An update for python-lxml is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1482
Final
1.0
1.0
2022-01-07
Initial
2022-01-07
2022-01-07
openEuler SA Tool V1.0
2022-01-07
python-lxml security update
An update for python-lxml is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
XML processing library combining libxml2/libxslt with the ElementTree API.
Security Fix(es):
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.(CVE-2021-43818)
An update for python-lxml is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
python-lxml
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1482
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43818
https://nvd.nist.gov/vuln/detail/CVE-2021-43818
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
python-lxml-debuginfo-4.5.2-4.oe1.aarch64.rpm
python3-lxml-4.5.2-4.oe1.aarch64.rpm
python-lxml-debugsource-4.5.2-4.oe1.aarch64.rpm
python2-lxml-4.5.2-4.oe1.aarch64.rpm
python2-lxml-4.5.2-4.oe1.aarch64.rpm
python-lxml-debugsource-4.5.2-4.oe1.aarch64.rpm
python-lxml-debuginfo-4.5.2-4.oe1.aarch64.rpm
python3-lxml-4.5.2-4.oe1.aarch64.rpm
python2-lxml-4.5.2-4.oe1.aarch64.rpm
python-lxml-debugsource-4.5.2-4.oe1.aarch64.rpm
python-lxml-debuginfo-4.5.2-4.oe1.aarch64.rpm
python3-lxml-4.5.2-4.oe1.aarch64.rpm
python-lxml-help-4.5.2-4.oe1.noarch.rpm
python-lxml-help-4.5.2-4.oe1.noarch.rpm
python-lxml-help-4.5.2-4.oe1.noarch.rpm
python-lxml-4.5.2-4.oe1.src.rpm
python-lxml-4.5.2-4.oe1.src.rpm
python-lxml-4.5.2-4.oe1.src.rpm
python-lxml-debuginfo-4.5.2-4.oe1.x86_64.rpm
python2-lxml-4.5.2-4.oe1.x86_64.rpm
python3-lxml-4.5.2-4.oe1.x86_64.rpm
python-lxml-debugsource-4.5.2-4.oe1.x86_64.rpm
python-lxml-debuginfo-4.5.2-4.oe1.x86_64.rpm
python3-lxml-4.5.2-4.oe1.x86_64.rpm
python-lxml-debugsource-4.5.2-4.oe1.x86_64.rpm
python2-lxml-4.5.2-4.oe1.x86_64.rpm
python-lxml-debuginfo-4.5.2-4.oe1.x86_64.rpm
python3-lxml-4.5.2-4.oe1.x86_64.rpm
python-lxml-debugsource-4.5.2-4.oe1.x86_64.rpm
python2-lxml-4.5.2-4.oe1.x86_64.rpm
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
2022-01-07
CVE-2021-43818
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP2
openEuler-20.03-LTS-SP3
High
7.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
python-lxml security update
2022-01-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1482