Sign-up

ID

VAR-202109-1966


CVE

CVE-2021-3733


TITLE

Red Hat Security Advisory 2022-1764-01

Trust: 0.1

sources: PACKETSTORM: 167023

DESCRIPTION

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. Python is an open source, object-oriented programming language developed by the Python Foundation. The language is scalable, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python due to a failure in the product to properly handle RCFS. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: python38:3.8 and python38-devel:3.8 security update Advisory ID: RHSA-2022:1764-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1764 Issue date: 2022-05-10 CVE Names: CVE-2021-3733 CVE-2021-3737 CVE-2021-43818 CVE-2022-0391 ===================================================================== 1. Summary: An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - noarch Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packages have been upgraded to a later upstream version: python38 (3.8), python38-devel (3.8). (BZ#1997680, BZ#1997860) Security Fix(es): * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) * python: urllib.parse does not sanitize URLs containing ASCII newline and tabs (CVE-2022-0391) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1995162 - CVE-2021-3737 python: urllib: HTTP client possible infinite loop on a 100 Continue response 1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler 2004587 - Update the python interpreter to the latest security release 3.8.12 2006789 - RHEL 8 Python 3.8: pip contains bundled pre-built exe files in site-packages/pip/_vendor/distlib/ 2032569 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through 2047376 - CVE-2022-0391 python: urllib.parse does not sanitize URLs containing ASCII newline and tabs 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.src.rpm PyYAML-5.4.1-1.module+el8.5.0+10721+14d8e0d5.src.rpm babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.src.rpm mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.src.rpm numpy-1.17.3-6.module+el8.5.0+12205+a865257a.src.rpm python-PyMySQL-0.10.1-1.module+el8.4.0+9692+8e86ab84.src.rpm python-asn1crypto-1.2.0-3.module+el8.4.0+8888+89bc7e79.src.rpm python-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.src.rpm python-chardet-3.0.4-19.module+el8.4.0+8888+89bc7e79.src.rpm python-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.src.rpm python-idna-2.8-6.module+el8.4.0+8888+89bc7e79.src.rpm python-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.src.rpm python-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.src.rpm python-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.src.rpm python-ply-3.11-10.module+el8.4.0+9579+e9717e18.src.rpm python-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.src.rpm python-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.src.rpm python-pycparser-2.19-3.module+el8.4.0+8888+89bc7e79.src.rpm python-pysocks-1.7.1-4.module+el8.4.0+8888+89bc7e79.src.rpm python-requests-2.22.0-9.module+el8.4.0+8888+89bc7e79.src.rpm python-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.src.rpm python-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.src.rpm python38-3.8.12-1.module+el8.6.0+12642+c3710b74.src.rpm python3x-pip-19.3.1-5.module+el8.6.0+13002+70cfc74a.src.rpm python3x-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a.src.rpm python3x-six-1.12.0-10.module+el8.4.0+8888+89bc7e79.src.rpm pytz-2019.3-3.module+el8.4.0+8888+89bc7e79.src.rpm scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.src.rpm aarch64: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm noarch: python38-PyMySQL-0.10.1-1.module+el8.4.0+9692+8e86ab84.noarch.rpm python38-asn1crypto-1.2.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.noarch.rpm python38-chardet-3.0.4-19.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-idna-2.8-6.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.noarch.rpm python38-numpy-doc-1.17.3-6.module+el8.5.0+12205+a865257a.noarch.rpm python38-pip-19.3.1-5.module+el8.6.0+13002+70cfc74a.noarch.rpm python38-pip-wheel-19.3.1-5.module+el8.6.0+13002+70cfc74a.noarch.rpm python38-ply-3.11-10.module+el8.4.0+9579+e9717e18.noarch.rpm python38-pycparser-2.19-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pysocks-1.7.1-4.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pytz-2019.3-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-requests-2.22.0-9.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-rpm-macros-3.8.12-1.module+el8.6.0+12642+c3710b74.noarch.rpm python38-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a.noarch.rpm python38-setuptools-wheel-41.6.0-5.module+el8.5.0+12205+a865257a.noarch.rpm python38-six-1.12.0-10.