Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Search vulnerabilities and malicious packages across npm, PyPI, Go, GitHub Actions, VS Code, and more.

RLSA-2023:2764 | Mondoo Vulnerability Intelligence

RLSA-2023:2764

HIGH7.5

Moderate: python39:3.9 and python39-devel:3.9 security update

Published Dec 18, 2025

Modified Today

Fix available

Details

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

The following packages have been upgraded to a later upstream version: python39 (3.9.16).

Security Fix(es):

python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS (CVE-2020-10735)
python: open redirection vulnerability in lib/http/server.py may lead to information disclosure (CVE-2021-28861)
python: CPU denial of service via inefficient IDNA decoder (CVE-2022-45061)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.8 Release Notes linked from the References section.

Affected Packages

Rocky Linux:8Cython

Fixed in:

0:0.29.21-5.module+el8.10.0+1582+bc278001

Rocky Linux:8Cython

Fixed in:

0:0.29.21-5.module+el8.10.0+1860+afcc1c71

Rocky Linux:8PyYAML

Fixed in:

0:5.4.1-1.module+el8.10.0+1582+bc278001

Rocky Linux:8PyYAML

Fixed in:

0:5.4.1-1.module+el8.10.0+1860+afcc1c71

Rocky Linux:8PyYAML

Fixed in:

0:5.4.1-1.module+el8.9.0+1418+f0d66789

Rocky Linux:8numpy

Fixed in:

0:1.19.4-3.module+el8.10.0+1582+bc278001

Rocky Linux:8numpy

Fixed in:

0:1.19.4-3.module+el8.10.0+1860+afcc1c71

Rocky Linux:8pybind11

Fixed in:

0:2.7.1-1.module+el8.9.0+1357+a3b80af7

Rocky Linux:8pytest

Fixed in:

0:6.0.2-2.module+el8.10.0+1582+bc278001

Rocky Linux:8pytest

Fixed in:

0:6.0.2-2.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-PyMySQL

Fixed in:

0:0.10.1-2.module+el8.10.0+1582+bc278001

Rocky Linux:8python-PyMySQL

Fixed in:

0:0.10.1-2.module+el8.10.0+1592+61442852

Rocky Linux:8python-PyMySQL

Fixed in:

0:0.10.1-2.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-PyMySQL

Fixed in:

0:0.10.1-2.module+el8.10.0+1910+234ad790

Rocky Linux:8python-attrs

Fixed in:

0:20.3.0-2.module+el8.10.0+1582+bc278001

Rocky Linux:8python-attrs

Fixed in:

0:20.3.0-2.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-cffi

Fixed in:

0:1.14.3-2.module+el8.10.0+1582+bc278001

Rocky Linux:8python-cffi

Fixed in:

0:1.14.3-2.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-chardet

Fixed in:

0:3.0.4-19.module+el8.10.0+1582+bc278001

Rocky Linux:8python-chardet

Fixed in:

0:3.0.4-19.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-chardet

Fixed in:

0:3.0.4-19.module+el8.9.0+1418+f0d66789

Rocky Linux:8python-iniconfig

Fixed in:

0:1.1.1-2.module+el8.9.0+1332+dd574197

Rocky Linux:8python-lxml

Fixed in:

0:4.6.5-1.module+el8.10.0+1582+bc278001

Rocky Linux:8python-more-itertools

Fixed in:

0:8.5.0-2.module+el8.10.0+1582+bc278001

Rocky Linux:8python-more-itertools

Fixed in:

0:8.5.0-2.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-packaging

Fixed in:

0:20.4-4.module+el8.10.0+1582+bc278001

Rocky Linux:8python-packaging

Fixed in:

0:20.4-4.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-pluggy

Fixed in:

0:0.13.1-3.module+el8.10.0+1582+bc278001

Rocky Linux:8python-pluggy

Fixed in:

0:0.13.1-3.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-ply

Fixed in:

0:3.11-10.module+el8.10.0+1582+bc278001

Rocky Linux:8python-ply

Fixed in:

0:3.11-10.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-ply

Fixed in:

0:3.11-10.module+el8.9.0+1418+f0d66789

Rocky Linux:8python-psutil

Fixed in:

0:5.8.0-4.module+el8.9.0+1357+a3b80af7

Rocky Linux:8python-py

Fixed in:

0:1.10.0-1.module+el8.10.0+1582+bc278001

Rocky Linux:8python-py

Fixed in:

0:1.10.0-1.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-pycparser

Fixed in:

0:2.20-3.module+el8.10.0+1582+bc278001

Rocky Linux:8python-pycparser

Fixed in:

0:2.20-3.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-pysocks

Fixed in:

0:1.7.1-4.module+el8.10.0+1582+bc278001

Rocky Linux:8python-pysocks

Fixed in:

0:1.7.1-4.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-pysocks

Fixed in:

0:1.7.1-4.module+el8.9.0+1418+f0d66789

Rocky Linux:8python-toml

Fixed in:

0:0.10.1-5.module+el8.9.0+1332+dd574197

Rocky Linux:8python-wcwidth

Fixed in:

0:0.2.5-3.module+el8.10.0+1582+bc278001

Rocky Linux:8python-wcwidth

Fixed in:

0:0.2.5-3.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python-wheel

Fixed in:

1:0.35.1-4.module+el8.10.0+1582+bc278001

Rocky Linux:8python-wheel

Fixed in:

1:0.35.1-4.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python3x-pyparsing

Fixed in:

0:2.4.7-5.module+el8.10.0+1582+bc278001

Rocky Linux:8python3x-pyparsing

Fixed in:

0:2.4.7-5.module+el8.10.0+1860+afcc1c71

Rocky Linux:8python3x-six

Fixed in:

0:1.15.0-3.module+el8.10.0+1582+bc278001

Rocky Linux:8python3x-six

Fixed in:

0:1.15.0-3.module+el8.10.0+1860+afcc1c71

References

REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=1834423 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2120642 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2144072 ADVISORYhttps://errata.rockylinux.org/RLSA-2023:2764

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Upstream

CVE-2020-10735 CVE-2021-28861 CVE-2022-45061

Ecosystems

Credits

Rocky Enterprise Software Foundation

Red Hat

Timeline

PublishedDec 18, 2025

ModifiedDec 26, 2025