Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2020:5009 - Security Advisory
Issued:
2020-11-10
Updated:
2020-11-10

RHSA-2020:5009 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: python security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries.

Security Fix(es):

  • python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1856481 - CVE-2019-20907 python: infinite loop in the tarfile module via crafted TAR archive

CVEs

  • CVE-2019-20907

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
python-2.7.5-90.el7.src.rpm SHA-256: 57027449a57b3fe289f3f0352f036e02ee31784d866213d0f9f3acabc045944a
x86_64
python-2.7.5-90.el7.x86_64.rpm SHA-256: 5bcdbd209029215a01308b70d89d2751bac5d54166692d6d6c330b186f73d3ac
python-debug-2.7.5-90.el7.x86_64.rpm SHA-256: af2ff8f2f96e4b00230502c6f67156d552f6b4d8103629f1b1100966725594f4
python-debuginfo-2.7.5-90.el7.i686.rpm SHA-256: 7509e151fb4b9d04d689021c45cb7d1f55679a3dc8bc82dd7f989443024f2c59
python-debuginfo-2.7.5-90.el7.x86_64.rpm SHA-256: 715c564812d97a140490266e96beea49b6bab641e3f21ed5969762cee09c0ef8
python-debuginfo-2.7.5-90.el7.x86_64.rpm SHA-256: 715c564812d97a140490266e96beea49b6bab641e3f21ed5969762cee09c0ef8
python-devel-2.7.5-90.el7.x86_64.rpm SHA-256: e7de61857fd09ae56bd63b858eb19750b8ef761875722373c11ac24b694a5be6
python-libs-2.7.5-90.el7.i686.rpm SHA-256: 1f3ea68262effbe7b2cc8a505f63ed6e883c434b032fb2d66ee00056ef7f2ef6
python-libs-2.7.5-90.el7.x86_64.rpm SHA-256: dafe5710f50ddddfab84ac4cc06f070fb30d9782309555254fd960a9764dfffc
python-test-2.7.5-90.el7.x86_64.rpm SHA-256: a1b907d274c0e6746e10e5e5c9af8abce5677b3460a5548b3604c022bb399b8d
python-tools-2.7.5-90.el7.x86_64.rpm SHA-256: 2b28e80e841ea8e20022897601b677e277ad828cd94451bcb3007f4a5b2ddb1f
tkinter-2.7.5-90.el7.x86_64.rpm SHA-256: 318c6684e80b65690548155d001fe93a43f6628adb54c32988faf6464e8072a9

Red Hat Enterprise Linux Workstation 7

SRPM
python-2.7.5-90.el7.src.rpm SHA-256: 57027449a57b3fe289f3f0352f036e02ee31784d866213d0f9f3acabc045944a
x86_64
python-2.7.5-90.el7.x86_64.rpm SHA-256: 5bcdbd209029215a01308b70d89d2751bac5d54166692d6d6c330b186f73d3ac
python-debug-2.7.5-90.el7.x86_64.rpm SHA-256: af2ff8f2f96e4b00230502c6f67156d552f6b4d8103629f1b1100966725594f4
python-debuginfo-2.7.5-90.el7.i686.rpm SHA-256: 7509e151fb4b9d04d689021c45cb7d1f55679a3dc8bc82dd7f989443024f2c59
python-debuginfo-2.7.5-90.el7.x86_64.rpm SHA-256: 715c564812d97a140490266e96beea49b6bab641e3f21ed5969762cee09c0ef8
python-debuginfo-2.7.5-90.el7.x86_64.rpm SHA-256: 715c564812d97a140490266e96beea49b6bab641e3f21ed5969762cee09c0ef8
python-devel-2.7.5-90.el7.x86_64.rpm SHA-256: e7de61857fd09ae56bd63b858eb19750b8ef761875722373c11ac24b694a5be6
python-libs-2.7.5-90.el7.i686.rpm SHA-256: 1f3ea68262effbe7b2cc8a505f63ed6e883c434b032fb2d66ee00056ef7f2ef6
python-libs-2.7.5-90.el7.x86_64.rpm SHA-256: dafe5710f50ddddfab84ac4cc06f070fb30d9782309555254fd960a9764dfffc
python-test-2.7.5-90.el7.x86_64.rpm SHA-256: a1b907d274c0e6746e10e5e5c9af8abce5677b3460a5548b3604c022bb399b8d
python-tools-2.7.5-90.el7.x86_64.rpm SHA-256: 2b28e80e841ea8e20022897601b677e277ad828cd94451bcb3007f4a5b2ddb1f
tkinter-2.7.5-90.el7.x86_64.rpm SHA-256: 318c6684e80b65690548155d001fe93a43f6628adb54c32988faf6464e8072a9