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.noarch.rpm python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm python38-wheel-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm ppc64le: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm s390x: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm x86_64: Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): Source: pytest-4.6.6-3.module+el8.4.0+8888+89bc7e79.src.rpm python-atomicwrites-1.3.0-8.module+el8.4.0+8888+89bc7e79.src.rpm python-attrs-19.3.0-3.module+el8.4.0+8888+89bc7e79.src.rpm python-more-itertools-7.2.0-5.module+el8.4.0+8888+89bc7e79.src.rpm python-packaging-19.2-3.module+el8.4.0+8888+89bc7e79.src.rpm python-pluggy-0.13.0-3.module+el8.4.0+8888+89bc7e79.src.rpm python-py-1.8.0-8.module+el8.4.0+8888+89bc7e79.src.rpm python-wcwidth-0.1.7-16.module+el8.4.0+8888+89bc7e79.src.rpm python3x-pyparsing-2.4.5-3.module+el8.4.0+8888+89bc7e79.src.rpm noarch: python38-atomicwrites-1.3.0-8.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-attrs-19.3.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-more-itertools-7.2.0-5.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-packaging-19.2-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pluggy-0.13.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-py-1.8.0-8.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pyparsing-2.4.5-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-pytest-4.6.6-3.module+el8.4.0+8888+89bc7e79.noarch.rpm python38-wcwidth-0.1.7-16.module+el8.4.0+8888+89bc7e79.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-43818 https://access.redhat.com/security/cve/CVE-2022-0391 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYnqQbtzjgjWX9erEAQgnnBAAim+GuSrydBbxi0s4w6LR+l5XTnTzDmkl Zq12+m7sT8mq0veWvias08iivuoOeN0ibSMx5yymrD0RJe+kS1PbJ9xyfDAaDiN9 K6wOPJhvVuzDJRgrkuI80ABZR9MLQCb8Csb/RepkkGtko/kGRzRnIqe7q53LNi8z 5o6eSrC1+96J1J+CmB8jAUeZPwFeX9B3bq2Fc20I9uhgg3H9lT0dD0ovc4G/u+/3 oRbJLpQdg9zBweMIfxiilHyeaOYLuok8bQ2OU0fglZVasX4pb6R4NLg99fAbbhpe WX/oZel5cwo9CvkdD8v4CDUqT8I0xlOpOoemd4Mwg/yo8ITTt16lWNxxkY0kPH6K oj6hvkv/akPO+CTFqHqKOvrUKvbmyFhtehic+7RkWcPNpKrXtHihcuyScWRkxG5J mCev5DDmvw7rGoYiDl7gPEzBm6b/xxROMYtwfONiDaphmbQm9eimdJ5sYJ4+Zfu2 0aqPoJ1ARZUNlhuYTW2sa9yoE1v8RIHtppCmgblEEGNv/Nh5pFiDktfaOLbF4X37 D+dQfyiICf3FHo6LzGIY4B6w3T7FtezMOZSThzwYnq5I1qexlyL/Ug9TwHtA6ez+ 0OwkzfjbktW7lzRvij47/YIl2LvOteQutYa8xbiADZVSPkYNAnh0B7EZ/+reGra6 CNbxA3ArPQc= =3Ugn -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1912487 - CVE-2020-26247 rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema 5. JIRA issues fixed (https://issues.jboss.org/): THREESCALE-6868 - [3scale][2.11][LO-prio] Improve select default Application plan THREESCALE-6879 - [3scale][2.11][HI-prio] Add 'Create new Application' flow to Product > Applications index THREESCALE-7030 - Address scalability in 'Create new Application' form THREESCALE-7203 - Fix Zync resync command in 5.6.9. Creating equivalent Zync routes THREESCALE-7475 - Some api calls result in "Destroying user session" THREESCALE-7488 - Ability to add external Lua dependencies for custom policies THREESCALE-7573 - Enable proxy environment variables via the APICAST CRD THREESCALE-7605 - type change of "policies_config" in /admin/api/services/{service_id}/proxy.json THREESCALE-7633 - Signup form in developer portal is disabled for users authenticted via external SSO THREESCALE-7644 - Metrics: Service for 3scale operator is missing THREESCALE-7646 - Cleanup/refactor Products and Backends index logic THREESCALE-7648 - Remove "#context-menu" from the url THREESCALE-7704 - Images based on RHEL 7 should contain at least ca-certificates-2021.2.50-72.el7_9.noarch.rpm THREESCALE-7731 - Reenable operator metrics service for apicast-operator THREESCALE-7761 - 3scale Operator doesn't respect *_proxy env vars THREESCALE-7765 - Remove MessageBus from System THREESCALE-7834 - admin can't create application when developer is not allowed to pick a plan THREESCALE-7863 - Update some Obsolete API's in 3scale_v2.js THREESCALE-7884 - Service top application endpoint is not working properly THREESCALE-7912 - ServiceMonitor created by monitoring showing HTTP 400 error THREESCALE-7913 - ServiceMonitor for 3scale operator has wide selector 6. ========================================================================== Ubuntu Security Notice USN-5083-1 September 16, 2021 python3.4, python3.5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Python. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2021-3733) It was discovered that Python incorrectly handled certain server responses. