You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa python

Sigurnosni nedostaci programskog paketa python

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: python36:3.6 security update
Advisory ID: RHSA-2019:0984-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:0984
Issue date: 2019-05-07
CVE Names: CVE-2019-7164 CVE-2019-7548
=====================================================================

1. Summary:

An update for the python36:3.6 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) – aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming
language, which includes modules, classes, exceptions, very high level
dynamic data types and dynamic typing. Python supports interfaces to many
system calls and libraries, as well as to various windowing systems.

SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible,
high-level interface to SQL databases.

Security Fix(es):

* python-sqlalchemy: SQL Injection when the order_by parameter can be
controlled (CVE-2019-7164)

* python-sqlalchemy: SQL Injection when the group_by parameter can be
controlled (CVE-2019-7548)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1674059 – CVE-2019-7548 python-sqlalchemy: SQL Injection when the group_by parameter can be controlled
1678520 – CVE-2019-7164 python-sqlalchemy: SQL Injection when the order_by parameter can be controlled

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
python-PyMySQL-0.8.0-10.module+el8.0.0+2966+d39a1df3.src.rpm
python-docs-3.6.7-2.module+el8.0.0+2966+d39a1df3.src.rpm
python-docutils-0.14-12.module+el8.0.0+2966+d39a1df3.src.rpm
python-nose-1.3.7-30.module+el8.0.0+2966+d39a1df3.src.rpm
python-pygments-2.2.0-20.module+el8.0.0+2966+d39a1df3.src.rpm
python-pymongo-3.6.1-9.module+el8.0.0+2966+d39a1df3.src.rpm
python-sqlalchemy-1.3.2-1.module+el8.0.0+2975+e0f02136.src.rpm
python-virtualenv-15.1.0-18.module+el8.0.0+2966+d39a1df3.src.rpm
python-wheel-0.30.0-13.module+el8.0.0+2966+d39a1df3.src.rpm
python36-3.6.8-2.module+el8.0.0+2975+e0f02136.src.rpm
scipy-1.0.0-19.module+el8.0.0+2966+d39a1df3.src.rpm

aarch64:
python3-bson-3.6.1-9.module+el8.0.0+2966+d39a1df3.aarch64.rpm
python3-bson-debuginfo-3.6.1-9.module+el8.0.0+2966+d39a1df3.aarch64.rpm
python3-pymongo-3.6.1-9.module+el8.0.0+2966+d39a1df3.aarch64.rpm
python3-pymongo-debuginfo-3.6.1-9.module+el8.0.0+2966+d39a1df3.aarch64.rpm
python3-pymongo-gridfs-3.6.1-9.module+el8.0.0+2966+d39a1df3.aarch64.rpm
python3-scipy-1.0.0-19.module+el8.0.0+2966+d39a1df3.aarch64.rpm
python3-scipy-debuginfo-1.0.0-19.module+el8.0.0+2966+d39a1df3.aarch64.rpm
python3-sqlalchemy-1.3.2-1.module+el8.0.0+2975+e0f02136.aarch64.rpm
python36-3.6.8-2.module+el8.0.0+2975+e0f02136.aarch64.rpm
python36-debug-3.6.8-2.module+el8.0.0+2975+e0f02136.aarch64.rpm
python36-devel-3.6.8-2.module+el8.0.0+2975+e0f02136.aarch64.rpm

noarch:
python-nose-docs-1.3.7-30.module+el8.0.0+2966+d39a1df3.noarch.rpm
python-pymongo-doc-3.6.1-9.module+el8.0.0+2966+d39a1df3.noarch.rpm
python-sqlalchemy-doc-1.3.2-1.module+el8.0.0+2975+e0f02136.noarch.rpm
python-virtualenv-doc-15.1.0-18.module+el8.0.0+2966+d39a1df3.noarch.rpm
python3-PyMySQL-0.8.0-10.module+el8.0.0+2966+d39a1df3.noarch.rpm
python3-docs-3.6.7-2.module+el8.0.0+2966+d39a1df3.noarch.rpm
python3-docutils-0.14-12.module+el8.0.0+2966+d39a1df3.noarch.rpm
python3-nose-1.3.7-30.module+el8.0.0+2966+d39a1df3.noarch.rpm
python3-pygments-2.2.0-20.module+el8.0.0+2966+d39a1df3.noarch.rpm
python3-virtualenv-15.1.0-18.module+el8.0.0+2966+d39a1df3.noarch.rpm
python3-wheel-0.30.0-13.module+el8.0.0+2966+d39a1df3.noarch.rpm
python36-rpm-macros-3.6.8-2.module+el8.0.0+2975+e0f02136.noarch.rpm

