RHSA-2019:3335-01 -- Redhat Cython, PyYAML, babel, numpy, pytest, python-PyMySQL, python-attrs, python-backports, python-backports-ssl_match_hostname, python-chardet, python-coverage, python-dns, python-docs, python-docutils, python-funcsigs, python-idna, python-ipaddress, python-jinja2, python-lxml, python-markupsafe, python-mock, python-nose, python-pluggy, python-psycopg2, python-py, python-pygments, python-pymongo, python-pysocks, python-pytest-mock, python-requests, python-setuptools_scm, python-six, python-sqlalchemy, python-urllib3, python-virtualenv, python-wheel, python2, python2-pip, python2-rpm-macros, python2-setuptools, pytz, scipy
Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fix: * numpy: crafted serialized object passed in numpy.load in pickle python module allows arbitrary code execution * python: CRLF injection via the query part of the url passed to urlopen * python: CRLF injection via the path part of the url passed to urlopen * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms * python-urllib3: CRLF injection due to not encoding the "\r\n" sequence leading to possible attack on internal service * python-urllib3: Certification mishandle when error should be thrown For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
|
 |
30479 |
 |
423868 |
 |
248364 |
 |
909 |
 |
195388 |
 |
282 |