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3737) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: python3.5 3.5.2-2ubuntu0~16.04.13+esm1 python3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm1 Ubuntu 14.04 ESM: python3.4 3.4.3-1ubuntu1~14.04.7+esm11 python3.4-minimal 3.4.3-1ubuntu1~14.04.7+esm11 In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1997017 - unprivileged client fails to get guest agent data 1998855 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 2000251 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 2001270 - [VMIO] [Warm from Vmware] Snapshot files are not deleted after Successful Import 2001281 - [VMIO] [Warm from VMware] Source VM should not be turned ON if vmio import is removed 2001901 - [4.8.3] NNCP creation failures after nmstate-handler pod deletion 2007336 - 4.8.3 containers 2007776 - Failed to Migrate Windows VM with CDROM (readonly) 2008511 - [CNV-4.8.3] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2012890 - With descheduler during multiple VMIs migrations, some VMs are restarted 2025475 - [4.8.3] Upgrade from 2.6 to 4.x versions failed due to vlan-filtering issues 2026881 - [4.8.3] vlan-filtering is getting applied on veth ports 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.4/html/release_notes/ Security fixes: * CVE-2021-33623: nodejs-trim-newlines: ReDoS in .end() method * CVE-2021-32626: redis: Lua scripts can overflow the heap-based Lua stack * CVE-2021-32627: redis: Integer overflow issue with Streams * CVE-2021-32628: redis: Integer overflow bug in the ziplist data structure * CVE-2021-32672: redis: Out of bounds read in lua debugger protocol parser * CVE-2021-32675: redis: Denial of service via Redis Standard Protocol (RESP) request * CVE-2021-32687: redis: Integer overflow issue with intsets * CVE-2021-32690: helm: information disclosure vulnerability * CVE-2021-32803: nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite * CVE-2021-32804: nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite * CVE-2021-23017: nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name * CVE-2021-3711: openssl: SM2 Decryption Buffer Overflow * CVE-2021-3712: openssl: Read buffer overruns processing ASN.1 strings * CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function * CVE-2021-41099: redis: Integer overflow issue with strings Bug fixes: * RFE ACM Application management UI doesn't reflect object status (Bugzilla #1965321) * RHACM 2.4 files (Bugzilla #1983663) * Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4 (Bugzilla #1993366) * submariner-addon pod failing in RHACM 2.4 latest ds snapshot (Bugzilla #1994668) * ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb (Bugzilla #2000274) * pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2003915) * InfraEnv condition does not reflect the actual error message (Bugzilla #2009204, 2010030) * Flaky test point to a nil pointer conditions list (Bugzilla #2010175) * InfraEnv status shows 'Failed to create image: internal error (Bugzilla #2010272) * subctl diagnose firewall intra-cluster - failed VXLAN checks (Bugzilla #2013157) * pre-network-manager-config failed due to timeout when static config is used (Bugzilla #2014084) 3. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1965321 - RFE ACM Application management UI doesn't reflect object status 1966615 - CVE-2021-33623 nodejs-trim-newlines: ReDoS in .end() method 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1983663 - RHACM 2.4.0 images 1990409 - CVE-2021-32804 nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite 1990415 - CVE-2021-32803 nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite 1993366 - Hive Operator CrashLoopBackOff when deploying ACM with latest downstream 2.4 1994668 - submariner-addon pod failing in RHACM 2.4 latest ds snapshot 1995623 - CVE-2021-3711 openssl: SM2 Decryption Buffer Overflow 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2000274 - ACM 2.4 install on OCP 4.9 ipv6 disconnected hub fails due to multicluster pod in clb 2003915 - pre-network-manager-config failed due to timeout when static config is used 2009204 - InfraEnv condition does not reflect the actual error message 2010030 - InfraEnv condition does not reflect the actual error message 2010175 - Flaky test point to a nil pointer conditions list 2010272 - InfraEnv status shows 'Failed to create image: internal error 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 2013157 - subctl diagnose firewall intra-cluster - failed VXLAN checks 2014084 - pre-network-manager-config failed due to timeout when static config is used 5. 8) - aarch64, ppc64le, s390x, x86_64 3. Bugs fixed (https://bugzilla.redhat.com/): 1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler 6. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 2016256 - Release of OpenShift Serverless Eventing 1.19.0 2016258 - Release of OpenShift Serverless Serving 1.19.0 5. 7) - noarch, x86_64 3