ppc64le:
python3-bson-3.6.1-9.module+el8.0.0+2966+d39a1df3.ppc64le.rpm
python3-bson-debuginfo-3.6.1-9.module+el8.0.0+2966+d39a1df3.ppc64le.rpm
python3-pymongo-3.6.1-9.module+el8.0.0+2966+d39a1df3.ppc64le.rpm
python3-pymongo-debuginfo-3.6.1-9.module+el8.0.0+2966+d39a1df3.ppc64le.rpm
python3-pymongo-gridfs-3.6.1-9.module+el8.0.0+2966+d39a1df3.ppc64le.rpm
python3-scipy-1.0.0-19.module+el8.0.0+2966+d39a1df3.ppc64le.rpm
python3-scipy-debuginfo-1.0.0-19.module+el8.0.0+2966+d39a1df3.ppc64le.rpm
python3-sqlalchemy-1.3.2-1.module+el8.0.0+2975+e0f02136.ppc64le.rpm
python36-3.6.8-2.module+el8.0.0+2975+e0f02136.ppc64le.rpm
python36-debug-3.6.8-2.module+el8.0.0+2975+e0f02136.ppc64le.rpm
python36-devel-3.6.8-2.module+el8.0.0+2975+e0f02136.ppc64le.rpm

s390x:
python3-bson-3.6.1-9.module+el8.0.0+2966+d39a1df3.s390x.rpm
python3-bson-debuginfo-3.6.1-9.module+el8.0.0+2966+d39a1df3.s390x.rpm
python3-pymongo-3.6.1-9.module+el8.0.0+2966+d39a1df3.s390x.rpm
python3-pymongo-debuginfo-3.6.1-9.module+el8.0.0+2966+d39a1df3.s390x.rpm
python3-pymongo-gridfs-3.6.1-9.module+el8.0.0+2966+d39a1df3.s390x.rpm
python3-scipy-1.0.0-19.module+el8.0.0+2966+d39a1df3.s390x.rpm
python3-scipy-debuginfo-1.0.0-19.module+el8.0.0+2966+d39a1df3.s390x.rpm
python3-sqlalchemy-1.3.2-1.module+el8.0.0+2975+e0f02136.s390x.rpm
python36-3.6.8-2.module+el8.0.0+2975+e0f02136.s390x.rpm
python36-debug-3.6.8-2.module+el8.0.0+2975+e0f02136.s390x.rpm
python36-devel-3.6.8-2.module+el8.0.0+2975+e0f02136.s390x.rpm

