Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1493 python27:2.7 security, bug fix, and enhancement update 29 April 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: python27 Publisher: Red Hat Operating System: Red Hat Impact/Access: Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-16056 CVE-2019-11324 CVE-2019-11236 CVE-2018-20852 CVE-2018-20060 CVE-2018-18074 Reference: ESB-2020.1137 ESB-2020.0951 ESB-2020.0948 ESB-2020.0764 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:1605 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python27:2.7 security, bug fix, and enhancement update Advisory ID: RHSA-2020:1605-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1605 Issue date: 2020-04-28 CVE Names: CVE-2018-18074 CVE-2018-20060 CVE-2018-20852 CVE-2019-11236 CVE-2019-11324 CVE-2019-16056 ===================================================================== 1. Summary: An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The following packages have been upgraded to a later upstream version: python2 (2.7.17). (BZ#1759944) Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1643829 - CVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does not remove Authorization header 1649153 - CVE-2018-20060 python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure 1659551 - python-virtualenv bundles pip and pip is using bundled requests and a bundled root certificate 1700824 - CVE-2019-11236 python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service 1702473 - CVE-2019-11324 python-urllib3: Certification mishandle when error should be thrown 1740347 - CVE-2018-20852 python: Cookie domain check returns incorrect results 1749839 - CVE-2019-16056 python: email.utils.parseaddr wrongly parses email addresses 1762422 - The fix CVE-2018-18074 leads to a regression 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.src.rpm PyYAML-3.12-16.module+el8.1.0+3111+de3f2d8e.src.rpm babel-2.5.1-9.module+el8.1.0+3111+de3f2d8e.src.rpm numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.src.rpm pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm python-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm python-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm python-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.src.rpm python-backports-ssl_match_hostname-3.5.0.1-11.module+el8.1.0+3111+de3f2d8e.src.rpm python-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.src.rpm python-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.src.rpm python-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.src.rpm python-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.src.rpm python-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.src.rpm python-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.src.rpm python-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm python-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.src.rpm python-jinja2-2.10-8.module+el8.1.0+3111+de3f2d8e.src.rpm python-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.src.rpm python-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.src.rpm python-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.src.rpm python-nose-1.3.7-30.module+el8.1.0+3111+de3f2d8e.src.rpm python-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.src.rpm python-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.src.rpm python-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.src.rpm python-pygments-2.2.0-20.module+el8.1.0+3111+de3f2d8e.src.rpm python-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.src.rpm python-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.src.rpm python-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.src.rpm python-requests-2.20.0-3.module+el8.2.0+4577+feefd9b8.src.rpm python-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.src.rpm python-six-1.11.0-5.module+el8.1.0+3111+de3f2d8e.src.rpm python-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.src.rpm python-urllib3-1.24.2-1.module+el8.1.0+3280+19512f10.src.rpm python-virtualenv-15.1.0-19.module+el8.1.0+3507+d69c168d.src.rpm python-wheel-0.31.1-2.module+el8.1.0+3725+aac5cd17.src.rpm python2-2.7.17-1.module+el8.2.0+4561+f4e0d66a.src.rpm python2-pip-9.0.3-16.module+el8.2.0+5478+b505947e.src.rpm python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.src.rpm python2-setuptools-39.0.1-11.module+el8.1.0+3446+c3d52da3.src.rpm pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.src.rpm scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.src.rpm aarch64: Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm python2-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-debug-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm python2-debuginfo-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm python2-debugsource-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm python2-devel-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm python2-libs-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.aarch64.rpm