Trust: 1.8

sources: NVD: CVE-2021-3733 // VULHUB: VHN-397442 // PACKETSTORM: 167023 // PACKETSTORM: 165337 // PACKETSTORM: 165363 // PACKETSTORM: 164190 // PACKETSTORM: 165135 // PACKETSTORM: 164948 // PACKETSTORM: 164741 // PACKETSTORM: 165053 // PACKETSTORM: 166913

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linux for power little endianscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systems eusscope:eqversion:8.4

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.9.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.8.10

Trust: 1.0

vendor:pythonmodel:pythonscope:eqversion:3.10.0

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:8.4

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.8.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.7.11

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:8.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:36

Trust: 1.0

vendor:netappmodel:management services for element software and netapp hciscope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:extra packages for enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:pythonmodel:pythonscope:gteversion:3.7.0

Trust: 1.0

vendor:redhatmodel:codeready linux builder for power little endianscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:codeready linux builderscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server for power little endian update services for sap solutionsscope:eqversion:8.4

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.9.5

Trust: 1.0

vendor:pythonmodel:pythonscope:ltversion:3.6.14

Trust: 1.0

vendor:redhatmodel:enterprise linux for power little endian eusscope:eqversion:8.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server update services for sap solutionsscope:eqversion:8.4

Trust: 1.0

vendor:netappmodel:solidfire\, enterprise sds \& hci storage nodescope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:8.4

Trust: 1.0

vendor:netappmodel:hci compute nodescope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:codeready linux builder for ibm z systemsscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:8.4

Trust: 1.0

sources: NVD: CVE-2021-3733

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-3733
value: MEDIUM

Trust: 1.0

VULHUB: VHN-397442
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-3733
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-397442
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-3733
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-397442 // NVD: CVE-2021-3733

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.1

sources: VULHUB: VHN-397442 // NVD: CVE-2021-3733

TYPE

overflow

Trust: 0.1

sources: PACKETSTORM: 164948

EXTERNAL IDS

db:NVDid:CVE-2021-3733

Trust: 2.0

db:PACKETSTORMid:164948

Trust: 0.2

db:PACKETSTORMid:165053

Trust: 0.2

db:PACKETSTORMid:165337

Trust: 0.2

db:PACKETSTORMid:165363

Trust: 0.2

db:PACKETSTORMid:167023

Trust: 0.2

db:PACKETSTORMid:164741

Trust: 0.2

db:PACKETSTORMid:165008

Trust: 0.1

db:PACKETSTORMid:167043

Trust: 0.1

db:PACKETSTORMid:165361

Trust: 0.1

db:PACKETSTORMid:164859

Trust: 0.1

db:PACKETSTORMid:164993

Trust: 0.1

db:CNNVDid:CNNVD-202109-1139

Trust: 0.1

db:VULHUBid:VHN-397442

Trust: 0.1

db:PACKETSTORMid:164190

Trust: 0.1

db:PACKETSTORMid:165135

Trust: 0.1

db:PACKETSTORMid:166913

Trust: 0.1

sources: VULHUB: VHN-397442 // PACKETSTORM: 167023 // PACKETSTORM: 165337 // PACKETSTORM: 165363 // PACKETSTORM: 164190 // PACKETSTORM: 165135 // PACKETSTORM: 164948 // PACKETSTORM: 164741 // PACKETSTORM: 165053 // PACKETSTORM: 166913 // NVD: CVE-2021-3733

