rh-python38-python-psutil-5.6.4-5.el7, rh-python38-python-urllib3-1.25.7-6.el7
エラータID: AXSA:2021-1435:01
Python is an interpreted, interactive, object-oriented programming language,
which includes modules, classes, exceptions, very high level dynamic data types
and dynamic typing. Python supports interfaces to many system calls and
libraries, as well as to various windowing systems.
Security Fix(es):
* python-psutil: double free because of refcount mishandling (CVE-2019-18874)
* python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE-2019-18874
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs
because of refcount mishandling within a while or for loop that converts system
data into a Python object.
CVE-2020-26137
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP
request method, as demonstrated by inserting CR and LF control characters in the
first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
Update packages.
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
N/A
SRPMS
- rh-python38-python-psutil-5.6.4-5.el7.src.rpm
MD5: 2a9d6eea5a3b10560996b13e17223bbb
SHA-256: b95d03e089af1f05f3d358f89c1b37577d60da6f656fe5c81d87dfac2ea410b3
Size: 1.86 MB - rh-python38-python-urllib3-1.25.7-6.el7.src.rpm
MD5: 050470a578163968e545479c2c16ac2b
SHA-256: 503b9cffcd122368591472d90da51d5d4d3b5db4428c991e706c0e011b195255
Size: 248.46 kB
Asianux Server 7 for x86_64
- rh-python38-python-psutil-5.6.4-5.el7.x86_64.rpm
MD5: 5ea090d1a4882d990e927ac3f9127cfa
SHA-256: 74efddd79e076c7f2587d91a737cef7b1f58b433fd49b41b7929003184467a34
Size: 406.79 kB - rh-python38-python-urllib3-1.25.7-6.el7.noarch.rpm
MD5: 18fcd630b88e80cb3695af4d6dc3ab66
SHA-256: 3cecbb422eb86a46af423315514a823686dc13ed95aaed5559662a52398af3a4
Size: 189.91 kB