Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5616: Red Hat Security Advisory: python-reportlab security update

An update for python-reportlab is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2019-19450: A code injection vulnerability was found in python-reportlab that may allow an attacker to execute code while parsing a unichar element attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable and could allow remote code execution.
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#rce#pdf#aws#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-10-10

Updated:

2023-10-10

RHSA-2023:5616 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: python-reportlab security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-reportlab is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Python-reportlab is a library used for generation of PDF documents.

Security Fix(es):

  • python-reportlab: code injection in paraparser.py allows code execution (CVE-2019-19450)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2239920 - CVE-2019-19450 python-reportlab: code injection in paraparser.py allows code execution

Red Hat Enterprise Linux Server 7

SRPM

python-reportlab-2.5-11.el7_9.src.rpm

SHA-256: a66893c9812abbcec1d53e7d7f884a930ecd5925162d87cae1a5cc2fe79b65e6

x86_64

python-reportlab-2.5-11.el7_9.x86_64.rpm

SHA-256: 9fdc6df678e6ba3edfa3a4b2b77ad478331f3f0fd8de799e9cefd292f0ea000a

python-reportlab-debuginfo-2.5-11.el7_9.x86_64.rpm

SHA-256: 67be0dbdcd1063d01f674b9387b8255f25f1183678803386b2674263fad34f82

python-reportlab-debuginfo-2.5-11.el7_9.x86_64.rpm

SHA-256: 67be0dbdcd1063d01f674b9387b8255f25f1183678803386b2674263fad34f82

python-reportlab-docs-2.5-11.el7_9.x86_64.rpm

SHA-256: 5c3117219f624039408105ac4d4c5e34852b68e9c089dbfdb4a2777fb54b95c5

Red Hat Enterprise Linux Workstation 7

SRPM

python-reportlab-2.5-11.el7_9.src.rpm

SHA-256: a66893c9812abbcec1d53e7d7f884a930ecd5925162d87cae1a5cc2fe79b65e6

x86_64

python-reportlab-2.5-11.el7_9.x86_64.rpm

SHA-256: 9fdc6df678e6ba3edfa3a4b2b77ad478331f3f0fd8de799e9cefd292f0ea000a

python-reportlab-debuginfo-2.5-11.el7_9.x86_64.rpm

SHA-256: 67be0dbdcd1063d01f674b9387b8255f25f1183678803386b2674263fad34f82

python-reportlab-debuginfo-2.5-11.el7_9.x86_64.rpm

SHA-256: 67be0dbdcd1063d01f674b9387b8255f25f1183678803386b2674263fad34f82

python-reportlab-docs-2.5-11.el7_9.x86_64.rpm

SHA-256: 5c3117219f624039408105ac4d4c5e34852b68e9c089dbfdb4a2777fb54b95c5

Red Hat Enterprise Linux Desktop 7

SRPM

python-reportlab-2.5-11.el7_9.src.rpm

SHA-256: a66893c9812abbcec1d53e7d7f884a930ecd5925162d87cae1a5cc2fe79b65e6

x86_64

python-reportlab-2.5-11.el7_9.x86_64.rpm

SHA-256: 9fdc6df678e6ba3edfa3a4b2b77ad478331f3f0fd8de799e9cefd292f0ea000a

python-reportlab-debuginfo-2.5-11.el7_9.x86_64.rpm

SHA-256: 67be0dbdcd1063d01f674b9387b8255f25f1183678803386b2674263fad34f82

python-reportlab-debuginfo-2.5-11.el7_9.x86_64.rpm

SHA-256: 67be0dbdcd1063d01f674b9387b8255f25f1183678803386b2674263fad34f82

python-reportlab-docs-2.5-11.el7_9.x86_64.rpm

SHA-256: 5c3117219f624039408105ac4d4c5e34852b68e9c089dbfdb4a2777fb54b95c5

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

python-reportlab-2.5-11.el7_9.src.rpm

SHA-256: a66893c9812abbcec1d53e7d7f884a930ecd5925162d87cae1a5cc2fe79b65e6

s390x

python-reportlab-2.5-11.el7_9.s390x.rpm

SHA-256: e129eb2881223fbfd1f5e3d86bb4e47ac8d967536254dad9844d3e3a23269112

python-reportlab-debuginfo-2.5-11.el7_9.s390x.rpm

SHA-256: 142df15126bd2fd1dbae12f1d01ee3baa53b19c10dc6d5f30bafdb04faae8483

python-reportlab-debuginfo-2.5-11.el7_9.s390x.rpm

SHA-256: 142df15126bd2fd1dbae12f1d01ee3baa53b19c10dc6d5f30bafdb04faae8483

python-reportlab-docs-2.5-11.el7_9.s390x.rpm

SHA-256: 04b56a255ddcc00ae43816fe38ca31fb98914ef839a6f587a85afb69c8ca420f

Red Hat Enterprise Linux for Power, big endian 7

SRPM

python-reportlab-2.5-11.el7_9.src.rpm

SHA-256: a66893c9812abbcec1d53e7d7f884a930ecd5925162d87cae1a5cc2fe79b65e6

ppc64

python-reportlab-2.5-11.el7_9.ppc64.rpm

SHA-256: 621ad5f16a9fc2e1b78fe0e92e43dc910716844e18d01ad0c1917e42104512ff

python-reportlab-debuginfo-2.5-11.el7_9.ppc64.rpm

SHA-256: d1ccf731cdc28267f43dd624dd124151c6fd5f80de54551f5b367afa322bc308

python-reportlab-debuginfo-2.5-11.el7_9.ppc64.rpm

SHA-256: d1ccf731cdc28267f43dd624dd124151c6fd5f80de54551f5b367afa322bc308

python-reportlab-docs-2.5-11.el7_9.ppc64.rpm

SHA-256: 9b7d582bf0c198e9be42859d30cf73e4b75c1151012c725b2e4ea9dc0e0fea4f

Red Hat Enterprise Linux for Power, little endian 7

SRPM

python-reportlab-2.5-11.el7_9.src.rpm

SHA-256: a66893c9812abbcec1d53e7d7f884a930ecd5925162d87cae1a5cc2fe79b65e6

ppc64le

python-reportlab-2.5-11.el7_9.ppc64le.rpm

SHA-256: e8aa7a09129939b743eca9fef0c69b092ee963565d71d6a05000f370a21dea81

python-reportlab-debuginfo-2.5-11.el7_9.ppc64le.rpm

SHA-256: 42858814d5f8cbf03e2e803392221779eb896efcf0b2557c47aae1caeeebaea0

python-reportlab-debuginfo-2.5-11.el7_9.ppc64le.rpm

SHA-256: 42858814d5f8cbf03e2e803392221779eb896efcf0b2557c47aae1caeeebaea0

python-reportlab-docs-2.5-11.el7_9.ppc64le.rpm

SHA-256: 2a69f20ab020019a199046f5068c9f31627689cdd849e44f71bdf4df79e76940

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-5790-01

Red Hat Security Advisory 2023-5790-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5789-01

Red Hat Security Advisory 2023-5789-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5788-01

Red Hat Security Advisory 2023-5788-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5787-01

Red Hat Security Advisory 2023-5787-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5786-01

Red Hat Security Advisory 2023-5786-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5616-01

Red Hat Security Advisory 2023-5616-01 - Python-reportlab is a library used for generation of PDF documents. Issues addressed include a code execution vulnerability.

GHSA-pj98-2xf6-cff5: ReportLab vulnerable to remote code execution via paraparser

paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.

CVE-2019-19450: reportlab-mirror/CHANGES.md at master · MrBitBucket/reportlab-mirror

paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data