{"id":"ALSA-2019:0981","summary":"Important: python27:2.7 security update","details":"Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing.\n\nSQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases.\n\nSecurity Fix(es):\n\n* python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636)\n\n* python-sqlalchemy: SQL Injection when the order_by parameter can be controlled (CVE-2019-7164)\n\n* python-sqlalchemy: SQL Injection when the group_by parameter can be controlled (CVE-2019-7548)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-04T03:49:32.456012Z","published":"2019-05-07T03:40:00Z","related":["CVE-2019-7164","CVE-2019-7548","CVE-2019-9636"],"references":[{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2019-0981.html"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-7164"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-7548"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-9636"}],"affected":[{"package":{"name":"python-psycopg2-doc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python-psycopg2-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.5-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-Cython","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-Cython"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.28.1-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-PyMySQL","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-PyMySQL"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.0-10.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-attrs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-attrs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"17.4.0-10.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-chardet","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-chardet"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.4-10.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-coverage","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-coverage"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.1-4.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-docutils","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-docutils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.14-12.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-funcsigs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-funcsigs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2-13.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-idna","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-idna"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-ipaddress","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-ipaddress"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.18-6.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-markupsafe","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-markupsafe"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.23-19.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-mock","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-mock"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0-13.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-pluggy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pluggy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.0-8.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-psycopg2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-psycopg2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.5-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-psycopg2-debug","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-psycopg2-debug"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.5-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-psycopg2-tests","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-psycopg2-tests"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.5-7.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-py","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-py"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.3-6.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-pysocks","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pysocks"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.8-6.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-pytest","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pytest"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.4.2-13.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-pytest-mock","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pytest-mock"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.9.0-4.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-pytz","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pytz"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2017.2-12.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-pyyaml","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-pyyaml"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.12-16.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-rpm-macros","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-rpm-macros"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3-38.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}},{"package":{"name":"python2-setuptools_scm","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python2-setuptools_scm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.15.7-6.module_el8.6.0+2781+fed64c13"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2019:0981.json"}}],"schema_version":"1.7.3"}