Red Hat Product Errata RHSA-2020:1268 - Security Advisory
Issued:
2020-04-01
Updated:
2020-04-01

RHSA-2020:1268 - Security Advisory

Synopsis

Moderate: python security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061)
  • python: Missing salt initialization in _elementtree.c module (CVE-2018-14647)
  • python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)
  • python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)
  • python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948)
  • python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
  • Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le

Fixes

  • BZ - 1549191 - CVE-2018-1060 python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
  • BZ - 1549192 - CVE-2018-1061 python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib
  • BZ - 1631822 - CVE-2018-14647 python: Missing salt initialization in _elementtree.c module
  • BZ - 1688169 - CVE-2019-9740 python: CRLF injection via the query part of the url passed to urlopen()
  • BZ - 1695570 - CVE-2019-9948 python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms
  • BZ - 1695572 - CVE-2019-9947 python: CRLF injection via the path part of the url passed to urlopen()

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5

SRPM
python-2.7.5-74.el7_5.src.rpm SHA-256: 561c2f2d3292ac9e055c98646c3dbe01a006be8de1a2628f46351089dfdbf12f
x86_64
python-2.7.5-74.el7_5.x86_64.rpm SHA-256: 56c851a264f08c40161a0c4776422373a57086df6d2e4a007a68d0546a0402d9
python-debug-2.7.5-74.el7_5.x86_64.rpm SHA-256: 3c9ab830b1a224c0ea4cfdfb341acb98ef00c4e195e74061e6d107fb921f1058
python-debuginfo-2.7.5-74.el7_5.i686.rpm SHA-256: 022a38c1a91bf96229c27708b4ed3f254fc11b2569af6cb06833878c1ff575e9
python-debuginfo-2.7.5-74.el7_5.x86_64.rpm SHA-256: 1ebc8b30673f4dd2bc3762ff95eb73a17a1ce464d2d17d7bd5cdfbeaa54afacd
python-debuginfo-2.7.5-74.el7_5.x86_64.rpm SHA-256: 1ebc8b30673f4dd2bc3762ff95eb73a17a1ce464d2d17d7bd5cdfbeaa54afacd
python-devel-2.7.5-74.el7_5.x86_64.rpm SHA-256: 3c26f8fded1ae3b76f921f96b040607d7b5d6adf6922f6e0972f54310ec70ef3
python-libs-2.7.5-74.el7_5.i686.rpm SHA-256: 9708c076e77946d946d37062ef1665d0d8813b794526ad3a2d0eca034aa94804
python-libs-2.7.5-74.el7_5.x86_64.rpm SHA-256: 73adfce285857520c809b7dd143044db15d3bf4e732e104dacec67c3dfd8a961
python-test-2.7.5-74.el7_5.x86_64.rpm SHA-256: 5729706d9927dd738439775d207a7fc379728a8e07857339700670450d006fbb
python-tools-2.7.5-74.el7_5.x86_64.rpm SHA-256: cdd931bb3297e765b686a6487a9234ddf76338e5755c7b8809be8e3b2bbd560a
tkinter-2.7.5-74.el7_5.x86_64.rpm SHA-256: a22d5553124fef1b99ba6f3c3615df01d877e81887e3b99eed16bf22a94cfcd8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5

