "2024-11-15T08:28:00+00:00",
"generator": {
"date": "2024-11-15T08:28:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:1346",
"initial_release_date": "2020-04-07T09:36:55+00:00",
"revision_history": [
{
"date": "2020-04-07T09:36:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-04-07T09:36:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T08:28:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.4::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:7.4::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "python-debug-0:2.7.5-63.el7_4.x86_64",
"product": {
"name": "python-debug-0:2.7.5-63.el7_4.x86_64",
"product_id": "python-debug-0:2.7.5-63.el7_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-debug@2.7.5-63.el7_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-test-0:2.7.5-63.el7_4.x86_64",
"product": {
"name": "python-test-0:2.7.5-63.el7_4.x86_64",
"product_id": "python-test-0:2.7.5-63.el7_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-test@2.7.5-63.el7_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-tools-0:2.7.5-63.el7_4.x86_64",
"product": {
"name": "python-tools-0:2.7.5-63.el7_4.x86_64",
"product_id": "python-tools-0:2.7.5-63.el7_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-tools@2.7.5-63.el7_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tkinter-0:2.7.5-63.el7_4.x86_64",
"product": {
"name": "tkinter-0:2.7.5-63.el7_4.x86_64",
"product_id": "tkinter-0:2.7.5-63.el7_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tkinter@2.7.5-63.el7_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"product": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"product_id": "python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-debuginfo@2.7.5-63.el7_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-0:2.7.5-63.el7_4.x86_64",
"product": {
"name": "python-0:2.7.5-63.el7_4.x86_64",
"product_id": "python-0:2.7.5-63.el7_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python@2.7.5-63.el7_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-devel-0:2.7.5-63.el7_4.x86_64",
"product": {
"name": "python-devel-0:2.7.5-63.el7_4.x86_64",
"product_id": "python-devel-0:2.7.5-63.el7_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-devel@2.7.5-63.el7_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-libs-0:2.7.5-63.el7_4.x86_64",
"product": {
"name": "python-libs-0:2.7.5-63.el7_4.x86_64",
"product_id": "python-libs-0:2.7.5-63.el7_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-libs@2.7.5-63.el7_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-libs-0:2.7.5-63.el7_4.i686",
"product": {
"name": "python-libs-0:2.7.5-63.el7_4.i686",
"product_id": "python-libs-0:2.7.5-63.el7_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-libs@2.7.5-63.el7_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "python-debuginfo-0:2.7.5-63.el7_4.i686",
"product": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.i686",
"product_id": "python-debuginfo-0:2.7.5-63.el7_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-debuginfo@2.7.5-63.el7_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "python-0:2.7.5-63.el7_4.src",
"product": {
"name": "python-0:2.7.5-63.el7_4.src",
"product_id": "python-0:2.7.5-63.el7_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python@2.7.5-63.el7_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python-debug-0:2.7.5-63.el7_4.ppc64le",
"product": {
"name": "python-debug-0:2.7.5-63.el7_4.ppc64le",
"product_id": "python-debug-0:2.7.5-63.el7_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-debug@2.7.5-63.el7_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-test-0:2.7.5-63.el7_4.ppc64le",
"product": {
"name": "python-test-0:2.7.5-63.el7_4.ppc64le",
"product_id": "python-test-0:2.7.5-63.el7_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-test@2.7.5-63.el7_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-tools-0:2.7.5-63.el7_4.ppc64le",
"product": {
"name": "python-tools-0:2.7.5-63.el7_4.ppc64le",
"product_id": "python-tools-0:2.7.5-63.el7_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-tools@2.7.5-63.el7_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "tkinter-0:2.7.5-63.el7_4.ppc64le",
"product": {
"name": "tkinter-0:2.7.5-63.el7_4.ppc64le",
"product_id": "tkinter-0:2.7.5-63.el7_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tkinter@2.7.5-63.el7_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"product": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"product_id": "python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-debuginfo@2.7.5-63.el7_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-0:2.7.5-63.el7_4.ppc64le",
"product": {
"name": "python-0:2.7.5-63.el7_4.ppc64le",
"product_id": "python-0:2.7.5-63.el7_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python@2.7.5-63.el7_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-devel-0:2.7.5-63.el7_4.ppc64le",
"product": {
"name": "python-devel-0:2.7.5-63.el7_4.ppc64le",
"product_id": "python-devel-0:2.7.5-63.el7_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-devel@2.7.5-63.el7_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-libs-0:2.7.5-63.el7_4.ppc64le",
"product": {
"name": "python-libs-0:2.7.5-63.el7_4.ppc64le",
"product_id": "python-libs-0:2.7.5-63.el7_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-libs@2.7.5-63.el7_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src"
},
"product_reference": "python-0:2.7.5-63.el7_4.src",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debug-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debug-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-devel-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-test-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-test-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tools-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-tools-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tkinter-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.4)",
"product_id": "7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "tkinter-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.src as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src"
},
"product_reference": "python-0:2.7.5-63.el7_4.src",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debug-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-debug-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debug-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debug-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-devel-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-devel-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-test-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-test-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-test-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-test-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tools-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-tools-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tools-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-tools-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tkinter-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "tkinter-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tkinter-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server E4S (v. 7.4)",
"product_id": "7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "tkinter-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.src as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src"
},
"product_reference": "python-0:2.7.5-63.el7_4.src",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debug-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debug-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-devel-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-test-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-test-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tools-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-tools-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tkinter-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server TUS (v. 7.4)",
"product_id": "7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "tkinter-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src"
},
"product_reference": "python-0:2.7.5-63.el7_4.src",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debug-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debug-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-devel-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-test-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-test-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tools-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-tools-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tkinter-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.4)",
"product_id": "7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "tkinter-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.src as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src"
},
