{"id":"ALSA-2020:4654","summary":"Moderate: python27:2.7 security update","details":"Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.\n\nSecurity Fix(es):\n\n* python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)\n\n* python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-01-30T00:32:53.529105Z","published":"2020-11-03T12:24:08Z","related":["CVE-2019-20907","CVE-2019-20916"],"references":[{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2020-4654.html"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-20907"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-20916"}],"affected":[{"package":{"name":"python-psycopg2-doc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python-psycopg2-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.5-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python-sqlalchemy-doc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python-sqlalchemy-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2-2.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python-sqlalchemy-doc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python-sqlalchemy-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2-2.module_el8.5.0+2569+5c5719bc"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-Cython","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-Cython"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.28.1-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-PyMySQL","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-PyMySQL"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.0-10.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-attrs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-attrs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"17.4.0-10.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-chardet","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-chardet"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.4-10.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-coverage","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-coverage"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.1-4.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-dns","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-dns"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.15.0-10.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-docs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-docs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.16-2.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-docs-info","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-docs-info"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.16-2.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-docutils","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-docutils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.14-12.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-funcsigs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-funcsigs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2-13.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-idna","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-idna"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-ipaddress","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-ipaddress"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.18-6.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-markupsafe","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-markupsafe"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.23-19.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-mock","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-mock"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0-13.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-pluggy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pluggy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.0-8.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-psycopg2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-psycopg2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.5-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-psycopg2-debug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-psycopg2-debug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.5-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-psycopg2-tests","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-psycopg2-tests"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.5-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-py","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-py"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.3-6.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-pysocks","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pysocks"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.8-6.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-pytest","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pytest"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.2-13.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-pytest-mock","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pytest-mock"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.0-4.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-pytz","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pytz"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2017.2-12.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-pyyaml","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pyyaml"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12-16.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-requests","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-requests"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.20.0-3.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-rpm-macros","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-rpm-macros"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3-38.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-setuptools_scm","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-setuptools_scm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.15.7-6.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}},{"package":{"name":"python2-sqlalchemy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-sqlalchemy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2-2.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2020:4654.json"}}],"schema_version":"1.7.3"}