python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.aarch64.rpm python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.aarch64.rpm python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.aarch64.rpm python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.aarch64.rpm python2-test-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm python2-tkinter-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm python2-tools-2.7.17-1.module+el8.2.0+4561+f4e0d66a.aarch64.rpm scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.aarch64.rpm noarch: babel-2.5.1-9.module+el8.1.0+3111+de3f2d8e.noarch.rpm python-nose-docs-1.3.7-30.module+el8.1.0+3111+de3f2d8e.noarch.rpm python-sqlalchemy-doc-1.3.2-1.module+el8.1.0+2994+98e054d6.noarch.rpm python2-PyMySQL-0.8.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-attrs-17.4.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-babel-2.5.1-9.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-backports-ssl_match_hostname-3.5.0.1-11.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-chardet-3.0.4-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-dns-1.15.0-10.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-docs-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-docs-info-2.7.16-2.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-docutils-0.14-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-funcsigs-1.0.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-idna-2.5-7.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-ipaddress-1.0.18-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-jinja2-2.10-8.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-mock-2.0.0-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-nose-1.3.7-30.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-numpy-doc-1.14.2-13.module+el8.1.0+3323+7ac3e00f.noarch.rpm python2-pip-9.0.3-16.module+el8.2.0+5478+b505947e.noarch.rpm python2-pip-wheel-9.0.3-16.module+el8.2.0+5478+b505947e.noarch.rpm python2-pluggy-0.6.0-8.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-py-1.5.3-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-pygments-2.2.0-20.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-pysocks-1.6.8-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-pytest-3.4.2-13.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-pytest-mock-1.9.0-4.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-pytz-2017.2-12.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-requests-2.20.0-3.module+el8.2.0+4577+feefd9b8.noarch.rpm python2-rpm-macros-3-38.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-setuptools-39.0.1-11.module+el8.1.0+3446+c3d52da3.noarch.rpm python2-setuptools-wheel-39.0.1-11.module+el8.1.0+3446+c3d52da3.noarch.rpm python2-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-six-1.11.0-5.module+el8.1.0+3111+de3f2d8e.noarch.rpm python2-urllib3-1.24.2-1.module+el8.1.0+3280+19512f10.noarch.rpm python2-virtualenv-15.1.0-19.module+el8.1.0+3507+d69c168d.noarch.rpm python2-wheel-0.31.1-2.module+el8.1.0+3725+aac5cd17.noarch.rpm python2-wheel-wheel-0.31.1-2.module+el8.1.0+3725+aac5cd17.noarch.rpm ppc64le: Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm python2-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-debug-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm python2-debuginfo-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm python2-debugsource-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm python2-devel-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm python2-libs-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.ppc64le.rpm python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.ppc64le.rpm python2-test-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm python2-tkinter-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm python2-tools-2.7.17-1.module+el8.2.0+4561+f4e0d66a.ppc64le.rpm scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.ppc64le.rpm s390x: Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.s390x.rpm python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm python2-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-debug-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm python2-debuginfo-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm python2-debugsource-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm python2-devel-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm python2-libs-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.s390x.rpm python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.s390x.rpm python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.s390x.rpm python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.s390x.rpm python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.s390x.rpm python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.s390x.rpm python2-test-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm python2-tkinter-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm python2-tools-2.7.17-1.module+el8.2.0+4561+f4e0d66a.s390x.rpm scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.s390x.rpm x86_64: Cython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm PyYAML-debugsource-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm numpy-debugsource-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm python-coverage-debugsource-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python-lxml-debugsource-4.2.3-3.