x86_64:
python3-bson-3.6.1-9.module+el8.0.0+2966+d39a1df3.x86_64.rpm
python3-bson-debuginfo-3.6.1-9.module+el8.0.0+2966+d39a1df3.x86_64.rpm
python3-pymongo-3.6.1-9.module+el8.0.0+2966+d39a1df3.x86_64.rpm
python3-pymongo-debuginfo-3.6.1-9.module+el8.0.0+2966+d39a1df3.x86_64.rpm
python3-pymongo-gridfs-3.6.1-9.module+el8.0.0+2966+d39a1df3.x86_64.rpm
python3-scipy-1.0.0-19.module+el8.0.0+2966+d39a1df3.x86_64.rpm
python3-scipy-debuginfo-1.0.0-19.module+el8.0.0+2966+d39a1df3.x86_64.rpm
python3-sqlalchemy-1.3.2-1.module+el8.0.0+2975+e0f02136.x86_64.rpm
python36-3.6.8-2.module+el8.0.0+2975+e0f02136.x86_64.rpm
python36-debug-3.6.8-2.module+el8.0.0+2975+e0f02136.x86_64.rpm
python36-devel-3.6.8-2.module+el8.0.0+2975+e0f02136.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-7164
https://access.redhat.com/security/cve/CVE-2019-7548
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXNEIvdzjgjWX9erEAQj8kxAAknkKDHtJC7kuPRlP0nel0Jj8gtHHKhdy
uL5DFyo1V1Rb7m9V62lFOgLzDHaWk8ZNn3ZVg8J6ylUPzYXXr/GPBUjFp5C/1V30
dCnDJ40Ljc0Vgnbm1vY2wwpkeN0UqaMp+2hMMeqltI6TagCYObkMiDPPP1QOvy0O
ezlHNL1I961KBXfPGLUugIr88jUbFGfCD/u8dN0i5r/LJmMDM4A2b0vhahLk2S8u
phJv9qKUlc9nTABWUZCnJ0ixhI/A/3M2dm30yFYrg5ouxbwHKppB2stTPEKaYiNS
rTuMOkpi8jbLu6farHEtQ6W76P/SW8qUQ2nNFFT7Ki3Zp4dRJg6iHSDywmh/IUJk
d2gjpP5gxjhsg5RSjHjAkhMLf1n9cCSEs2TpqrInhSFDwapi91BrN2zIHQszfUcX
+QTFLEWdn7N15AGgtQYSPCSu/oo3JR78s9HSzY1eUVh4Xc7/53gXvISoLCGvYQwZ
v/wTgl5RCMWv0Zp484HzsZysZpRZmBdywzRhss4m2z+z7Hvq1Fu4q2wWYR0eHbtO
4YH9s+pIt+c/dWNDjcI3yAwZ8zii/Nu4rpfeb3jK2ac9uILd9E1O1QCXZ1DiHvLD
LaZWEVDJpUBKhgYN2s3KUlZkgXy1YG4Z3bck5UPW2daMBHI06CSdOwkVmJTd/pnU
G+xc5RDHkJM=
=gIHj
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: python3 security update
Advisory ID: RHSA-2019:0997-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:0997
Issue date: 2019-05-07
CVE Names: CVE-2019-9636
=====================================================================

1. Summary:

An update for python3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) – aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) – aarch64, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming
language, which includes modules, classes, exceptions, very high level
dynamic data types and dynamic typing. Python supports interfaces to many
system calls and libraries, as well as to various windowing systems.

This package provides the “python3” executable: the reference interpreter
for the Python language, version 3. The majority of its standard library is
provided in the python3-libs package, which should be installed
automatically along with python3. The remaining parts of the Python
standard library are broken out into the python3-tkinter and python3-test
packages.

Security Fix(es):

* python: Information Disclosure due to urlsplit improper NFKC
normalization (CVE-2019-9636)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1688543 – CVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:
platform-python-debug-3.6.8-2.el8_0.aarch64.rpm
platform-python-devel-3.6.8-2.el8_0.aarch64.rpm
python3-debuginfo-3.6.8-2.el8_0.aarch64.rpm
python3-debugsource-3.6.8-2.el8_0.aarch64.rpm
python3-idle-3.6.8-2.el8_0.aarch64.rpm
python3-tkinter-3.6.8-2.el8_0.aarch64.rpm

ppc64le:
platform-python-debug-3.6.8-2.el8_0.ppc64le.rpm
platform-python-devel-3.6.8-2.el8_0.ppc64le.rpm
python3-debuginfo-3.6.8-2.el8_0.ppc64le.rpm
python3-debugsource-3.6.8-2.el8_0.ppc64le.rpm
python3-idle-3.6.8-2.el8_0.ppc64le.rpm
python3-tkinter-3.6.8-2.el8_0.ppc64le.rpm

s390x:
platform-python-debug-3.6.8-2.el8_0.s390x.rpm
platform-python-devel-3.6.8-2.el8_0.s390x.rpm
python3-debuginfo-3.6.8-2.el8_0.s390x.rpm
python3-debugsource-3.6.8-2.el8_0.s390x.rpm
python3-idle-3.6.8-2.el8_0.s390x.rpm
python3-tkinter-3.6.8-2.el8_0.s390x.rpm

x86_64:
platform-python-3.6.8-2.el8_0.i686.rpm
platform-python-debug-3.6.8-2.el8_0.i686.rpm
platform-python-debug-3.6.8-2.el8_0.x86_64.rpm
platform-python-devel-3.6.8-2.el8_0.i686.rpm
platform-python-devel-3.6.8-2.el8_0.x86_64.rpm
python3-debuginfo-3.6.8-2.el8_0.i686.rpm
python3-debuginfo-3.6.8-2.el8_0.x86_64.rpm
python3-debugsource-3.6.8-2.el8_0.i686.rpm
python3-debugsource-3.6.8-2.el8_0.x86_64.rpm
python3-idle-3.6.8-2.el8_0.i686.rpm
python3-idle-3.6.8-2.el8_0.x86_64.rpm
python3-test-3.6.8-2.el8_0.i686.rpm
python3-tkinter-3.6.8-2.el8_0.i686.rpm
python3-tkinter-3.6.8-2.el8_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:
python3-3.6.8-2.el8_0.src.rpm