"product_reference": "python-0:2.7.5-63.el7_4.src",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debug-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-debug-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debug-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debug-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-devel-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-devel-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-test-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-test-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-test-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-test-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tools-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "python-tools-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tools-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-tools-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tkinter-0:2.7.5-63.el7_4.ppc64le as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le"
},
"product_reference": "tkinter-0:2.7.5-63.el7_4.ppc64le",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tkinter-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional E4S (v. 7.4)",
"product_id": "7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "tkinter-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.src as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src"
},
"product_reference": "python-0:2.7.5-63.el7_4.src",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debug-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debug-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-debuginfo-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-devel-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-devel-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.i686 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.i686",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-libs-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-libs-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-test-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-test-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-tools-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "python-tools-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tkinter-0:2.7.5-63.el7_4.x86_64 as a component of Red Hat Enterprise Linux Server Optional TUS (v. 7.4)",
"product_id": "7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
},
"product_reference": "tkinter-0:2.7.5-63.el7_4.x86_64",
"relates_to_product_reference": "7Server-optional-7.4.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Python security response team"
]
}
],
"cve": "CVE-2018-1060",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1549191"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way catastrophic backtracking was implemented in python\u0027s pop3lib\u0027s apop() method. An attacker could use this flaw to cause denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1060"
},
{
"category": "external",
"summary": "RHBZ#1549191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1060"
},
{
"category": "external",
"summary": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final",
"url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final"
}
],
"release_date": "2018-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-07T09:36:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1346"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib"
},
{
"acknowledgments": [
{
"names": [
"the Python security response team"
]
}
],
"cve": "CVE-2018-1061",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1549192"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the way catastrophic backtracking was implemented in python\u0027s difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1061"
},
{
"category": "external",
"summary": "RHBZ#1549192",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549192"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1061",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1061"
},
{
"category": "external",
"summary": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final",
"url": "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final"
}
],
"release_date": "2018-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-07T09:36:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1346"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib"
},
{
"acknowledgments": [
{
"names": [
"the Python Security Response Team"
]
}
],
"cve": "CVE-2018-14647",
"cwe": {
"id": "CWE-335",
"name": "Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2018-09-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1631822"
}
],
"notes": [
{
"category": "description",
"text": "Python\u0027s elementtree C accelerator failed to initialise Expat\u0027s hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat\u0027s internal data structures, consuming large amounts CPU and RAM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Missing salt initialization in _elementtree.c module",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14647"
},
{
"category": "external",
"summary": "RHBZ#1631822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1631822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14647"
},
{
"category": "external",
"summary": "https://bugs.python.org/issue34623",
"url": "https://bugs.python.org/issue34623"
}
],
"release_date": "2018-09-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-07T09:36:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1346"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Missing salt initialization in _elementtree.c module"
},
{
"cve": "CVE-2019-9740",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-03-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1688169"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: CRLF injection via the query part of the url passed to urlopen()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects:\n* All current versions of Red Hat OpenStack Platform. However, version 8 is due to retire on the 20th of April 2019, there are no more planned releases prior to this date.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9740"
},
{
"category": "external",
"summary": "RHBZ#1688169",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1688169"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9740"
}
],
"release_date": "2019-03-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-07T09:36:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1346"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: CRLF injection via the query part of the url passed to urlopen()"
},
{
"cve": "CVE-2019-9947",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695572"
}
],
"notes": [
{
"category": "description",
"text": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: CRLF injection via the path part of the url passed to urlopen()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9947"
},
{
"category": "external",
"summary": "RHBZ#1695572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695572"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9947"
}
],
"release_date": "2019-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-07T09:36:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1346"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: CRLF injection via the path part of the url passed to urlopen()"
},
{
"cve": "CVE-2019-9948",
"cwe": {
"id": "CWE-749",
"name": "Exposed Dangerous Method or Function"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1695570"
}
],
"notes": [
{
"category": "description",
"text": "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(\u0027local_file:///etc/passwd\u0027) call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-9948"
},
{
"category": "external",
"summary": "RHBZ#1695570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695570"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-9948",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9948"
}
],
"release_date": "2019-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-04-07T09:36:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:1346"
},
{
"category": "workaround",
"details": "If your application uses a blacklist to prevent \"file://\" schema from being used, consider using a whitelist approach to just allow the schemas you want or add \"local_file://\" schema to your blacklist.",
"product_ids": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.AUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.AUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.AUS:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.E4S:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.ppc64le",
"7Server-optional-7.4.E4S:tkinter-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.src",
"7Server-optional-7.4.TUS:python-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debug-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-debuginfo-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-devel-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.i686",
"7Server-optional-7.4.TUS:python-libs-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-test-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:python-tools-0:2.7.5-63.el7_4.x86_64",
"7Server-optional-7.4.TUS:tkinter-0:2.7.5-63.el7_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…