Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:4654
HistoryNov 03, 2020 - 12:24 p.m.

(RHSA-2020:4654) Moderate: python27:2.7 security update

2020-11-0312:24:08
access.redhat.com
114

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.3%

JSON

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.

Security Fix(es):

  • python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)

  • python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyaarch64python2-psycopg2-debuginfo< 2.7.5-7.module+el8.1.0+3111+de3f2d8epython2-psycopg2-debuginfo-2.7.5-7.module+el8.1.0+3111+de3f2d8e.aarch64.rpm
RedHatanyppc64lepython2-sqlalchemy< 1.3.2-2.module+el8.3.0+6647+8d010749python2-sqlalchemy-1.3.2-2.module+el8.3.0+6647+8d010749.ppc64le.rpm
RedHatanyppc64lecython-debugsource< 0.28.1-7.module+el8.1.0+3111+de3f2d8eCython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
RedHatanyppc64lepython2-cython< 0.28.1-7.module+el8.1.0+3111+de3f2d8epython2-Cython-0.28.1-7.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
RedHatanynoarchpython2-setuptools_scm< 1.15.7-6.module+el8.1.0+3111+de3f2d8epython2-setuptools_scm-1.15.7-6.module+el8.1.0+3111+de3f2d8e.noarch.rpm
RedHatanys390xpython2< 2.7.17-2.module+el8.3.0+7681+f1f02dedpython2-2.7.17-2.module+el8.3.0+7681+f1f02ded.s390x.rpm
RedHatanys390xcython-debugsource< 0.28.1-7.module+el8.1.0+3111+de3f2d8eCython-debugsource-0.28.1-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
RedHatanys390xpython2-psycopg2< 2.7.5-7.module+el8.1.0+3111+de3f2d8epython2-psycopg2-2.7.5-7.module+el8.1.0+3111+de3f2d8e.s390x.rpm
RedHatanyppc64lepython2-markupsafe< 0.23-19.module+el8.1.0+3111+de3f2d8epython2-markupsafe-0.23-19.module+el8.1.0+3111+de3f2d8e.ppc64le.rpm
RedHatanyaarch64python2-numpy-f2py< 1.14.2-13.module+el8.1.0+3323+7ac3e00fpython2-numpy-f2py-1.14.2-13.module+el8.1.0+3323+7ac3e00f.aarch64.rpm
Rows per page:
1-10 of 2221

Related

rocky 1
nessus 77
almalinux 2
osv 9
oraclelinux 5
redhat 7
openvas 51
debiancve 2
suse 15
veracode 2
amazon 3
ubuntu 1
ibm 4
debian 1
redhatcve 2
cbl_mariner 4
prion 2
cve 2
github 1
ubuntucve 2
centos 2
fedora 2
f5 1
alpinelinux 1
rocky
rocky
python27:2.7 security update
2020-11-03 12:24:08
nessus
nessus
Oracle Linux 8 : python27:2.7 (ELSA-2020-4654)
2023-09-07 00:00:00
RHEL 8 : python27:2.7 (RHSA-2020:4654)
2020-11-04 00:00:00
CentOS 8 : python27:2.7 (CESA-2020:4654)
2021-02-01 00:00:00
almalinux
almalinux
Moderate: python27:2.7 security update
2020-11-03 12:24:08
Moderate: python-pip security update
2020-11-03 12:04:06
osv
osv
Moderate: python27:2.7 security update
2020-11-03 12:24:08
Moderate: python27:2.7 security update
2020-11-03 12:24:08
PYSEC-2020-173
2020-09-04 20:15:00
oraclelinux
oraclelinux
python27:2.7 security update
2020-11-10 00:00:00
python-virtualenv security update
2022-06-29 00:00:00
python-pip security update
2022-03-10 00:00:00
redhat
redhat
(RHSA-2020:4273) Moderate: python27 security, bug fix, and enhancement update
2020-10-20 15:44:20
(RHSA-2022:5234) Moderate: python-virtualenv security update
2022-06-28 07:52:36
(RHSA-2020:4432) Moderate: python-pip security update
2020-11-03 12:04:06
openvas
openvas
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2020-2503)
2020-12-01 00:00:00
openSUSE: Security Advisory for python-pip (openSUSE-SU-2020:1613-1)
2020-10-05 00:00:00
Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2020-2490)
2020-12-01 00:00:00
debiancve
debiancve
CVE-2019-20916
2020-09-04 20:15:00
CVE-2019-20907
2020-07-13 13:15:00
suse
suse
Security update for python-pip (moderate)
2020-10-04 00:00:00
Security update for python-setuptools (important)
2020-12-01 00:00:00
Security update for python-pip (moderate)
2020-10-04 00:00:00
veracode
veracode
Directory Traversal
2019-06-13 01:55:10
Denial Of Service (DoS)
2020-08-06 21:29:42
amazon
amazon
Medium: python-pip
2021-05-20 16:07:00
Medium: python
2020-09-01 00:40:00
Medium: python27
2020-08-27 00:20:00
ubuntu
ubuntu
pip vulnerability
2020-10-22 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in Python affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2019-20916)
2023-01-12 21:59:00
Security Bulletin: Publicly disclosed vulnerability from Python affects IBM Netezza Host Management
2020-11-10 10:59:11
Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Python (CVE-2019-20907)
2023-08-17 17:52:34
debian
debian
[SECURITY] [DLA 2370-1] python-pip security update
2020-09-11 10:16:16
redhatcve
redhatcve
CVE-2019-20916
2020-09-07 14:21:56
CVE-2019-20907
2020-07-13 19:16:55
cbl_mariner
cbl_mariner
CVE-2019-20916 affecting package python-pip 18.0-5
2021-01-11 21:49:40
CVE-2019-20907 affecting package python3 3.7.7-2
2021-07-08 21:56:42
CVE-2019-20907 affecting package python2 2.7.18-9
2020-11-30 19:30:47
prion
prion
Directory traversal
2020-09-04 20:15:00
Input validation
2020-07-13 13:15:00
cve
cve
CVE-2019-20916
2020-09-04 20:15:00
CVE-2019-20907
2020-07-13 13:15:00
github
github
Path Traversal in pip
2021-06-09 17:35:04
ubuntucve
ubuntucve
CVE-2019-20916
2020-09-04 00:00:00
CVE-2019-20907
2020-07-13 00:00:00
centos
centos
python security update
2022-08-02 19:21:51
python, tkinter security update
2020-11-18 17:21:38
fedora
fedora
[SECURITY] Fedora 32 Update: python39-3.9.0~b5-1.fc32
2020-07-30 18:57:22
[SECURITY] Fedora 31 Update: python39-3.9.0~b5-1.fc31
2020-07-30 19:09:04
f5
f5
K78284681 : Python tarfile library vulnerability CVE-2019-20907
2021-06-01 00:00:00
alpinelinux
alpinelinux
CVE-2019-20907
2020-07-13 13:15:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.3%

JSON
Related for RHSA-2020:4654
rocky1nessus77almalinux2osv9oraclelinux5redhat7openvas51debiancve2suse15veracode2amazon3ubuntu1ibm4debian1redhatcve2cbl_mariner4prion2cve2github1ubuntucve2centos2fedora2f51alpinelinux1