Sign-up

ID

VAR-202109-1966


CVE

CVE-2021-3733


TITLE

Python Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202109-1139

DESCRIPTION

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. Python is an open source, object-oriented programming language developed by the Python Foundation. The language is scalable, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python due to a failure in the product to properly handle RCFS. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: python3.5 For Ubuntu 16.04 ESM. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python38:3.8 and python38-devel:3.8 security update Advisory ID: RHSA-2022:1764-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1764 Issue date: 2022-05-10 CVE Names: CVE-2021-3733 CVE-2021-3737 CVE-2021-43818 CVE-2022-0391 ===================================================================== 1. Summary: An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - noarch Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packages have been upgraded to a later upstream version: python38 (3.8), python38-devel (3.8). (BZ#1997680, BZ#1997860) Security Fix(es): * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) * python: urllib.parse does not sanitize URLs containing ASCII newline and tabs (CVE-2022-0391) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1995162 - CVE-2021-3737 python: urllib: HTTP client possible infinite loop on a 100 Continue response 1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler 2004587 - Update the python interpreter to the latest security release 3.8.12 2006789 - RHEL 8 Python 3.8: pip contains bundled pre-built exe files in site-packages/pip/_vendor/distlib/ 2032569 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through 2047376 - CVE-2022-0391 python: urllib.parse does not sanitize URLs containing ASCII newline and tabs 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.src.rpm PyYAML-5.4.1-1.module+el8.5.0+10721+14d8e0d5.src.rpm babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.src.rpm mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.src.rpm numpy-1.17.3-6.module+el8.5.0+12205+a865257a.src.rpm python-PyMySQL-0.10.1-1.module+el8.4.0+9692+8e86ab84.src.rpm python-asn1crypto-1.2.0-3.module+el8.4.0+8888+89bc7e79.src.rpm python-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.src.rpm python-chardet-3.0.4-19.module+el8.4.0+8888+89bc7e79.src.rpm python-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.src.rpm python-idna-2.8-6.module+el8.4.0+8888+89bc7e79.src.rpm python-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.src.rpm python-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.src.rpm python-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.src.rpm python-ply-3.11-10.module+el8.4.0+9579+e9717e18.src.rpm python-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.src.rpm python-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.src.rpm python-pycparser-2.19-3.module+el8.4.0+8888+89bc7e79.src.rpm python-pysocks-1.7.1-4.module+el8.4.0+8888+89bc7e79.src.rpm python-requests-2.22.0-9.module+el8.4.0+8888+89bc7e79.src.rpm python-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.src.rpm python-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.src.rpm python38-3.8.12-1.module+el8.6.0+12642+c3710b74.src.rpm python3x-pip-19.3.1-5.module+el8.6.0+13002+70cfc74a.src.rpm python3x-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a.src.rpm python3x-six-1.12.0-10.module+el8.4.0+8888+89bc7e79.src.rpm pytz-2019.3-3.module+el8.4.0+8888+89bc7e79.src.rpm scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.src.rpm aarch64: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm noarch: python38-PyMySQL-0.10.1-1.module+el8.4.0+9692+8e86ab84.noarch.rpm python38-asn1crypto-1.2.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.noarch.rpm python38-chardet-3.0.4-19.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-idna-2.8-6.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.noarch.rpm python38-numpy-doc-1.17.3-6.module+el8.5.0+12205+a865257a.noarch.rpm python38-pip-19.3.1-5.module+el8.6.0+13002+70cfc74a.noarch.rpm python38-pip-wheel-19.3.1-5.module+el8.6.0+13002+70cfc74a.noarch.rpm python38-ply-3.11-10.module+el8.4.0+9579+e9717e18.noarch.rpm python38-pycparser-2.19-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pysocks-1.7.1-4.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pytz-2019.3-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-requests-2.22.0-9.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-rpm-macros-3.8.12-1.module+el8.6.0+12642+c3710b74.noarch.rpm python38-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a.noarch.rpm python38-setuptools-wheel-41.6.0-5.module+el8.5.0+12205+a865257a.noarch.rpm python38-six-1.12.0-10.