Red Hat Enterprise Linux Desktop 7

SRPM
python-2.7.5-90.el7.src.rpm SHA-256: 57027449a57b3fe289f3f0352f036e02ee31784d866213d0f9f3acabc045944a
x86_64
python-2.7.5-90.el7.x86_64.rpm SHA-256: 5bcdbd209029215a01308b70d89d2751bac5d54166692d6d6c330b186f73d3ac
python-debug-2.7.5-90.el7.x86_64.rpm SHA-256: af2ff8f2f96e4b00230502c6f67156d552f6b4d8103629f1b1100966725594f4
python-debuginfo-2.7.5-90.el7.i686.rpm SHA-256: 7509e151fb4b9d04d689021c45cb7d1f55679a3dc8bc82dd7f989443024f2c59
python-debuginfo-2.7.5-90.el7.x86_64.rpm SHA-256: 715c564812d97a140490266e96beea49b6bab641e3f21ed5969762cee09c0ef8
python-debuginfo-2.7.5-90.el7.x86_64.rpm SHA-256: 715c564812d97a140490266e96beea49b6bab641e3f21ed5969762cee09c0ef8
python-devel-2.7.5-90.el7.x86_64.rpm SHA-256: e7de61857fd09ae56bd63b858eb19750b8ef761875722373c11ac24b694a5be6
python-libs-2.7.5-90.el7.i686.rpm SHA-256: 1f3ea68262effbe7b2cc8a505f63ed6e883c434b032fb2d66ee00056ef7f2ef6
python-libs-2.7.5-90.el7.x86_64.rpm SHA-256: dafe5710f50ddddfab84ac4cc06f070fb30d9782309555254fd960a9764dfffc
python-test-2.7.5-90.el7.x86_64.rpm SHA-256: a1b907d274c0e6746e10e5e5c9af8abce5677b3460a5548b3604c022bb399b8d
python-tools-2.7.5-90.el7.x86_64.rpm SHA-256: 2b28e80e841ea8e20022897601b677e277ad828cd94451bcb3007f4a5b2ddb1f
tkinter-2.7.5-90.el7.x86_64.rpm SHA-256: 318c6684e80b65690548155d001fe93a43f6628adb54c32988faf6464e8072a9

