python36:3.6 security and bug fix update

エラータID: AXSA:2021-2854:01

Release date: 
Thursday, December 23, 2021 - 08:10
Subject: 
python36:3.6 security and bug fix update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270)
* python-pygments: ReDoS in multiple lexers (CVE-2021-27291)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

Update package version to,
python36-3.6.8-38.module+el8.5.0+12207+5c5719bc.src.rpm
python-distro-1.4.0-2.module+el8.1.0+3334+5cb623d7.src.rpm
python-docs-3.6.7-2.module+el8.1.0+3334+5cb623d7.src.rpm
python-docutils-0.14-12.module+el8.1.0+3334+5cb623d7.src.rpm
python-nose-1.3.7-31.module+el8.5.0+12207+5c5719bc.src.rpm
python-pygments-2.2.0-22.module+el8.5.0+10789+e4939b94.src.rpm
python-pymongo-3.7.0-1.module+el8.4.0+9670+1849b5f9.src.rpm
python-PyMySQL-0.10.1-2.module+el8.4.0+9657+a4b6a102.src.rpm
python-sqlalchemy-1.3.2-2.module+el8.3.0+6646+6b4b10ec.src.rpm
python-virtualenv-15.1.0-21.module+el8.5.0+12207+5c5719bc.src.rpm
python-wheel-0.31.1-3.module+el8.5.0+12207+5c5719bc.src.rpm
scipy-1.0.0-21.module+el8.5.0+10916+41bd434d.src.rpm

CVE-2021-20270
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
CVE-2021-27291
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

Modularity name: python36
Stream name: 3.6

Solution: 

Update packages.

CVEs: 
CVE-2021-20270
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
CVE-2021-27291
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Additional Info: 

N/A

Download: 

SRPMS
  1. python36-3.6.8-38.module+el8+1348+7e0161ba.src.rpm
    MD5: 5278ec144b0ee112709256dbb1551f8f
    SHA-256: e838ce09808fe9932e775827258c004ec69c10880ab1c22e150241d16926722c
    Size: 17.79 kB
  2. python-distro-1.4.0-2.module+el8+1348+7e0161ba.src.rpm
    MD5: 353031dddf7445110a3f3312347a8b66
    SHA-256: 5f377cf56383761b4d31a697b206be61443082e2b4d8c43b1d5dc20e744561d5
    Size: 62.98 kB
  3. python-docs-3.6.7-2.module+el8+1348+7e0161ba.src.rpm
    MD5: 7e49f8a926db877af635cfa160f5bc6f
    SHA-256: 9d8c31f9f2e37f8784c4cabac272abac9b9f6cc7a17a59fa83d5a1cfe7203efd
    Size: 17.98 MB
  4. python-docutils-0.14-12.module+el8+1348+7e0161ba.src.rpm
    MD5: d16cc337598d549f64aa482411d7fa58
    SHA-256: e874f24ea9fb9c70bbaf5e7e7a32f7508af214ccf3ab5def77de85f56810b049
    Size: 1.67 MB
  5. python-nose-1.3.7-31.module+el8+1348+7e0161ba.src.rpm
    MD5: 6e9ba47f8b8e89ef55f2d88509f50378
    SHA-256: aad0a118592411f8e83a5dad498851ea5548aa030c9a0526d06a4d7032b7120c
    Size: 299.03 kB
  6. python-pygments-2.2.0-22.module+el8+1348+7e0161ba.src.rpm
    MD5: dc0643ec81531129e23e4f06e0922e4a
    SHA-256: ea92859763ae2e5326482e954bc85dcb18f266f64e2bb1a57f0798fbee58b44b
    Size: 2.04 MB
  7. python-pymongo-3.7.0-1.module+el8+1348+7e0161ba.src.rpm
    MD5: e8a1602aaf4ab292a79376998a044ed9
    SHA-256: a8c7ff40eb4e359b2274d69c00659d9c9588ee424e5221e5553f2fa3cb892141
    Size: 714.30 kB
  8. python-PyMySQL-0.10.1-2.module+el8+1348+7e0161ba.src.rpm
    MD5: 74a57e831f7082e027e274a486f4c498
    SHA-256: 4dab3d37379c17626f847cf2df5874ccd3c110b23be63e20333a36b300d242e9
    Size: 88.86 kB
  9. python-sqlalchemy-1.3.2-2.module+el8+1348+7e0161ba.src.rpm
    MD5: def7e7bf0d1559603b5ab2d14fa5c6a0
    SHA-256: f5355f3e9d17fcbe71c367b733dcaee9f940b349874b1476deedc312552cf5a9
    Size: 5.60 MB
  10. python-virtualenv-15.1.0-21.module+el8+1348+7e0161ba.src.rpm
    MD5: 63eb9752e31928f033443e297c7b8d59
    SHA-256: 7f4857482d1f0f3d39345a67b91510820be7f50aa1a7c11d47283aa8d55241b8
    Size: 1.80 MB
  11. python-wheel-0.31.1-3.module+el8+1348+7e0161ba.src.rpm
    MD5: dd3b2a5bd224c2ec7b7092b7987659c0
    SHA-256: 688bc8d7b4c29b1f9f14f825c779f8160205b7f87961210336a9f645889052ec
    Size: 88.63 kB
  12. scipy-1.0.0-21.module+el8+1348+7e0161ba.src.rpm
    MD5: d6ff23aacae72d4785744e83d1e958e1
    SHA-256: 076cc1a4039ebec934912d87e57538b9ea9b9bcce42b88e62cc51f23eb018eb8
    Size: 8.95 MB

