python-reportlab-2.5-9.el7.1
エラータID: AXSA:2020-4448:02
Release date:
Tuesday, February 11, 2020 - 12:59
Subject:
python-reportlab-2.5-9.el7.1
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
Python-reportlab is a library used for generation of PDF documents.
Security Fix(es):
* python-reportlab: code injection in colors.py allows attacker to execute code (CVE-2019-17626)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
Solution:
Update packages.
CVEs:
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '
Additional Info:
N/A
Download:
SRPMS
- python-reportlab-2.5-9.el7.1.src.rpm
MD5: 3d243c51ef58502fdf22af7aba46cafd
SHA-256: 1bfdc8417066e52769434b7b4a925600283a7faad19d5ca0a1e40bdbea9e1dec
Size: 1.83 MB
Asianux Server 7 for x86_64
- python-reportlab-2.5-9.el7.1.x86_64.rpm
MD5: ec5c09e20889eb6c4294061208d84e4b
SHA-256: ff18581481e3200d001b2e21e5a119db48d9bb855a339c3eaf21319d2246349d
Size: 1.15 MB