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
python-2.7.5-90.el7.src.rpm SHA-256: 57027449a57b3fe289f3f0352f036e02ee31784d866213d0f9f3acabc045944a
s390x
python-2.7.5-90.el7.s390x.rpm SHA-256: 0117d4a419174deaeb6079ad1ff6d1de2e8698da2c410a3ff0c4b2177fc41b4f
python-debug-2.7.5-90.el7.s390x.rpm SHA-256: 72e8a7dcbd3f84fe9a55264d03d106cd5bf154f935abbbeba8d1ca9d489119f3
python-debuginfo-2.7.5-90.el7.s390.rpm SHA-256: a98d46713682e952b08d9d81d66c20e733992a62636df810e8fe591282fc50d1
python-debuginfo-2.7.5-90.el7.s390x.rpm SHA-256: 16e46736015216b7046762e035532df5cb76f8f963912c2974e0bda2172e3c2e
python-debuginfo-2.7.5-90.el7.s390x.rpm SHA-256: 16e46736015216b7046762e035532df5cb76f8f963912c2974e0bda2172e3c2e
python-devel-2.7.5-90.el7.s390x.rpm SHA-256: 932f0ee8297a0f7eee16fa065885b08ea4d184e2c45c888fa48e7868e19e4194
python-libs-2.7.5-90.el7.s390.rpm SHA-256: 2eba173f14be29723bf406673d4db17be930fc5d330c4e3e549e537535df6f4e
python-libs-2.7.5-90.el7.s390x.rpm SHA-256: e79f126cd044aedb3b60ebcfdd5e40d5cf0f833d87b34c86a046d5cba5979167
python-test-2.7.5-90.el7.s390x.rpm SHA-256: 72d6588abe1840c1c8f22bad209d191d79b6f6065ebc8661f87aeb077e2e328b
python-tools-2.7.5-90.el7.s390x.rpm SHA-256: 3ecce125dddbd3c40960e73a502670d53835b7d3a3e102f048f8271bab48b392
tkinter-2.7.5-90.el7.s390x.rpm SHA-256: 6bf9b80546e1d7761e061bab11aab03a98c8fee707b60d913aed1eb48f8f5eaa

Red Hat Enterprise Linux for Power, big endian 7

SRPM
python-2.7.5-90.el7.src.rpm SHA-256: 57027449a57b3fe289f3f0352f036e02ee31784d866213d0f9f3acabc045944a
ppc64
python-2.7.5-90.el7.ppc64.rpm SHA-256: 1562fb720181ccb13fa4dc65a8458e79ba2b38d4bdd43713dc1c912d48d34c75
python-debug-2.7.5-90.el7.ppc64.rpm SHA-256: 81a189761ed7dc0b184066e6d27a89a1370bcc01f95fbe327ea03cdb40fcba68
python-debuginfo-2.7.5-90.el7.ppc.rpm SHA-256: 2c798635936f0830c9074c4920b18be64ce3fcca95f0ccd3d78ca3e54efb739f
python-debuginfo-2.7.5-90.el7.ppc64.rpm SHA-256: cf7b995b928a74f6060cd886844dec3c6c900ca28c98f5bf02c3f85e32ce86b3
python-debuginfo-2.7.5-90.el7.ppc64.rpm SHA-256: cf7b995b928a74f6060cd886844dec3c6c900ca28c98f5bf02c3f85e32ce86b3
python-devel-2.7.5-90.el7.ppc64.rpm SHA-256: ca80e2004706910e727cd9525d0583fbbe63696cedae97150ebf994591debdfb
python-libs-2.7.5-90.el7.ppc.rpm SHA-256: a39466690d54db2a352a775293b90c636f757589654ec1856ebd460f96b6c877
python-libs-2.7.5-90.el7.ppc64.rpm SHA-256: 0011095140f369ab7754098607d4daf7b38677ce5bf9eb3884d9064e0f61424c
python-test-2.7.5-90.el7.ppc64.rpm SHA-256: 575d34a592b1ee8c6aa496fafc2d4fb152644e16d79feed4ccc1818cd790d60e
python-tools-2.7.5-90.el7.ppc64.rpm SHA-256: 8be7c0f50bf60f59fefda300d94d5ec28a90644ab1154c4cde49dfd148ac0be5
tkinter-2.7.5-90.el7.ppc64.rpm SHA-256: 0e1b2a9d6eadd31b039a8a8fa3a5e61aa290806480cca8f2d2574c5cfef5dad3