Asianux Server 8 for x86_64
  1. python36-3.6.8-38.module+el8+1348+7e0161ba.x86_64.rpm
    MD5: a2ac7ee3c3648a6c804abde125474f6a
    SHA-256: cecdbba6d3cab7a63b85b426721eb28766ea203bf0b93df25835de58b72e1181
    Size: 18.17 kB
  2. python36-debug-3.6.8-38.module+el8+1348+7e0161ba.x86_64.rpm
    MD5: 26cf2be114f08dffdacee123be6baa55
    SHA-256: e8fecba232cbc6280dc232f63617c701ae415fd355fc00aad8a6aac377ebcf93
    Size: 16.42 kB
  3. python36-devel-3.6.8-38.module+el8+1348+7e0161ba.x86_64.rpm
    MD5: eb7f760efcca5c3da5fc9810fd00dd3b
    SHA-256: 2df8de6604c857809354433ffd1138574863bf78ab9a8510a5a54439103b6eaa
    Size: 15.31 kB
  4. python36-rpm-macros-3.6.8-38.module+el8+1348+7e0161ba.noarch.rpm
    MD5: 52b16b8ec43e7076dfb93e4a7c4e2884
    SHA-256: 2fb29df8619dc46ce243be80461179595d7c901a551942657df5d7c918d5f777
    Size: 14.41 kB
  5. python3-distro-1.4.0-2.module+el8+1348+7e0161ba.noarch.rpm
    MD5: 7f7e28deb7091f3a98b008c37796698f
    SHA-256: 57bbf505a34fd43428180cb08e3ea4eb6473f830b3d07651c9f5f2873bf141d5
    Size: 35.99 kB
  6. python3-docs-3.6.7-2.module+el8+1348+7e0161ba.noarch.rpm
    MD5: 72f08f30f805e0a4181a4915053fcf20
    SHA-256: aa648c869ae71a55d50b1ed78057830972b9bd31ed711cf9d0d0f0661615eb52
    Size: 6.88 MB
  7. python3-docutils-0.14-12.module+el8+1348+7e0161ba.noarch.rpm
    MD5: bf77403b9d4cb1b59ccdd170500aedcd
    SHA-256: a2f8c12705f8d5393cb2fda428837252e3837c9b3e53eb585ad0bd4e96499a8e
    Size: 1.60 MB
  8. python-nose-docs-1.3.7-31.module+el8+1348+7e0161ba.noarch.rpm
    MD5: 0bce83a4779d9c6736e4a343640d235f
    SHA-256: 3a19e42d3f65e649007aabe1802c12196df0618f130c8c741544becef8f3a6e8
    Size: 46.60 kB
  9. python3-nose-1.3.7-31.module+el8+1348+7e0161ba.noarch.rpm
    MD5: d73fbec76760e7ea0e7747e6112ad930
    SHA-256: 31805df5e91f8ad8551905f3df40b8b88140deea2b5ebd41fc516d562add494d
    Size: 269.26 kB
  10. python3-pygments-2.2.0-22.module+el8+1348+7e0161ba.noarch.rpm
    MD5: b49053d7d987f15f29eb6a1856a8dee6
    SHA-256: 592e2fe99f95a3f88b7ae1db468989beaccde431a22b727327d6275ee26e91d8
    Size: 1.89 MB
  11. python-pymongo-debugsource-3.7.0-1.module+el8+1348+7e0161ba.x86_64.rpm
    MD5: 5ad8e1e69db93efe29e329cccf3c2edd
    SHA-256: 2e11a6bd8bbd0d5049958656136c43b348fd2c37b84a5b0914e4a55c588baa00
    Size: 48.35 kB
  12. python-pymongo-doc-3.7.0-1.module+el8+1348+7e0161ba.noarch.rpm
    MD5: 3189468ee8bdda9455d8197d49d6b06c
    SHA-256: ba94f4ad67f75d916ea7a4dfee83f559d7c9896187ab71e5c0900279b04aa630
    Size: 504.57 kB