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python-psycopg2-debugsource-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python-psycopg2-doc-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm python-pymongo-debugsource-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm python2-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm python2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-Cython-debuginfo-0.28.1-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-backports-1.0-15.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-bson-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm python2-bson-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm python2-coverage-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-coverage-debuginfo-4.5.1-4.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-debug-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm python2-debuginfo-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm python2-debugsource-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm python2-devel-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm python2-libs-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm python2-lxml-4.2.3-3.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-lxml-debuginfo-4.2.3-3.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-numpy-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm python2-numpy-debuginfo-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm python2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.x86_64.rpm python2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-psycopg2-debug-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-psycopg2-tests-2.7.5-7.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-pymongo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm python2-pymongo-debuginfo-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm python2-pymongo-gridfs-3.6.1-11.module+el8.1.0+3446+c3d52da3.x86_64.rpm python2-pyyaml-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-pyyaml-debuginfo-3.12-16.module+el8.1.0+3111+de3f2d8e.x86_64.rpm python2-scipy-1.0.0-20.module+el8.1.0+3323+7ac3e00f.x86_64.rpm python2-scipy-debuginfo-1.0.0-20.module+el8.1.0+3323+7ac3e00f.x86_64.rpm python2-sqlalchemy-1.3.2-1.module+el8.1.0+2994+98e054d6.x86_64.rpm python2-test-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm python2-tkinter-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm python2-tools-2.7.17-1.module+el8.2.0+4561+f4e0d66a.x86_64.rpm scipy-debugsource-1.0.0-20.module+el8.1.0+3323+7ac3e00f.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-18074 https://access.redhat.com/security/cve/CVE-2018-20060 https://access.redhat.com/security/cve/CVE-2018-20852 https://access.redhat.com/security/cve/CVE-2019-11236 https://access.redhat.com/security/cve/CVE-2019-11324 https://access.redhat.com/security/cve/CVE-2019-16056 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqhWFNzjgjWX9erEAQgp/Q//T+YdsmzyRB0ERmYaGVJw2F9TGcPtJ9ig X1Kfd7yEIdYe4WfjAov+iUyZ6h09ZXjlGtoUOukoUzVx+84P4XVADZjwQPGPbkYd HvUKy/4eHx8OYp29RVKeqT8zapeqEBIWp+nc56HKF5DkvOQbmpudnhIh+bnq3Cip p5YtU8+umOBTdAPTgYdkQ9Nc/x7MCiOCMfHkvdECja81WW1Y/Zrym8xvp9AGmdu6 7S1r51PoFq3kMBApjD7VVZpPFW0iZQ90jpSHVoV9E1x1O89IAkkGIWOuZTxpu2lM fISmuBvZhnuqdSrJb04B7YWEcnd8//GpxP0kUqVx76vzPEnUj5Ddy1IIt29YBXnQ 8Rh37yGELG3LkuMgjgpXwD73FHeaoByB8WmBa61okwfYDgh9O4a1G5KC8PRiXAzf uh+Wle2CuJK7+BdUdyYJABDvVpZ4BppNjT/TKaIgxwU3daQeo/tbVU4p+IhOGvky UB1cq+s44R01jvRngoU50c+q4l5Ykawrap8jX8AKFX/JPkzz1IGJ7baia8Nyg2te s7I90TdSZRDhJlMx2c+BcAO9zhFv39VvTy8t3hkocQoiU+3ZbufUQZI20DPw62eN X6AFDZqMrcR6TZuc++iGdN0aui80Tmu7bay8S88v5MhLvjFqmITSjM4DDGBxi6sC fykW5HV23Qg= =uSEj - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXqkIi2aOgq3Tt24GAQhphRAAjgpx5k7XcMRa4/hkoh7GXlrOodTteWuD W9bkxmxvxhBAEgOCZYmTlLMxsN9e8ESKQ78Nb7pEeuHhXNSEsCewiEDatXFZLx5f gPTu6CcSvNODFKykKQGA44jQSTzbN80CDx4Z8eadcWaDfmNuh23NQVNYb7JcBxs2 FRzG6JjuRevcwBYHWJtHVg0Edxr0RQIDyyCaXo20+aQw2APbZUQ1RIG+gMjYy0wL S5Q03mUo/sf52DC5M+hFY9ne5OQBhgqBkWq1nh67Orwumpvj/sPTYIh3jflWMbtk oe68ZBY5bMSLhjRlB+lXWPuUDHEFYNmtOPphWb25GNwefVwXTaE4arC5orDKIbqf jBZE+dqoId6D0IlVDqABUSa5CfmY4SqjSVFRAr6bbCiHTWKZmj3rc/iS8lCJA/66 oGnjLunDIZD9k2EKtZ85787EY5yPGVnVzLWjl6d+bJGpXdRZghXfbjA//o+T+Bak 6CBn5B9xIySPmVaBsWSU2UvZInTFqw7s+aoQcvaJR2Qc6ke/LqrcZMk3v9DqcpIC 0AHCgk7kksAHU3U/usH0fNrMGFwQd/w6XRI0h9XXtMJMbZQ7EGhMsuXxVdqEod3I XPWNWcSFYyE/fOrnAbi1A6ls3SU0kQU3+YS3555biWrtoAe9DWKbrsXXD9pNEZYJ EdWsCEyfcfw= =TFzb -----END PGP SIGNATURE-----