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.noarch.rpm python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm python38-wheel-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm ppc64le: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm s390x: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm x86_64: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): Source: pytest-4.6.6-3.module+el8.4.0+8888+89bc7e79.src.rpm python-atomicwrites-1.3.0-8.module+el8.4.0+8888+89bc7e79.src.rpm python-attrs-19.3.0-3.module+el8.4.0+8888+89bc7e79.src.rpm python-more-itertools-7.2.0-5.module+el8.4.0+8888+89bc7e79.src.rpm python-packaging-19.2-3.module+el8.4.0+8888+89bc7e79.src.rpm python-pluggy-0.13.0-3.module+el8.4.0+8888+89bc7e79.src.rpm python-py-1.8.0-8.module+el8.4.0+8888+89bc7e79.src.rpm python-wcwidth-0.1.7-16.module+el8.4.0+8888+89bc7e79.src.rpm python3x-pyparsing-2.4.5-3.module+el8.4.0+8888+89bc7e79.src.rpm noarch: python38-atomicwrites-1.3.0-8.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-attrs-19.3.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-more-itertools-7.2.0-5.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-packaging-19.2-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pluggy-0.13.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-py-1.8.0-8.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pyparsing-2.4.5-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pytest-4.6.6-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-wcwidth-0.1.7-16.module+el8.4.0+8888+89bc7e79.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-43818 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnqQbtzjgjWX9erEAQgnnBAAim+GuSrydBbxi0s4w6LR+l5XTnTzDmkl Zq12+m7sT8mq0veWvias08iivuoOeN0ibSMx5yymrD0RJe+kS1PbJ9xyfDAaDiN9 K6wOPJhvVuzDJRgrkuI80ABZR9MLQCb8Csb/RepkkGtko/kGRzRnIqe7q53LNi8z 5o6eSrC1+96J1J+CmB8jAUeZPwFeX9B3bq2Fc20I9uhgg3H9lT0dD0ovc4G/u+/3 oRbJLpQdg9zBweMIfxiilHyeaOYLuok8bQ2OU0fglZVasX4pb6R4NLg99fAbbhpe WX/oZel5cwo9CvkdD8v4CDUqT8I0xlOpOoemd4Mwg/yo8ITTt16lWNxxkY0kPH6K oj6hvkv/akPO+CTFqHqKOvrUKvbmyFhtehic+7RkWcPNpKrXtHihcuyScWRkxG5J mCev5DDmvw7rGoYiDl7gPEzBm6b/xxROMYtwfONiDaphmbQm9eimdJ5sYJ4+Zfu2 0aqPoJ1ARZUNlhuYTW2sa9yoE1v8RIHtppCmgblEEGNv/Nh5pFiDktfaOLbF4X37 D+dQfyiICf3FHo6LzGIY4B6w3T7FtezMOZSThzwYnq5I1qexlyL/Ug9TwHtA6ez+ 0OwkzfjbktW7lzRvij47/YIl2LvOteQutYa8xbiADZVSPkYNAnh0B7EZ/+reGra6 CNbxA3ArPQc= =3Ugn -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1912487 - CVE-2020-26247 rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema 5. JIRA issues fixed (https://issues.jboss.org/): THREESCALE-6868 - [3scale][2.11][LO-prio] Improve select default Application plan THREESCALE-6879 - [3scale][2.11][HI-prio] Add 'Create new Application' flow to Product > Applications index THREESCALE-7030 - Address scalability in 'Create new Application' form THREESCALE-7203 - Fix Zync resync command in 5.6.9. Creating equivalent Zync routes THREESCALE-7475 - Some api calls result in "Destroying user session" THREESCALE-7488 - Ability to add external Lua dependencies for custom policies THREESCALE-7573 - Enable proxy environment variables via the APICAST CRD THREESCALE-7605 - type change of "policies_config" in /admin/api/services/{service_id}/proxy.json THREESCALE-7633 - Signup form in developer portal is disabled for users authenticted via external SSO THREESCALE-7644 - Metrics: Service for 3scale operator is missing THREESCALE-7646 - Cleanup/refactor Products and Backends index logic THREESCALE-7648 - Remove "#context-menu" from the url THREESCALE-7704 - Images based on RHEL 7 should contain at least ca-certificates-2021.2.50-72.el7_9.noarch.rpm THREESCALE-7731 - Reenable operator metrics service for apicast-operator THREESCALE-7761 - 3scale Operator doesn't respect *_proxy env vars THREESCALE-7765 - Remove MessageBus from System THREESCALE-7834 - admin can't create application when developer is not allowed to pick a plan THREESCALE-7863 - Update some Obsolete API's in 3scale_v2.js THREESCALE-7884 - Service top application endpoint is not working properly THREESCALE-7912 - ServiceMonitor created by monitoring showing HTTP 400 error THREESCALE-7913 - ServiceMonitor for 3scale operator has wide selector 6. ========================================================================== Ubuntu Security Notice USN-5200-1 December 17, 2021 python3.7, python3.8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Python could be made to crash if it receives specially crafted input from a malicious server. (CVE-2020-8492) It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. (CVE-2021-3737) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libpython3.7-stdlib 3.7.5-2ubuntu1~18.04.2 libpython3.8-stdlib 3.8.0-3ubuntu1~18.04.2 python3.7 3.7.5-2ubuntu1~18.04.2 python3.7-minimal 3.7.5-2ubuntu1~18.04.2 python3.8 3.8.0-3ubuntu1~18.04.2 python3.8-minimal 3.8.0-3ubuntu1~18.04.2 In general, a standard system update will make all the necessary changes. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/ Security fixes: * CVE-2021-3795 semver-regex: inefficient regular expression complexity * CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 Related bugs: * RHACM 2.2.10 images (Bugzilla #2013652) 3. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports 5. 8) - aarch64, ppc64le, s390x, x86_64 3. Bugs fixed (https://bugzilla.redhat.com/): 1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler 6