aarch64:
platform-python-3.6.8-2.el8_0.aarch64.rpm
python3-debuginfo-3.6.8-2.el8_0.aarch64.rpm
python3-debugsource-3.6.8-2.el8_0.aarch64.rpm
python3-libs-3.6.8-2.el8_0.aarch64.rpm
python3-test-3.6.8-2.el8_0.aarch64.rpm

ppc64le:
platform-python-3.6.8-2.el8_0.ppc64le.rpm
python3-debuginfo-3.6.8-2.el8_0.ppc64le.rpm
python3-debugsource-3.6.8-2.el8_0.ppc64le.rpm
python3-libs-3.6.8-2.el8_0.ppc64le.rpm
python3-test-3.6.8-2.el8_0.ppc64le.rpm

s390x:
platform-python-3.6.8-2.el8_0.s390x.rpm
python3-debuginfo-3.6.8-2.el8_0.s390x.rpm
python3-debugsource-3.6.8-2.el8_0.s390x.rpm
python3-libs-3.6.8-2.el8_0.s390x.rpm
python3-test-3.6.8-2.el8_0.s390x.rpm

x86_64:
platform-python-3.6.8-2.el8_0.x86_64.rpm
python3-debuginfo-3.6.8-2.el8_0.i686.rpm
python3-debuginfo-3.6.8-2.el8_0.x86_64.rpm
python3-debugsource-3.6.8-2.el8_0.i686.rpm
python3-debugsource-3.6.8-2.el8_0.x86_64.rpm
python3-libs-3.6.8-2.el8_0.i686.rpm
python3-libs-3.6.8-2.el8_0.x86_64.rpm
python3-test-3.6.8-2.el8_0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-9636
https://access.redhat.com/security/updates/classification/#important
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXNEImNzjgjWX9erEAQgU8RAAghCUpQJMN7dsTNR66di3rmwgmrIVvWIh
d2WNL32GDb8gm9pxdd2TJqVdhZgcj82uPPh7VjFqCYX5SFo6naXjlTko6tIZzMn9
QJ+J8BFvJfeONN/pH6UfSQc94fZVNjiqvVK1QVCZMDD2XRTdHCaF0kTJ0XJFek06
d10e921HtqSOlDzKABei8INoOeOkBberHQWlVxweECdFqwzDfKAgLg6oVSMXnfKu
kQKkKubDGZ1d9Hx7+Sx7wZir1RRRJxuk/I2dRDu5fLReApvl5rUg85bivRDljbIE
KFRIYO4JzkJ1ao5PoiDypQbadZhhu2UByxhVfZ5Vm944/IkVJkxbeg0Syu0YfuyR
RPzLNvS4A1eEJh3No7zq/HqAtwaPnUKNqU9zUXl0B6abGnPebEUu8OKdw+Q6/qNv
Im53C8hPITbJ+PnD3jwJW8RQW/O5cbM54a3Kuqsm+xB+OaucAV2p2aMjFusV4NZC
e4pl7UP9mNkNCSCDF3+gHw7sX53aqVi2CnnVqfKTjSQuL4DoyrLxeD9WF1jxcDth
r3Qb6ZJoxitbLE/oJDpRKN8IiwScjKleUWeXq1ix0u5B2Q88LeXakCmdmOenrEAM
GZBD3xdJ6cy08n5w63RykBRIh6nCus5xVA7DZ5u8X1SZgqH2piIWZw63JQ6pFhAs
+3bKOYo3yHs=
=twmN
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: python27:2.7 security update
Advisory ID: RHSA-2019:0981-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:0981
Issue date: 2019-05-07
CVE Names: CVE-2019-7164 CVE-2019-7548 CVE-2019-9636
=====================================================================

1. Summary:

An update for the python27:2.7 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) – aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming language
that supports modules, classes, exceptions, high-level dynamic data types,
and dynamic typing.

SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible,
high-level interface to SQL databases.

