In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Python | Python | 3.0.0 (including) | 3.6.13 (excluding) |
| Python | Python | 3.7.0 (including) | 3.7.10 (excluding) |
| Python | Python | 3.8.0 (including) | 3.8.7 (excluding) |
| Python | Python | 3.9.0 (including) | 3.9.1 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | python3-0:3.6.8-37.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | python27:2.7-8050020210811095446.3e7ace8b | * |
| Red Hat Enterprise Linux 8 | RedHat | python38:3.8-8050020210811101222.e3d35cca | * |
| Red Hat Enterprise Linux 8 | RedHat | python38-devel:3.8-8050020210811101222.e3d35cca | * |
| Red Hat Enterprise Linux 8 | RedHat | python3-0:3.6.8-37.el8 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-babel-0:0.9.6-10.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-python-0:2.7.18-3.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-python-jinja2-0:2.6-16.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | python27-python-pygments-0:1.5-5.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python38-babel-0:2.7.0-12.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python38-python-0:3.8.11-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python38-python-cryptography-0:2.8-5.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python38-python-jinja2-0:2.10.3-6.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python38-python-lxml-0:4.4.1-7.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python38-python-pip-0:19.3.1-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-python38-python-urllib3-0:1.25.7-7.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | python27-babel-0:0.9.6-10.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | python27-python-0:2.7.18-3.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | python27-python-jinja2-0:2.6-16.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | python27-python-pygments-0:1.5-5.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-python38-babel-0:2.7.0-12.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-python38-python-0:3.8.11-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-python38-python-cryptography-0:2.8-5.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-python38-python-jinja2-0:2.10.3-6.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-python38-python-lxml-0:4.4.1-7.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-python38-python-pip-0:19.3.1-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-python38-python-urllib3-0:1.25.7-7.el7 | * |
| Python2.7 | Ubuntu | trusty | * |
| Python3.4 | Ubuntu | esm-infra-legacy/trusty | * |
| Python3.4 | Ubuntu | trusty | * |
| Python3.4 | Ubuntu | trusty/esm | * |
| Python3.5 | Ubuntu | esm-infra-legacy/trusty | * |
| Python3.5 | Ubuntu | esm-infra/xenial | * |
| Python3.5 | Ubuntu | trusty | * |
| Python3.5 | Ubuntu | trusty/esm | * |
| Python3.5 | Ubuntu | xenial | * |
| Python3.6 | Ubuntu | bionic | * |
| Python3.6 | Ubuntu | esm-infra/bionic | * |
| Python3.7 | Ubuntu | bionic | * |
| Python3.7 | Ubuntu | esm-apps/bionic | * |
| Python3.8 | Ubuntu | bionic | * |
| Python3.8 | Ubuntu | esm-apps/bionic | * |
| Python3.8 | Ubuntu | esm-infra/focal | * |
| Python3.8 | Ubuntu | focal | * |
| Python3.8 | Ubuntu | groovy | * |
References
- https://bugs.python.org/issue41944
- https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8
- https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9
- https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33
- https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794
- https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
- https://security.gentoo.org/glsa/202402-04
- https://security.netapp.com/advisory/ntap-20201123-0004/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://bugs.python.org/issue41944
- https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8
- https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9
- https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33
- https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794
- https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
- https://security.gentoo.org/glsa/202402-04
- https://security.netapp.com/advisory/ntap-20201123-0004/
- https://www.oracle.com/security-alerts/cpujul2022.html