SRPM
python-2.7.5-74.el7_5.src.rpm SHA-256: 561c2f2d3292ac9e055c98646c3dbe01a006be8de1a2628f46351089dfdbf12f
s390x
python-2.7.5-74.el7_5.s390x.rpm SHA-256: 76792fe5dafd517174bc4770e605cbf63a09a44c81e3b8072ef2d098d92c143b
python-debug-2.7.5-74.el7_5.s390x.rpm SHA-256: 0010dc617c7a23f3b874ca4c5e3c6ae8bba3e668e4221d468129d8d9bd3968a5
python-debuginfo-2.7.5-74.el7_5.s390.rpm SHA-256: 075bdcdd820522f3c89bc439c5b39ee77727248cb9b5e9ef07fd223b333d7fb5
python-debuginfo-2.7.5-74.el7_5.s390x.rpm SHA-256: 90d040c93bde62a98af00a99aa8fb0a1214bf176076c0025d074bf5d3ad246d9
python-debuginfo-2.7.5-74.el7_5.s390x.rpm SHA-256: 90d040c93bde62a98af00a99aa8fb0a1214bf176076c0025d074bf5d3ad246d9
python-devel-2.7.5-74.el7_5.s390x.rpm SHA-256: 08c8525cdb0099562501ecf5c6662e0021486e9dc33cc8a6a18e0d51036fb3e0
python-libs-2.7.5-74.el7_5.s390.rpm SHA-256: 5a7b1aac09efee79a417db57274cd739f16e3eea9a0f5fcc083e31a6a109668c
python-libs-2.7.5-74.el7_5.s390x.rpm SHA-256: 16621406a23504b5ec033feba202d6f6494d7f0a32979853bb1398191ae49e7e
python-test-2.7.5-74.el7_5.s390x.rpm SHA-256: d8d4b1f8040b1d1ff4d60f39c41858a7066876df372172e744ef0400cb840b9e
python-tools-2.7.5-74.el7_5.s390x.rpm SHA-256: 26224bc3236f6189fedc298c55dce75f99c31e45835cad7a6849b632f741f5b8
tkinter-2.7.5-74.el7_5.s390x.rpm SHA-256: ee3c57339ca0a3bf58ab24541b0a7d92e904eab1dd462077d9cb4494f9613568

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5

SRPM
python-2.7.5-74.el7_5.src.rpm SHA-256: 561c2f2d3292ac9e055c98646c3dbe01a006be8de1a2628f46351089dfdbf12f
ppc64
python-2.7.5-74.el7_5.ppc64.rpm SHA-256: 377fb3a7458ed350db87069a22da77ebadc0b5686413fd434544812995a60f76
python-debug-2.7.5-74.el7_5.ppc64.rpm SHA-256: 71471f4f9e706395f267df07ed78b611de2cf4fe6c589315fe31665725f1122e
python-debuginfo-2.7.5-74.el7_5.ppc.rpm SHA-256: 26e263037a4abd0e9fe4fdfb12582653370f89fecb4f1dab815640f2b7d7f877
python-debuginfo-2.7.5-74.el7_5.ppc64.rpm SHA-256: 8ee0e2b5ffd5f3b8bb661262afbeb81ae19dd94dcc4b1edb95e3cf587a0d083e
python-debuginfo-2.7.5-74.el7_5.ppc64.rpm SHA-256: 8ee0e2b5ffd5f3b8bb661262afbeb81ae19dd94dcc4b1edb95e3cf587a0d083e
python-devel-2.7.5-74.el7_5.ppc64.rpm SHA-256: 2711c878c18be0e0b9fdc605d6cca1797f970215b1adf5178f7be1133a095a9f
python-libs-2.7.5-74.el7_5.ppc.rpm SHA-256: a091845d4b8fdfe350ceacbe97295a291a583790516a01c84a36e4819a42f435
python-libs-2.7.5-74.el7_5.ppc64.rpm SHA-256: f14fa8d189a28085f6120c7197128f8fa770e5771fa89646d6d4bbbe4bc065fd
python-test-2.7.5-74.el7_5.ppc64.rpm SHA-256: 6e5daeffa736526022cf23d5ba747989ad6c7220aea185fe9b744ffaf855799e
python-tools-2.7.5-74.el7_5.ppc64.rpm SHA-256: 539c5fb61890c229dd36b5d9dd442158e40f8da83d0333a899455c2972eaf240
tkinter-2.7.5-74.el7_5.ppc64.rpm SHA-256: 71b8d4e1d3c46e956f14d1d2002d561bc4cff988a770b9cb29443ffa33a5b789