Security Fix(es):

* python: Information Disclosure due to urlsplit improper NFKC
normalization (CVE-2019-9636)

* python-sqlalchemy: SQL Injection when the order_by parameter can be
controlled (CVE-2019-7164)

* python-sqlalchemy: SQL Injection when the group_by parameter can be
controlled (CVE-2019-7548)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1674059 – CVE-2019-7548 python-sqlalchemy: SQL Injection when the group_by parameter can be controlled
1678520 – CVE-2019-7164 python-sqlalchemy: SQL Injection when the order_by parameter can be controlled
1688543 – CVE-2019-9636 python: Information Disclosure due to urlsplit improper NFKC normalization

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
Cython-0.28.1-7.module+el8.0.0+2961+596d0223.src.rpm
PyYAML-3.12-16.module+el8.0.0+2961+596d0223.src.rpm
babel-2.5.1-9.module+el8.0.0+2961+596d0223.src.rpm
numpy-1.14.2-10.module+el8.0.0+2961+596d0223.src.rpm
pytest-3.4.2-13.module+el8.0.0+2961+596d0223.src.rpm
python-PyMySQL-0.8.0-10.module+el8.0.0+2961+596d0223.src.rpm
python-attrs-17.4.0-10.module+el8.0.0+2961+596d0223.src.rpm
python-backports-1.0-15.module+el8.0.0+2961+596d0223.src.rpm
python-backports-ssl_match_hostname-3.5.0.1-11.module+el8.0.0+2961+596d0223.src.rpm
python-chardet-3.0.4-10.module+el8.0.0+2961+596d0223.src.rpm
python-coverage-4.5.1-4.module+el8.0.0+2961+596d0223.src.rpm
python-dns-1.15.0-9.module+el8.0.0+2961+596d0223.src.rpm
python-docs-2.7.15-4.module+el8.0.0+2961+596d0223.src.rpm
python-docutils-0.14-12.module+el8.0.0+2961+596d0223.src.rpm
python-funcsigs-1.0.2-13.module+el8.0.0+2961+596d0223.src.rpm
python-idna-2.5-7.module+el8.0.0+2961+596d0223.src.rpm
python-ipaddress-1.0.18-6.module+el8.0.0+2961+596d0223.src.rpm
python-jinja2-2.10-8.module+el8.0.0+2961+596d0223.src.rpm
python-lxml-4.2.3-3.module+el8.0.0+2961+596d0223.src.rpm
python-markupsafe-0.23-19.module+el8.0.0+2961+596d0223.src.rpm
python-mock-2.0.0-13.module+el8.0.0+2961+596d0223.src.rpm
python-nose-1.3.7-30.module+el8.0.0+2961+596d0223.src.rpm
python-pluggy-0.6.0-8.module+el8.0.0+2961+596d0223.src.rpm
python-psycopg2-2.7.5-7.module+el8.0.0+2961+596d0223.src.rpm
python-py-1.5.3-6.module+el8.0.0+2961+596d0223.src.rpm
python-pygments-2.2.0-20.module+el8.0.0+2961+596d0223.src.rpm
python-pymongo-3.6.1-9.module+el8.0.0+2961+596d0223.src.rpm
python-pysocks-1.6.8-6.module+el8.0.0+2961+596d0223.src.rpm
python-pytest-mock-1.9.0-4.module+el8.0.0+2961+596d0223.src.rpm
python-requests-2.20.0-2.module+el8.0.0+2961+596d0223.src.rpm
python-setuptools_scm-1.15.7-6.module+el8.0.0+2961+596d0223.src.rpm
python-six-1.11.0-5.module+el8.0.0+2961+596d0223.src.rpm
python-sqlalchemy-1.3.2-1.module+el8.0.0+2974+76d21d2e.src.rpm
python-urllib3-1.23-7.module+el8.0.0+2961+596d0223.src.rpm
python-virtualenv-15.1.0-18.module+el8.0.0+2961+596d0223.src.rpm
python-wheel-0.30.0-13.module+el8.0.0+2961+596d0223.src.rpm
python2-2.7.15-22.module+el8.0.0+2961+596d0223.src.rpm
python2-pip-9.0.3-13.module+el8.0.0+2961+596d0223.src.rpm
python2-rpm-macros-3-38.module+el8.0.0+2961+596d0223.src.rpm
python2-setuptools-39.0.1-11.module+el8.0.0+2961+596d0223.src.rpm
pytz-2017.2-12.module+el8.0.0+2961+596d0223.src.rpm
scipy-1.0.0-19.module+el8.0.0+2961+596d0223.src.rpm

