{"schema_version": "1.7.0", "id": "RLSA-2024:2987", "modified": "2025-05-07T19:15:03.640685Z", "published": "2025-05-07T19:11:47.341314Z", "upstream": ["CVE-2022-40897", "CVE-2022-48560", "CVE-2022-48565", "CVE-2023-43804", "CVE-2024-22195"], "summary": "Moderate: python27:2.7 security update", "details": "Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL.\n\nSecurity Fix(es):\n\n* pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py (CVE-2022-40897)\n\n* python: use after free in heappushpop() of heapq module (CVE-2022-48560)\n\n* python: XML External Entity in XML processing plistlib module (CVE-2022-48565)\n\n* python-urllib3: Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)\n\n* jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section.", "severity": [{"type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}], "affected": [{"package": {"ecosystem": "Rocky Linux:8", "name": "babel", "purl": "pkg:rpm/rocky-linux/babel?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.5.1-10.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "Cython", "purl": "pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.28.1-7.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "numpy", "purl": "pkg:rpm/rocky-linux/numpy?distro=rocky-linux-8&epoch=1"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "1:1.14.2-16.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "pytest", "purl": "pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:3.4.2-13.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python2", "purl": "pkg:rpm/rocky-linux/python2?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.7.18-17.module+el8.10.0+1813+4b021305.rocky.0.2"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python2-pip", "purl": "pkg:rpm/rocky-linux/python2-pip?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:9.0.3-19.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python2-rpm-macros", "purl": "pkg:rpm/rocky-linux/python2-rpm-macros?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:3-38.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python2-setuptools", "purl": "pkg:rpm/rocky-linux/python2-setuptools?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:39.0.1-14.module+el8.10.0+1813+4b021305"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python2-six", "purl": "pkg:rpm/rocky-linux/python2-six?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.11.0-6.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-attrs", "purl": "pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:17.4.0-10.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-backports", "purl": "pkg:rpm/rocky-linux/python-backports?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.0-16.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-backports-ssl_match_hostname", "purl": "pkg:rpm/rocky-linux/python-backports-ssl_match_hostname?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:3.5.0.1-12.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-chardet", "purl": "pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:3.0.4-10.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-coverage", "purl": "pkg:rpm/rocky-linux/python-coverage?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:4.5.1-5.module+el8.10.0+1817+0b01df83"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-dns", "purl": "pkg:rpm/rocky-linux/python-dns?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.15.0-10.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-docs", "purl": "pkg:rpm/rocky-linux/python-docs?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.7.16-2.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-docutils", "purl": "pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.14-12.module+el8.10.0+1592+61442852"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-docutils", "purl": "pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.14-12.module+el8.10.0+1910+234ad790"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-docutils", "purl": "pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.14-12.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-funcsigs", "purl": "pkg:rpm/rocky-linux/python-funcsigs?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.0.2-13.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-idna", "purl": "pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.5-7.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-ipaddress", "purl": "pkg:rpm/rocky-linux/python-ipaddress?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.0.18-6.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-jinja2", "purl": "pkg:rpm/rocky-linux/python-jinja2?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.10-10.module+el8.10.0+1813+4b021305"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-lxml", "purl": "pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:4.2.3-6.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-markupsafe", "purl": "pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.23-19.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-mock", "purl": "pkg:rpm/rocky-linux/python-mock?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.0.0-13.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-nose", "purl": "pkg:rpm/rocky-linux/python-nose?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.3.7-31.module+el8.10.0+1592+61442852"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-nose", "purl": "pkg:rpm/rocky-linux/python-nose?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.3.7-31.module+el8.10.0+1910+234ad790"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-nose", "purl": "pkg:rpm/rocky-linux/python-nose?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.3.7-31.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-pluggy", "purl": "pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.6.0-8.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-psycopg2", "purl": "pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.7.5-8.module+el8.10.0+1817+0b01df83"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-py", "purl": "pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.5.3-6.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-pygments", "purl": "pkg:rpm/rocky-linux/python-pygments?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.2.0-22.module+el8.10.0+1592+61442852"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-pygments", "purl": "pkg:rpm/rocky-linux/python-pygments?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.2.0-22.module+el8.10.0+1910+234ad790"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-pygments", "purl": "pkg:rpm/rocky-linux/python-pygments?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.2.0-22.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-pymongo", "purl": "pkg:rpm/rocky-linux/python-pymongo?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:3.7.0-1.module+el8.10.0+1592+61442852"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-pymongo", "purl": "pkg:rpm/rocky-linux/python-pymongo?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:3.7.0-1.module+el8.10.0+1910+234ad790"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-pymongo", "purl": "pkg:rpm/rocky-linux/python-pymongo?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:3.7.0-1.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-PyMySQL", "purl": "pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:0.8.0-10.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-pysocks", "purl": "pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.6.8-6.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-pytest-mock", "purl": "pkg:rpm/rocky-linux/python-pytest-mock?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.9.0-4.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-requests", "purl": "pkg:rpm/rocky-linux/python-requests?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2.20.0-4.module+el8.10.0+1817+0b01df83"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-setuptools_scm", "purl": "pkg:rpm/rocky-linux/python-setuptools_scm?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.15.7-6.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-sqlalchemy", "purl": "pkg:rpm/rocky-linux/python-sqlalchemy?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.3.2-2.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-urllib3", "purl": "pkg:rpm/rocky-linux/python-urllib3?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.24.2-4.module+el8.10.0+1813+4b021305"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-virtualenv", "purl": "pkg:rpm/rocky-linux/python-virtualenv?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:15.1.0-22.module+el8.10.0+1592+61442852"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-wheel", "purl": "pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8&epoch=1"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "1:0.31.1-3.module+el8.10.0+1592+61442852"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-wheel", "purl": "pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8&epoch=1"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "1:0.31.1-3.module+el8.10.0+1910+234ad790"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "python-wheel", "purl": "pkg:rpm/rocky-linux/python-wheel?distro=rocky-linux-8&epoch=1"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "1:0.31.1-3.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "pytz", "purl": "pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:2017.2-13.module+el8.10.0+1817+0b01df83"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "PyYAML", "purl": "pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:3.12-16.module+el8.9.0+1531+a18208f5"}], "database_specific": {"yum_repository": "AppStream"}}]}, {"package": {"ecosystem": "Rocky Linux:8", "name": "scipy", "purl": "pkg:rpm/rocky-linux/scipy?distro=rocky-linux-8&epoch=0"}, "ranges": [{"type": "ECOSYSTEM", "events": [{"introduced": "0"}, {"fixed": "0:1.0.0-22.module+el8.10.0+1817+0b01df83"}], "database_specific": {"yum_repository": "AppStream"}}]}], "references": [{"type": "ADVISORY", "url": "https://errata.rockylinux.org/RLSA-2024:2987"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158559"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240059"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242493"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249755"}, {"type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257854"}], "credits": [{"name": "Rocky Enterprise Software Foundation"}, {"name": "Red Hat"}]}