{"id":"ALSA-2021:4162","summary":"Moderate: python38:3.8 and python38-devel:3.8 security update","details":"Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es):\n\n* python-psutil: Double free because of refcount mishandling (CVE-2019-18874)\n\n* python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493)\n\n* python: Information disclosure via pydoc (CVE-2021-3426)\n\n* python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)\n\n* python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336)\n\n* python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957)\n\n* python-ipaddress: Improper input validation of octal strings (CVE-2021-29921)\n\n* python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503)\n\n* python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.","modified":"2026-02-04T04:13:05.648982Z","published":"2021-11-09T12:47:54Z","related":["CVE-2019-18874","CVE-2020-28493","CVE-2021-20095","CVE-2021-23336","CVE-2021-28957","CVE-2021-29921","CVE-2021-33503","CVE-2021-3426","CVE-2021-3572","CVE-2021-42771"],"references":[{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2021-4162.html"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2019-18874"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-27619"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2020-28493"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-20095"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-23336"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-28957"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-29921"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-33503"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-3426"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-3572"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2021-42771"}],"affected":[{"package":{"name":"python38-Cython","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-Cython"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.29.14-4.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-PyMySQL","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-PyMySQL"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.1-1.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-asn1crypto","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-asn1crypto"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.0-3.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-atomicwrites","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-atomicwrites"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.0-8.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-attrs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-attrs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"19.3.0-3.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-babel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-babel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7.0-11.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-cffi","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-cffi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.13.2-3.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-chardet","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-chardet"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.4-19.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-cryptography","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-cryptography"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8-3.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-idna","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-idna"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8-6.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-jinja2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-jinja2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.10.3-5.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-markupsafe","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-markupsafe"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-6.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-mod_wsgi","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-mod_wsgi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.6.8-3.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-more-itertools","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-more-itertools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.0-5.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-numpy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-numpy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.3-6.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-numpy-doc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-numpy-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.3-6.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-numpy-f2py","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-numpy-f2py"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.17.3-6.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-packaging","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-packaging"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"19.2-3.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-pluggy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-pluggy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.13.0-3.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-ply","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-ply"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11-10.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-psutil","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-psutil"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.6.4-4.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-psycopg2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-psycopg2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.4-4.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-psycopg2-doc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-psycopg2-doc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.4-4.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-psycopg2-tests","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-psycopg2-tests"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.4-4.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-py","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-py"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.8.0-8.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-pycparser","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-pycparser"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.19-3.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-pyparsing","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-pyparsing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.5-3.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-pysocks","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-pysocks"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.1-4.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-pytest","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-pytest"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.6.6-3.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-pytz","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-pytz"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2019.3-3.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-pyyaml","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-pyyaml"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.4.1-1.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-requests","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-requests"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.22.0-9.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-scipy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-scipy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.1-4.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-setuptools","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-setuptools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"41.6.0-5.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-setuptools-wheel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-setuptools-wheel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"41.6.0-5.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-six","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-six"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.0-10.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-urllib3","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-urllib3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.25.7-5.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-wcwidth","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-wcwidth"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.1.7-16.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-wheel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-wheel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.33.6-6.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}},{"package":{"name":"python38-wheel-wheel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python38-wheel-wheel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.33.6-6.module_el8.6.0+2778+cd494b30"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2021:4162.json"}}],"schema_version":"1.7.3"}