Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. (CVE-2019-17626)

Source

ALAS2-2020-1390

Amazon Linux 2 Security Advisory: ALAS-2020-1390
Advisory Release Date: 2020-02-05 16:34 Pacific
Advisory Updated Date: 2020-02-08 00:03 Pacific

Severity: Important

References: CVE-2019-17626

Issue Overview:

ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code. (CVE-2019-17626)

Affected Packages:

python-reportlab

Issue Correction:
Run yum update python-reportlab to update your system.

New Packages:

aarch64:
    python-reportlab-2.5-9.amzn2.1.aarch64
    python-reportlab-docs-2.5-9.amzn2.1.aarch64
    python-reportlab-debuginfo-2.5-9.amzn2.1.aarch64

i686:
    python-reportlab-2.5-9.amzn2.1.i686
    python-reportlab-docs-2.5-9.amzn2.1.i686
    python-reportlab-debuginfo-2.5-9.amzn2.1.i686

src:
    python-reportlab-2.5-9.amzn2.1.src

x86_64:
    python-reportlab-2.5-9.amzn2.1.x86_64
    python-reportlab-docs-2.5-9.amzn2.1.x86_64
    python-reportlab-debuginfo-2.5-9.amzn2.1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2020-1390

ALAS2-2020-1390

Vulmon Search

About

Products

Connect