python-lxml-4.2.3-4.el8
エラータID: AXSA:2022-3370:01
リリース日:
2022/07/04 Monday - 12:18
題名:
python-lxml-4.2.3-4.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- python の lxml ライブラリの HTML クリーナーには、攻撃者が
データ URI を利用して SVG 画像ファイル内に埋め込んだ
細工されたスクリプトを削除できない問題に起因して、
スクリプトの実行が可能となる脆弱性があります。(CVE-2021-43818)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
追加情報:
N/A
ダウンロード:
SRPMS
- python-lxml-4.2.3-4.el8.src.rpm
MD5: 8767e8dc3c9fad235f5409719262463d
SHA-256: a518ec8d0de7bc5ddb9d9e1f03f79dcb4da82831f4ab45f7643fae36c0ca25a2
Size: 4.28 MB
Asianux Server 8 for x86_64
- python3-lxml-4.2.3-4.el8.x86_64.rpm
MD5: 621095368fbcb731d3d834562f7aa6f5
SHA-256: c5d211d73e064a05082f97de1894b561332f2d68626c6c1c1c874fa2b8eeb90c
Size: 1.50 MB