Trust: 1.71

sources: NVD: CVE-2021-3733 // VULHUB: VHN-397442 // PACKETSTORM: 167023 // PACKETSTORM: 165337 // PACKETSTORM: 164859 // PACKETSTORM: 165361 // PACKETSTORM: 165363 // PACKETSTORM: 165209 // PACKETSTORM: 165135 // PACKETSTORM: 164741

AFFECTED PRODUCTS

vendor:pythonmodel:pythonscope:gteversion:3.8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:8.4

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:8.0

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server update services for sap solutionsscope:eqversion:8.4

Trust: 1.0

vendor:fedoraprojectmodel:extra packages for enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:netappmodel:solidfire\, enterprise sds \& hci storage nodescope:eqversion: -

Trust: 1.0

vendor:redhatmodel:codeready linux builder for power little endianscope:eqversion:8.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.9.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for power little endian eusscope:eqversion:8.4

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:management services for element software and netapp hciscope:eqversion: -

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.6.14

Trust: 1.0

vendor:redhatmodel:codeready linux builderscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:8.4

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.7.11

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.9.5

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systems eusscope:eqversion:8.4

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.8.10

Trust: 1.0

vendor:redhatmodel:enterprise linux server for power little endian update services for sap solutionsscope:eqversion:8.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:8.4

Trust: 1.0

vendor:pythonmodel:pythonscope:eqversion:3.10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:redhatmodel:enterprise linux for power little endianscope:eqversion:8.0

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:codeready linux builder for ibm z systemsscope:eqversion:8.0

Trust: 1.0

sources: NVD: CVE-2021-3733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-3733
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202109-1139
value: MEDIUM

Trust: 0.6

VULHUB: VHN-397442
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-3733
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-397442
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-3733
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-397442 // CNNVD: CNNVD-202109-1139 // NVD: CVE-2021-3733