  13. python3-bson-3.7.0-1.module+el8+1348+7e0161ba.x86_64.rpm
    MD5: bb9a19ff409120e2bcce61b538e38241
    SHA-256: 63c0a608b8ad39309b2ef4794ef0cd0d5d8e23382b665fd4e7d3f057c6249892
    Size: 107.14 kB
  14. python3-pymongo-3.7.0-1.module+el8+1348+7e0161ba.x86_64.rpm
    MD5: bcd727f4b87caa421d9caab09a96993b
    SHA-256: a0485fc3bf13ff7418badf3360d8b91f9bc6664cda92985775f4321791ab2371
    Size: 332.20 kB
  15. python3-pymongo-gridfs-3.7.0-1.module+el8+1348+7e0161ba.x86_64.rpm
    MD5: 6b43fa9caf9cbb9763bdaff9b2a02fca
    SHA-256: 5316f494d6e444ac95f6de4eae6d6f8aa061e8ed6fa64416e924c0feced75c3d
    Size: 44.56 kB
  16. python3-PyMySQL-0.10.1-2.module+el8+1348+7e0161ba.noarch.rpm
    MD5: d254e12f580fa6c1c82d6232f4dc67c6
    SHA-256: 0920e8471484029640318fab4a5782001dde300abbbe05280843b330e2cbf3b6
    Size: 96.33 kB
  17. python-sqlalchemy-doc-1.3.2-2.module+el8+1348+7e0161ba.noarch.rpm
    MD5: 0ca8ed93ae29b65ac863b0af736746d9
    SHA-256: 0df5f394e3eac6cdc2f5e0ae6a830414cb7f74bdc33cabe921f9d6627ad5ef30
    Size: 2.10 MB
  18. python3-sqlalchemy-1.3.2-2.module+el8+1348+7e0161ba.x86_64.rpm
    MD5: 56efee5def80d4a9a2f8fe97b00bee06
    SHA-256: 10aef42ec554c30f7594fee3a971d8ddec9a1396cc68a14ac497ed2e07dbb802
    Size: 1.88 MB
  19. python-virtualenv-doc-15.1.0-21.module+el8+1348+7e0161ba.noarch.rpm
    MD5: 46a5936cf2faca21af95542c153f40ee
    SHA-256: a66ae72a700a5083b43aad8df2a8b0fac653e8d7e3cbf2d0ca22d88146b5b1be
    Size: 1.62 MB
  20. python3-virtualenv-15.1.0-21.module+el8+1348+7e0161ba.noarch.rpm
    MD5: ffcf62776520976da67dd8f92fff89e3
    SHA-256: 8e12609327a1c17407194ffd956c2a5657d3ace686f230fc53b982f5b0265ab1
    Size: 99.75 kB
  21. python3-wheel-0.31.1-3.module+el8+1348+7e0161ba.noarch.rpm
    MD5: 56fe9e8a0aecc7796d75baf8eaa428e7
    SHA-256: ea9527c9bbd965f4a2a49844507509639b8fdaff3bb7049a01cb0cc363ca8bad
    Size: 67.20 kB
  22. python3-wheel-wheel-0.31.1-3.module+el8+1348+7e0161ba.noarch.rpm
    MD5: 70e845631db094eab65e3653037f2537
    SHA-256: d4a4f0a27a2dd7ed001bd13572d7f106895f69e0166cb0ff80d01a7939aa3b61
    Size: 43.35 kB
  23. python3-scipy-1.0.0-21.module+el8+1348+7e0161ba.x86_64.rpm
    MD5: ec13fd698b0fafa86ff129fec023fdc1
    SHA-256: 577764afa08a647cf8591e657bab239257f8e181ccb6cc9a5135b310c8664935
    Size: 13.70 MB
  24. scipy-debugsource-1.0.0-21.module+el8+1348+7e0161ba.x86_64.rpm
    MD5: f5695ddf1f50a6e8da7b7bd4c1403eac
    SHA-256: fc2e23e83bacab14601daa076ed6e3ad335cc716ae9bd48c0d309af10286d9f6
    Size: 3.70 MB