RHSA-2021:1761: Red Hat Security Advisory: python27:2.7 security and bug fix update

An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix(es):

• python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116)
• python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)
• python-lxml: mXSS due to the use of improper parser (CVE-2020-27783)
• python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Related CVEs:
• CVE-2020-26116: python: CRLF injection via HTTP request method in httplib/http.client
• CVE-2020-26137: python-urllib3: CRLF injection via HTTP request method
• CVE-2020-27783: python-lxml: mXSS due to the use of improper parser
• CVE-2021-3177: python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c