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

sources: VULHUB: VHN-397442 // NVD: CVE-2021-3733

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-1139

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202109-1139

PATCH

title:SUSE Linux Enterprise Server Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=171073

Trust: 0.6

sources: CNNVD: CNNVD-202109-1139

EXTERNAL IDS

db:NVDid:CVE-2021-3733

Trust: 2.5

db:PACKETSTORMid:165363

Trust: 0.8

db:PACKETSTORMid:164741

Trust: 0.8

db:PACKETSTORMid:164859

Trust: 0.8

db:PACKETSTORMid:164948

Trust: 0.7

db:PACKETSTORMid:165053

Trust: 0.7

db:PACKETSTORMid:167043

Trust: 0.7

db:PACKETSTORMid:164993

Trust: 0.7

db:CNNVDid:CNNVD-202109-1139

Trust: 0.7

db:AUSCERTid:ESB-2021.4095

Trust: 0.6

db:AUSCERTid:ESB-2023.3774

Trust: 0.6

db:AUSCERTid:ESB-2021.3941

Trust: 0.6

db:AUSCERTid:ESB-2022.1025

Trust: 0.6

db:AUSCERTid:ESB-2023.3839

Trust: 0.6

db:AUSCERTid:ESB-2021.4292

Trust: 0.6

db:AUSCERTid:ESB-2021.4172

Trust: 0.6

db:AUSCERTid:ESB-2021.3659

Trust: 0.6

db:AUSCERTid:ESB-2021.3138

Trust: 0.6

db:AUSCERTid:ESB-2022.2021

Trust: 0.6

db:AUSCERTid:ESB-2021.3979

Trust: 0.6

db:AUSCERTid:ESB-2021.3700

Trust: 0.6

db:AUSCERTid:ESB-2021.3813

Trust: 0.6

db:AUSCERTid:ESB-2021.4307

Trust: 0.6

db:AUSCERTid:ESB-2021.3589

Trust: 0.6

db:AUSCERTid:ESB-2021.4238

Trust: 0.6

db:AUSCERTid:ESB-2021.3519

Trust: 0.6

db:AUSCERTid:ESB-2022.0245

Trust: 0.6

db:AUSCERTid:ESB-2021.3878

Trust: 0.6

db:CS-HELPid:SB2022051144

Trust: 0.6

db:CS-HELPid:SB2022070422

Trust: 0.6

db:CS-HELPid:SB2022061211

Trust: 0.6

db:CS-HELPid:SB2021122214

Trust: 0.6

db:CS-HELPid:SB2022050235

Trust: 0.6

db:CS-HELPid:SB2021112309

Trust: 0.6

db:PACKETSTORMid:164190

Trust: 0.6

db:PACKETSTORMid:166913

Trust: 0.6

db:PACKETSTORMid:165337

Trust: 0.2

db:PACKETSTORMid:167023

Trust: 0.2

db:PACKETSTORMid:165361

Trust: 0.2

db:PACKETSTORMid:165008

Trust: 0.1

db:VULHUBid:VHN-397442

Trust: 0.1

db:PACKETSTORMid:165209

Trust: 0.1

db:PACKETSTORMid:165135

Trust: 0.1

sources: VULHUB: VHN-397442 // PACKETSTORM: 167023 // PACKETSTORM: 165337 // PACKETSTORM: 164859 // PACKETSTORM: 165361 // PACKETSTORM: 165363 // PACKETSTORM: 165209 // PACKETSTORM: 165135 // PACKETSTORM: 164741 // CNNVD: CNNVD-202109-1139 // NVD: CVE-2021-3733

REFERENCES

url:https://security.netapp.com/advisory/ntap-20220407-0001/

Trust: 1.7

url:https://bugs.python.org/issue43075

Trust: 1.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=1995234

Trust: 1.7

url:https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb

Trust: 1.7

url:https://github.com/python/cpython/pull/24391

Trust: 1.7

url:https://ubuntu.com/security/cve-2021-3733

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

Trust: 1.6

url:https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

Trust: 1.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-3733

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0245

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021112309

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3700

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3839

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021122214

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-3733/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3138

