CVE-2021-29921
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.5
Description
RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate)
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata โ Red Hat Inc. ยท View original โ ยท Open-Errata-API
Description python-ipaddress: Improper input validation of octal strings CVSS v3: 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8python39:3.9-8050020210811100211.d428a79bRHSA-2021:41602021-11-09T00:00:00Z Red Hat Enterprise Linux 8python39-devel:3.9-8050020210811100211.d428a79bRHSA-2021:41602021-11-09T00:00:00Zโฆ
Description
python-ipaddress: Improper input validation of octal strings
CVSS v3: 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | python39:3.9-8050020210811100211.d428a79b | RHSA-2021:4160 | 2021-11-09T00:00:00Z |
| Red Hat Enterprise Linux 8 | python39-devel:3.9-8050020210811100211.d428a79b | RHSA-2021:4160 | 2021-11-09T00:00:00Z |
| Red Hat Enterprise Linux 8 | python38:3.8-8050020210811101222.e3d35cca | RHSA-2021:4162 | 2021-11-09T00:00:00Z |
| Red Hat Enterprise Linux 8 | python38-devel:3.8-8050020210811101222.e3d35cca | RHSA-2021:4162 | 2021-11-09T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-python38-babel-0:2.7.0-12.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-python38-python-0:3.8.11-2.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-python38-python-cryptography-0:2.8-5.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-python38-python-jinja2-0:2.10.3-6.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-python38-python-lxml-0:4.4.1-7.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-python38-python-pip-0:19.3.1-2.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-python38-python-urllib3-0:1.25.7-7.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-python38-babel-0:2.7.0-12.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-python38-python-0:3.8.11-2.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-python38-python-cryptography-0:2.8-5.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-python38-python-jinja2-0:2.10.3-6.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-python38-python-lxml-0:4.4.1-7.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-python38-python-pip-0:19.3.1-2.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-python38-python-urllib3-0:1.25.7-7.el7 | RHSA-2021:3254 | 2021-08-24T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | python-ipaddress | Not affected |
| Red Hat Enterprise Linux 7 | python-pip | Not affected |
| Red Hat Enterprise Linux 8 | python27:2.7/python-ipaddress | Not affected |
| Red Hat Enterprise Linux 8 | python36:3.6/python36 | Not affected |
| Red Hat Software Collections | python27-python-pip | Not affected |
| Red Hat Software Collections | rh-python36-python | Not affected |
Apply commands
Apply RHSA-2021:4160 for Red Hat Enterprise Linux 8
yum update -y python39:3
# or:
dnf upgrade -y python39:3Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 8 | Not affected |
| redhat | Red Hat Enterprise Linux 8 | Not affected |
| redhat | Red Hat Software Collections | Not affected |
| redhat | Red Hat Software Collections | Not affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| arch | fixed | 3.9.5-1 | |
| sles | affected | | |
| rocky | 8 | fixed | |
| debian | bookworm | fixed | 7.3.8+dfsg-1 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 7.3.8+dfsg-1 |
| debian | sid | fixed | 7.3.8+dfsg-1 |
| debian | trixie | fixed | 7.3.8+dfsg-1 |
| rhel | 8 | fixed | |
References
- https://www.suse.com/security/cve/CVE-2021-29921.html
- https://errata.rockylinux.org/RLSA-2021:4162
- https://errata.rockylinux.org/RLSA-2021:4160
- https://security-tracker.debian.org/tracker/CVE-2021-29921
- https://errata.almalinux.org/8/ALSA-2021-4160.html
- https://errata.almalinux.org/8/ALSA-2021-4162.html
- https://access.redhat.com/errata/RHSA-2021:4160
- https://access.redhat.com/errata/RHSA-2021:4162
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.