aarch64:
python-psycopg2-doc-2.7.5-7.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-2.7.15-22.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-Cython-0.28.1-7.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-backports-1.0-15.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-bson-3.6.1-9.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-bson-debuginfo-3.6.1-9.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-coverage-4.5.1-4.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-debug-2.7.15-22.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-debuginfo-2.7.15-22.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-debugsource-2.7.15-22.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-devel-2.7.15-22.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-libs-2.7.15-22.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-lxml-4.2.3-3.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-markupsafe-0.23-19.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-numpy-1.14.2-10.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-numpy-debuginfo-1.14.2-10.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-numpy-f2py-1.14.2-10.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-psycopg2-2.7.5-7.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-pymongo-3.6.1-9.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-pymongo-debuginfo-3.6.1-9.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-pymongo-gridfs-3.6.1-9.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-pyyaml-3.12-16.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-scipy-1.0.0-19.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-scipy-debuginfo-1.0.0-19.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-sqlalchemy-1.3.2-1.module+el8.0.0+2974+76d21d2e.aarch64.rpm
python2-test-2.7.15-22.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-tkinter-2.7.15-22.module+el8.0.0+2961+596d0223.aarch64.rpm
python2-tools-2.7.15-22.module+el8.0.0+2961+596d0223.aarch64.rpm

noarch:
babel-2.5.1-9.module+el8.0.0+2961+596d0223.noarch.rpm
python-nose-docs-1.3.7-30.module+el8.0.0+2961+596d0223.noarch.rpm
python-sqlalchemy-doc-1.3.2-1.module+el8.0.0+2974+76d21d2e.noarch.rpm
python2-PyMySQL-0.8.0-10.module+el8.0.0+2961+596d0223.noarch.rpm
python2-attrs-17.4.0-10.module+el8.0.0+2961+596d0223.noarch.rpm
python2-babel-2.5.1-9.module+el8.0.0+2961+596d0223.noarch.rpm
python2-backports-ssl_match_hostname-3.5.0.1-11.module+el8.0.0+2961+596d0223.noarch.rpm
python2-chardet-3.0.4-10.module+el8.0.0+2961+596d0223.noarch.rpm
python2-dns-1.15.0-9.module+el8.0.0+2961+596d0223.noarch.rpm
python2-docs-2.7.15-4.module+el8.0.0+2961+596d0223.noarch.rpm
python2-docs-info-2.7.15-4.module+el8.0.0+2961+596d0223.noarch.rpm
python2-docutils-0.14-12.module+el8.0.0+2961+596d0223.noarch.rpm
python2-funcsigs-1.0.2-13.module+el8.0.0+2961+596d0223.noarch.rpm
python2-idna-2.5-7.module+el8.0.0+2961+596d0223.noarch.rpm
python2-ipaddress-1.0.18-6.module+el8.0.0+2961+596d0223.noarch.rpm
python2-jinja2-2.10-8.module+el8.0.0+2961+596d0223.noarch.rpm
python2-mock-2.0.0-13.module+el8.0.0+2961+596d0223.noarch.rpm
python2-nose-1.3.7-30.module+el8.0.0+2961+596d0223.noarch.rpm
python2-numpy-doc-1.14.2-10.module+el8.0.0+2961+596d0223.noarch.rpm
python2-pip-9.0.3-13.module+el8.0.0+2961+596d0223.noarch.rpm
python2-pluggy-0.6.0-8.module+el8.0.0+2961+596d0223.noarch.rpm
python2-py-1.5.3-6.module+el8.0.0+2961+596d0223.noarch.rpm
python2-pygments-2.2.0-20.module+el8.0.0+2961+596d0223.noarch.rpm
python2-pysocks-1.6.8-6.module+el8.0.0+2961+596d0223.noarch.rpm
python2-pytest-3.4.2-13.module+el8.0.0+2961+596d0223.noarch.rpm
python2-pytest-mock-1.9.0-4.module+el8.0.0+2961+596d0223.noarch.rpm
python2-pytz-2017.2-12.module+el8.0.0+2961+596d0223.noarch.rpm
python2-requests-2.20.0-2.module+el8.0.0+2961+596d0223.noarch.rpm
python2-rpm-macros-3-38.module+el8.0.0+2961+596d0223.noarch.rpm
python2-setuptools-39.0.1-11.module+el8.0.0+2961+596d0223.noarch.rpm
python2-setuptools_scm-1.15.7-6.module+el8.0.0+2961+596d0223.noarch.rpm
python2-six-1.11.0-5.module+el8.0.0+2961+596d0223.noarch.rpm
python2-urllib3-1.23-7.module+el8.0.0+2961+596d0223.noarch.rpm
python2-virtualenv-15.1.0-18.module+el8.0.0+2961+596d0223.noarch.rpm
python2-wheel-0.30.0-13.module+el8.0.0+2961+596d0223.noarch.rpm

