{"id":"RLSA-2021:1879","summary":"Moderate: python38:3.8 security update","details":"Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es):\n\n* python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116)\n\n* python-lxml: mXSS due to the use of improper parser (CVE-2020-27783)\n\n* python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.","modified":"2026-03-11T05:55:52.682156Z","published":"2021-05-18T06:18:31Z","upstream":["CVE-2020-26116","CVE-2020-27783","CVE-2021-3177"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2021:1879"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868006"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1883014"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1886755"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1901633"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1918168"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1920596"}],"affected":[{"package":{"name":"babel","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/babel?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.0-10.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"Cython","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.29.14-4.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"mod_wsgi","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/mod_wsgi?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.6.8-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"numpy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.17.3-5.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python38","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python38?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.8.6-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python3x-pip","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python3x-pip?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:19.3.1-1.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python3x-setuptools","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python3x-setuptools?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:41.6.0-4.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python3x-six","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python3x-six?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.12.0-10.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-asn1crypto","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-asn1crypto?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.0-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-cffi","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-cffi?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.13.2-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-chardet","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.0.4-19.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-cryptography","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8-3.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-cryptography","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-cryptography?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-idna","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8-6.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-jinja2","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-jinja2?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.10.3-4.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-lxml","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.4.1-5.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-markupsafe","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.1.1-6.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-ply","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-ply?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.11-10.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-psutil","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-psutil?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.6.4-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-psycopg2","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8.4-4.module+el8.6.0+794+eba84017"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-psycopg2","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8.4-4.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-pycparser","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pycparser?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.19-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-PyMySQL","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.1-1.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-PyMySQL","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.1-1.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-pysocks","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.1-4.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-requests","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.22.0-9.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-urllib3","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.25.7-4.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"python-wheel","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.33.6-5.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"pytz","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2019.3-3.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"PyYAML","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.3.1-1.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"scipy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.1-4.module+el8.5.0+672+ab6eb015"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}},{"package":{"name":"scipy","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8-4-legacy&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.3.1-4.module+el8.4.0+570+c2eaf144"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2021:1879.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}