An update for python-lxml is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1482 Final 1.0 1.0 2022-01-07 Initial 2022-01-07 2022-01-07 openEuler SA Tool V1.0 2022-01-07 python-lxml security update An update for python-lxml is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. XML processing library combining libxml2/libxslt with the ElementTree API. Security Fix(es): lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.(CVE-2021-43818) An update for python-lxml is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High python-lxml https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1482 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-43818 https://nvd.nist.gov/vuln/detail/CVE-2021-43818 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 python-lxml-debuginfo-4.5.2-4.oe1.aarch64.rpm python3-lxml-4.5.2-4.oe1.aarch64.rpm python-lxml-debugsource-4.5.2-4.oe1.aarch64.rpm python2-lxml-4.5.2-4.oe1.aarch64.rpm python2-lxml-4.5.2-4.oe1.aarch64.rpm python-lxml-debugsource-4.5.2-4.oe1.aarch64.rpm python-lxml-debuginfo-4.5.2-4.oe1.aarch64.rpm python3-lxml-4.5.2-4.oe1.aarch64.rpm python2-lxml-4.5.2-4.oe1.aarch64.rpm python-lxml-debugsource-4.5.2-4.oe1.aarch64.rpm python-lxml-debuginfo-4.5.2-4.oe1.aarch64.rpm python3-lxml-4.5.2-4.oe1.aarch64.rpm python-lxml-help-4.5.2-4.oe1.noarch.rpm python-lxml-help-4.5.2-4.oe1.noarch.rpm python-lxml-help-4.5.2-4.oe1.noarch.rpm python-lxml-4.5.2-4.oe1.src.rpm python-lxml-4.5.2-4.oe1.src.rpm python-lxml-4.5.2-4.oe1.src.rpm python-lxml-debuginfo-4.5.2-4.oe1.x86_64.rpm python2-lxml-4.5.2-4.oe1.x86_64.rpm python3-lxml-4.5.2-4.oe1.x86_64.rpm python-lxml-debugsource-4.5.2-4.oe1.x86_64.rpm python-lxml-debuginfo-4.5.2-4.oe1.x86_64.rpm python3-lxml-4.5.2-4.oe1.x86_64.rpm python-lxml-debugsource-4.5.2-4.oe1.x86_64.rpm python2-lxml-4.5.2-4.oe1.x86_64.rpm python-lxml-debuginfo-4.5.2-4.oe1.x86_64.rpm python3-lxml-4.5.2-4.oe1.x86_64.rpm python-lxml-debugsource-4.5.2-4.oe1.x86_64.rpm python2-lxml-4.5.2-4.oe1.x86_64.rpm lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available. 2022-01-07 CVE-2021-43818 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 7.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L python-lxml security update 2022-01-07 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1482