ppc64le:
python-psycopg2-doc-2.7.5-7.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-2.7.15-22.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-Cython-0.28.1-7.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-backports-1.0-15.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-bson-3.6.1-9.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-bson-debuginfo-3.6.1-9.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-coverage-4.5.1-4.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-debug-2.7.15-22.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-debuginfo-2.7.15-22.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-debugsource-2.7.15-22.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-devel-2.7.15-22.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-libs-2.7.15-22.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-lxml-4.2.3-3.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-markupsafe-0.23-19.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-numpy-1.14.2-10.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-numpy-debuginfo-1.14.2-10.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-numpy-f2py-1.14.2-10.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-psycopg2-2.7.5-7.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-pymongo-3.6.1-9.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-pymongo-debuginfo-3.6.1-9.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-pymongo-gridfs-3.6.1-9.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-pyyaml-3.12-16.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-scipy-1.0.0-19.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-scipy-debuginfo-1.0.0-19.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-sqlalchemy-1.3.2-1.module+el8.0.0+2974+76d21d2e.ppc64le.rpm
python2-test-2.7.15-22.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-tkinter-2.7.15-22.module+el8.0.0+2961+596d0223.ppc64le.rpm
python2-tools-2.7.15-22.module+el8.0.0+2961+596d0223.ppc64le.rpm

s390x:
python-psycopg2-doc-2.7.5-7.module+el8.0.0+2961+596d0223.s390x.rpm
python2-2.7.15-22.module+el8.0.0+2961+596d0223.s390x.rpm
python2-Cython-0.28.1-7.module+el8.0.0+2961+596d0223.s390x.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.0.0+2961+596d0223.s390x.rpm
python2-backports-1.0-15.module+el8.0.0+2961+596d0223.s390x.rpm
python2-bson-3.6.1-9.module+el8.0.0+2961+596d0223.s390x.rpm
python2-bson-debuginfo-3.6.1-9.module+el8.0.0+2961+596d0223.s390x.rpm
python2-coverage-4.5.1-4.module+el8.0.0+2961+596d0223.s390x.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.0.0+2961+596d0223.s390x.rpm
python2-debug-2.7.15-22.module+el8.0.0+2961+596d0223.s390x.rpm
python2-debuginfo-2.7.15-22.module+el8.0.0+2961+596d0223.s390x.rpm
python2-debugsource-2.7.15-22.module+el8.0.0+2961+596d0223.s390x.rpm
python2-devel-2.7.15-22.module+el8.0.0+2961+596d0223.s390x.rpm
python2-libs-2.7.15-22.module+el8.0.0+2961+596d0223.s390x.rpm
python2-lxml-4.2.3-3.module+el8.0.0+2961+596d0223.s390x.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.0.0+2961+596d0223.s390x.rpm
python2-markupsafe-0.23-19.module+el8.0.0+2961+596d0223.s390x.rpm
python2-numpy-1.14.2-10.module+el8.0.0+2961+596d0223.s390x.rpm
python2-numpy-debuginfo-1.14.2-10.module+el8.0.0+2961+596d0223.s390x.rpm
python2-numpy-f2py-1.14.2-10.module+el8.0.0+2961+596d0223.s390x.rpm
python2-psycopg2-2.7.5-7.module+el8.0.0+2961+596d0223.s390x.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.0.0+2961+596d0223.s390x.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.0.0+2961+596d0223.s390x.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.0.0+2961+596d0223.s390x.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.0.0+2961+596d0223.s390x.rpm
python2-pymongo-3.6.1-9.module+el8.0.0+2961+596d0223.s390x.rpm
python2-pymongo-debuginfo-3.6.1-9.module+el8.0.0+2961+596d0223.s390x.rpm
python2-pymongo-gridfs-3.6.1-9.module+el8.0.0+2961+596d0223.s390x.rpm
python2-pyyaml-3.12-16.module+el8.0.0+2961+596d0223.s390x.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.0.0+2961+596d0223.s390x.rpm
python2-scipy-1.0.0-19.module+el8.0.0+2961+596d0223.s390x.rpm
python2-scipy-debuginfo-1.0.0-19.module+el8.0.0+2961+596d0223.s390x.rpm
python2-sqlalchemy-1.3.2-1.module+el8.0.0+2974+76d21d2e.s390x.rpm
python2-test-2.7.15-22.module+el8.0.0+2961+596d0223.s390x.rpm
python2-tkinter-2.7.15-22.module+el8.0.0+2961+596d0223.s390x.rpm
python2-tools-2.7.15-22.module+el8.0.0+2961+596d0223.s390x.rpm