REFERENCES

url:https://security.netapp.com/advisory/ntap-20220407-0001/

Trust: 1.1

url:https://bugs.python.org/issue43075

Trust: 1.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1995234

Trust: 1.1

url:https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb

Trust: 1.1

url:https://github.com/python/cpython/pull/24391

Trust: 1.1

url:https://ubuntu.com/security/cve-2021-3733

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

Trust: 1.0

url:https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-3733

Trust: 0.8

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://bugzilla.redhat.com/):

Trust: 0.7

url:https://access.redhat.com/security/team/contact/

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.7

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-3737

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-0512

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-33938

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-3656

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-33929

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-33928

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-36385

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-33930

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-0512

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-36385

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-0391

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0391

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3737

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3656

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-43818

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-43818

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1764

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:5191

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-26247

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-26247

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5199-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.6

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5083-1

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24370

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3426

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17594

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22876

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-34558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3800

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33574

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19603

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20231

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-24370

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-43267

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3572

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3445

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3200

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22876

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-16135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36085

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19603

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20673

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20266

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20231

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3580

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16135

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20266

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-27645

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22898

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36087

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3778

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20317

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20317

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-35942

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12762

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4914

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13435

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36086

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25648

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28153

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33560

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3796

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-20232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5827

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36084

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-28950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18218

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22924

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32626

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3711

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32675

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22922

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32804

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23017

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41099

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32804

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32627

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32672

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32627

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32690

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32628

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22922

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32626

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3711

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32672

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3749

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32687

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23017

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22923

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32687

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32628

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32803

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4057

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.8/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4766

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless/index

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.9/html/serverless/index

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36221

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-4189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-4189

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1663

Trust: 0.1

sources: VULHUB: VHN-397442 // PACKETSTORM: 167023 // PACKETSTORM: 165337 // PACKETSTORM: 165363 // PACKETSTORM: 164190 // PACKETSTORM: 165135 // PACKETSTORM: 164948 // PACKETSTORM: 164741 // PACKETSTORM: 165053 // PACKETSTORM: 166913 // NVD: CVE-2021-3733

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 167023 // PACKETSTORM: 165337 // PACKETSTORM: 165135 // PACKETSTORM: 164948 // PACKETSTORM: 164741 // PACKETSTORM: 165053 // PACKETSTORM: 166913

SOURCES

db:VULHUBid:VHN-397442
db:PACKETSTORMid:167023
db:PACKETSTORMid:165337
db:PACKETSTORMid:165363
db:PACKETSTORMid:164190
db:PACKETSTORMid:165135
db:PACKETSTORMid:164948
db:PACKETSTORMid:164741
db:PACKETSTORMid:165053
db:PACKETSTORMid:166913
db:NVDid:CVE-2021-3733

LAST UPDATE DATE

2025-12-22T21:44:34.724000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-397442date:2022-10-26T00:00:00
db:NVDid:CVE-2021-3733date:2025-11-03T22:15:50.833

SOURCES RELEASE DATE

db:VULHUBid:VHN-397442date:2022-03-10T00:00:00
db:PACKETSTORMid:167023date:2022-05-11T15:31:27
db:PACKETSTORMid:165337date:2021-12-17T14:04:30
db:PACKETSTORMid:165363date:2021-12-17T19:23:51
db:PACKETSTORMid:164190date:2021-09-17T16:02:38
db:PACKETSTORMid:165135date:2021-12-03T16:41:45
db:PACKETSTORMid:164948date:2021-11-12T17:01:04
db:PACKETSTORMid:164741date:2021-11-02T15:33:39
db:PACKETSTORMid:165053date:2021-11-23T17:10:05
db:PACKETSTORMid:166913date:2022-05-02T15:26:53
db:NVDid:CVE-2021-3733date:2022-03-10T17:42:59.623