python-lxml-4.2.3-4.el8
エラータID: AXSA:2022-3370:01
lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API.
Security Fix(es):
* python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 8.6 Release Notes linked from the References section.
CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
Update packages.
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
N/A
SRPMS
- python-lxml-4.2.3-4.el8.src.rpm
MD5: 8767e8dc3c9fad235f5409719262463d
SHA-256: a518ec8d0de7bc5ddb9d9e1f03f79dcb4da82831f4ab45f7643fae36c0ca25a2
Size: 4.28 MB
Asianux Server 8 for x86_64
- python3-lxml-4.2.3-4.el8.x86_64.rpm
MD5: 621095368fbcb731d3d834562f7aa6f5
SHA-256: c5d211d73e064a05082f97de1894b561332f2d68626c6c1c1c874fa2b8eeb90c
Size: 1.50 MB