x86_64:
python-psycopg2-doc-2.7.5-7.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-Cython-0.28.1-7.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-Cython-debuginfo-0.28.1-7.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-backports-1.0-15.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-bson-3.6.1-9.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-bson-debuginfo-3.6.1-9.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-coverage-4.5.1-4.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-coverage-debuginfo-4.5.1-4.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-debug-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-debuginfo-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-debugsource-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-devel-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-libs-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-lxml-4.2.3-3.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-lxml-debuginfo-4.2.3-3.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-markupsafe-0.23-19.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-numpy-1.14.2-10.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-numpy-debuginfo-1.14.2-10.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-numpy-f2py-1.14.2-10.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-psycopg2-2.7.5-7.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-psycopg2-debug-2.7.5-7.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-psycopg2-debug-debuginfo-2.7.5-7.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-psycopg2-debuginfo-2.7.5-7.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-psycopg2-tests-2.7.5-7.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-pymongo-3.6.1-9.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-pymongo-debuginfo-3.6.1-9.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-pymongo-gridfs-3.6.1-9.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-pyyaml-3.12-16.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-pyyaml-debuginfo-3.12-16.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-scipy-1.0.0-19.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-scipy-debuginfo-1.0.0-19.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-sqlalchemy-1.3.2-1.module+el8.0.0+2974+76d21d2e.x86_64.rpm
python2-test-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-tkinter-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64.rpm
python2-tools-2.7.15-22.module+el8.0.0+2961+596d0223.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-7164
https://access.redhat.com/security/cve/CVE-2019-7548
https://access.redhat.com/security/cve/CVE-2019-9636
https://access.redhat.com/security/updates/classification/#important
https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc.
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIVAwUBXNEIedzjgjWX9erEAQgSPQ/7BFD2+dSvttAc6C7LlDcuWTW5BHqGlHG5
lgAaJriYrsteqrjp0mqkaI/+6kgbF4v/nbf0Ss1gmKvVIz9hKwZcNbfe1hTkuHbr
WTKg7mpkULE9C+ZaF0D4y8K6b5nufWZLeVbtxVtE+0xC/ozxesxv2XdD98os8deL
0nT6N1AfVDY9QtrMuMQ+2Gvjqso7ETY0iHqRka34SI/fVQ/VFVewrdcRIe7wFiTo
FQIkuQAhO5k9fJjlaxy1bcUkcm+Nrpu4PG3Td/kpsvuOarICj5fgcqSJ/UenwGo0
KmNY3ze8lTNoIDvshbSFfeplhrdB/ws0QmKc+/1irUEFOoi3IuSgViPucYc4P0sp
KvjWpgOCemKJnE2FMwwiMcNbQHn9fY9BbSczSKO4pZQPxutFcsR/zNP62+sh9cIm
hYJD1uRVCyh+I8Gar0h2eefhYtd9CESQNunAA41ZKVpY2NFToCDawi5mW+RAUnfz
zrfIs4ydoVi7CqpCCmq3927fXRs3XZ4cLZBavtyWJimM1y8/ItOJwUk6AWIEi/sN
4uQo4KQMJqsN6TtZsLc5Ho37afykfytKdrw5w5T3cM9eBuU44mf80qpDELKJxqKW
cGMDWrlcKcAriYrMaWqh0MrYbe/aymAFOwybrt9dYn1f9wKAz/2gqnLdNP7g/tKk
/J0xuJHQG7M=
=pTYb
—–END PGP SIGNATURE—–


RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa ghostscript

Otkriveni su sigurnosni nedostaci u programskom paketu ghostscript za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju zaobilaženje sigurnosnih ograničenja....

Close