Red Hat Enterprise Linux EUS Compute Node 7.5

SRPM
python-2.7.5-74.el7_5.src.rpm SHA-256: 561c2f2d3292ac9e055c98646c3dbe01a006be8de1a2628f46351089dfdbf12f
x86_64
python-2.7.5-74.el7_5.x86_64.rpm SHA-256: 56c851a264f08c40161a0c4776422373a57086df6d2e4a007a68d0546a0402d9
python-debug-2.7.5-74.el7_5.x86_64.rpm SHA-256: 3c9ab830b1a224c0ea4cfdfb341acb98ef00c4e195e74061e6d107fb921f1058
python-debuginfo-2.7.5-74.el7_5.i686.rpm SHA-256: 022a38c1a91bf96229c27708b4ed3f254fc11b2569af6cb06833878c1ff575e9
python-debuginfo-2.7.5-74.el7_5.x86_64.rpm SHA-256: 1ebc8b30673f4dd2bc3762ff95eb73a17a1ce464d2d17d7bd5cdfbeaa54afacd
python-debuginfo-2.7.5-74.el7_5.x86_64.rpm SHA-256: 1ebc8b30673f4dd2bc3762ff95eb73a17a1ce464d2d17d7bd5cdfbeaa54afacd
python-devel-2.7.5-74.el7_5.x86_64.rpm SHA-256: 3c26f8fded1ae3b76f921f96b040607d7b5d6adf6922f6e0972f54310ec70ef3
python-libs-2.7.5-74.el7_5.i686.rpm SHA-256: 9708c076e77946d946d37062ef1665d0d8813b794526ad3a2d0eca034aa94804
python-libs-2.7.5-74.el7_5.x86_64.rpm SHA-256: 73adfce285857520c809b7dd143044db15d3bf4e732e104dacec67c3dfd8a961
python-test-2.7.5-74.el7_5.x86_64.rpm SHA-256: 5729706d9927dd738439775d207a7fc379728a8e07857339700670450d006fbb
python-tools-2.7.5-74.el7_5.x86_64.rpm SHA-256: cdd931bb3297e765b686a6487a9234ddf76338e5755c7b8809be8e3b2bbd560a
tkinter-2.7.5-74.el7_5.x86_64.rpm SHA-256: a22d5553124fef1b99ba6f3c3615df01d877e81887e3b99eed16bf22a94cfcd8

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5

SRPM
python-2.7.5-74.el7_5.src.rpm SHA-256: 561c2f2d3292ac9e055c98646c3dbe01a006be8de1a2628f46351089dfdbf12f
ppc64le
python-2.7.5-74.el7_5.ppc64le.rpm SHA-256: baa95a80434687c5f0dc51ba826ff4a6064469543f281db0a53326dde4eb73f0
python-debug-2.7.5-74.el7_5.ppc64le.rpm SHA-256: 777b68f0a02fff909d01bfe02a5efb50b10a87258bb2fdf734027a7672c0f135
python-debuginfo-2.7.5-74.el7_5.ppc64le.rpm SHA-256: 68f4e9d68c6b52f946d9a9a9014104a97eb096a70439f9e80059d6ca532a94c9
python-debuginfo-2.7.5-74.el7_5.ppc64le.rpm SHA-256: 68f4e9d68c6b52f946d9a9a9014104a97eb096a70439f9e80059d6ca532a94c9
python-devel-2.7.5-74.el7_5.ppc64le.rpm SHA-256: 602dd748400a0eba896e8f7d355a8f633f42f35c797a218ffab7b54153bac4d0
python-libs-2.7.5-74.el7_5.ppc64le.rpm SHA-256: 4dca682758fad31ca19370ff5fe94d98811a07f065597f1efa994202e62d63ca
python-test-2.7.5-74.el7_5.ppc64le.rpm SHA-256: 02d7612b9a61a1a56268c8ff409b7bba9d4e0a738e6f06a285495fa945cde292
python-tools-2.7.5-74.el7_5.ppc64le.rpm SHA-256: d84564397f52a8326d53ba95e892e446f8efd5628c2992bf8366a2afdc19c83c
tkinter-2.7.5-74.el7_5.ppc64le.rpm SHA-256: efd355f0e068c433ce6423d3ef7ea6e98fa25c8ce9a3ee9092325ae8cac73b2d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.