RHSA-2020:5009

Affecting python-libs package, versions <0:2.7.5-90.el7

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to RHSA-2020:5009. Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade python-libs to version or higher.

References

CVE
RHSA-2020:5009
Snyk ID
SNYK-CENTOS7-PYTHONLIBS-1038939
Published
11 Nov, 2020