python-lxml-3.2.1-4.0.1.el7.AXS7

エラータID: AXSA:2024-8989:01

Release date: 
Wednesday, November 13, 2024 - 15:52
Subject: 
python-lxml-3.2.1-4.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

lxml provides a Python binding to the libxslt and libxml2 libraries. It follows
the ElementTree API as much as possible in order to provide a more Pythonic
interface to libxml2 and libxslt than the default bindings. In particular, lxml
deals with Python Unicode strings rather than encoded UTF-8 and handles memory
management automatically, unlike the default bindings.

Security Fix(es):

* CVE-2021-43818: prevent certain crafted script content passing through in HTML
Cleaner

CVE(s):
CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.

Solution: 

Update packages.

CVEs: 
CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. python-lxml-3.2.1-4.0.1.el7.AXS7.x86_64.rpm
    MD5: 50165910894d130d9ee9a8e114fed00d
    SHA-256: 9b66158a5271397b25d33989fd3bb8b84f26df1ad9f5d1a039cd7eec2d54a216
    Size: 757.58 kB