Trust: 0.6

url:https://packetstormsecurity.com/files/164859/red-hat-security-advisory-2021-4160-03.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051144

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022050235

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1025

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070422

Trust: 0.6

url:https://packetstormsecurity.com/files/167043/red-hat-security-advisory-2022-1821-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164741/red-hat-security-advisory-2021-4057-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3659

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3813

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3979

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3878

Trust: 0.6

url:https://packetstormsecurity.com/files/164190/ubuntu-security-notice-usn-5083-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3519

Trust: 0.6

url:https://packetstormsecurity.com/files/166913/red-hat-security-advisory-2022-1663-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4307

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.3774

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3941

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4238

Trust: 0.6

url:https://packetstormsecurity.com/files/165363/ubuntu-security-notice-usn-5199-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3589

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022061211

Trust: 0.6

url:https://packetstormsecurity.com/files/165053/red-hat-security-advisory-2021-4766-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/164993/red-hat-security-advisory-2021-4628-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4095

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4172

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2021

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4292

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-3737

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-36385

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-36385

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3737

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-0512

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3656

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-0512

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43267

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20266

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20317

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20317

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43818

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0391

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0391

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43818

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1764

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3656

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33928

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5191

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26247

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26247

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4160

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28957

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33503

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29921

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3572

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33503

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28957

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29921

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/python3.8/3.8.0-3ubuntu1~18.04.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8492

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5200-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/python3.7/3.7.5-2ubuntu1~18.04.2

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5199-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.6

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43527

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5038

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14145

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3795

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20271

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23440

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14145

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29923

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4914

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28950

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4057

Trust: 0.1

sources: VULHUB: VHN-397442 // PACKETSTORM: 167023 // PACKETSTORM: 165337 // PACKETSTORM: 164859 // PACKETSTORM: 165361 // PACKETSTORM: 165363 // PACKETSTORM: 165209 // PACKETSTORM: 165135 // PACKETSTORM: 164741 // CNNVD: CNNVD-202109-1139 // NVD: CVE-2021-3733

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 167023 // PACKETSTORM: 165337 // PACKETSTORM: 164859 // PACKETSTORM: 165209 // PACKETSTORM: 165135 // PACKETSTORM: 164741

SOURCES

db:VULHUBid:VHN-397442
db:PACKETSTORMid:167023
db:PACKETSTORMid:165337
db:PACKETSTORMid:164859
db:PACKETSTORMid:165361
db:PACKETSTORMid:165363
db:PACKETSTORMid:165209
db:PACKETSTORMid:165135
db:PACKETSTORMid:164741
db:CNNVDid:CNNVD-202109-1139
db:NVDid:CVE-2021-3733

LAST UPDATE DATE

2025-01-28T21:28:21.049000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-397442date:2022-10-26T00:00:00
db:CNNVDid:CNNVD-202109-1139date:2023-07-10T00:00:00
db:NVDid:CVE-2021-3733date:2024-11-21T06:22:16.753

SOURCES RELEASE DATE

db:VULHUBid:VHN-397442date:2022-03-10T00:00:00
db:PACKETSTORMid:167023date:2022-05-11T15:31:27
db:PACKETSTORMid:165337date:2021-12-17T14:04:30
db:PACKETSTORMid:164859date:2021-11-10T17:08:07
db:PACKETSTORMid:165361date:2021-12-17T19:23:35
db:PACKETSTORMid:165363date:2021-12-17T19:23:51
db:PACKETSTORMid:165209date:2021-12-09T14:50:37
db:PACKETSTORMid:165135date:2021-12-03T16:41:45
db:PACKETSTORMid:164741date:2021-11-02T15:33:39
db:CNNVDid:CNNVD-202109-1139date:2021-09-17T00:00:00
db:NVDid:CVE-2021-3733date:2022-03-10T17:42:59.623