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
python-2.7.5-90.el7.src.rpm SHA-256: 57027449a57b3fe289f3f0352f036e02ee31784d866213d0f9f3acabc045944a
x86_64
python-2.7.5-90.el7.x86_64.rpm SHA-256: 5bcdbd209029215a01308b70d89d2751bac5d54166692d6d6c330b186f73d3ac
python-debug-2.7.5-90.el7.x86_64.rpm SHA-256: af2ff8f2f96e4b00230502c6f67156d552f6b4d8103629f1b1100966725594f4
python-debuginfo-2.7.5-90.el7.i686.rpm SHA-256: 7509e151fb4b9d04d689021c45cb7d1f55679a3dc8bc82dd7f989443024f2c59
python-debuginfo-2.7.5-90.el7.x86_64.rpm SHA-256: 715c564812d97a140490266e96beea49b6bab641e3f21ed5969762cee09c0ef8
python-debuginfo-2.7.5-90.el7.x86_64.rpm SHA-256: 715c564812d97a140490266e96beea49b6bab641e3f21ed5969762cee09c0ef8
python-devel-2.7.5-90.el7.x86_64.rpm SHA-256: e7de61857fd09ae56bd63b858eb19750b8ef761875722373c11ac24b694a5be6
python-libs-2.7.5-90.el7.i686.rpm SHA-256: 1f3ea68262effbe7b2cc8a505f63ed6e883c434b032fb2d66ee00056ef7f2ef6
python-libs-2.7.5-90.el7.x86_64.rpm SHA-256: dafe5710f50ddddfab84ac4cc06f070fb30d9782309555254fd960a9764dfffc
python-test-2.7.5-90.el7.x86_64.rpm SHA-256: a1b907d274c0e6746e10e5e5c9af8abce5677b3460a5548b3604c022bb399b8d
python-tools-2.7.5-90.el7.x86_64.rpm SHA-256: 2b28e80e841ea8e20022897601b677e277ad828cd94451bcb3007f4a5b2ddb1f
tkinter-2.7.5-90.el7.x86_64.rpm SHA-256: 318c6684e80b65690548155d001fe93a43f6628adb54c32988faf6464e8072a9

Red Hat Enterprise Linux for Power, little endian 7

SRPM
python-2.7.5-90.el7.src.rpm SHA-256: 57027449a57b3fe289f3f0352f036e02ee31784d866213d0f9f3acabc045944a
ppc64le
python-2.7.5-90.el7.ppc64le.rpm SHA-256: 9e7883b39d70c85ea4dc51acca8aaedf71384968d7725ff3b7903b16c45513c2
python-debug-2.7.5-90.el7.ppc64le.rpm SHA-256: ef3fe092cf41d6c91dd897862394c28fc67cbcee99263b02276bc1dff75125ab
python-debuginfo-2.7.5-90.el7.ppc64le.rpm SHA-256: c1b9d18aaf46e69f6fcd81a30f3ebdb9a0512df77e7bd91c59ca3fb0c3ec9dad
python-debuginfo-2.7.5-90.el7.ppc64le.rpm SHA-256: c1b9d18aaf46e69f6fcd81a30f3ebdb9a0512df77e7bd91c59ca3fb0c3ec9dad
python-devel-2.7.5-90.el7.ppc64le.rpm SHA-256: a740bdeb0fcb9334b9366fdadaf1450b340b3a6884193a78c45ba61ad50cfd2b
python-libs-2.7.5-90.el7.ppc64le.rpm SHA-256: 54f04ebcf01726893b8f6f338872e216d5bd7b94bca4b2b428d30baba389309e
python-test-2.7.5-90.el7.ppc64le.rpm SHA-256: af0014bea0cba34f6ba1e83a9a256579f4c90a454e5ef5cf45a0cc4146b073af
python-tools-2.7.5-90.el7.ppc64le.rpm SHA-256: eabca9885333284d337c8cb7dcd01f2bfb490bff0ba651294bf5969e46c360f8
tkinter-2.7.5-90.el7.ppc64le.rpm SHA-256: 8cc9d006c3fc0dd6941db3383ee95ead072bf9e2b72024b586935d1e9f82d634

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter