RHSA-2022:1664: Moderate: Red Hat Software Collections security update
lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API.Security Fix(es): python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2022:1664?
The severity of RHSA-2022:1664 is classified as important due to potential security risks associated with the vulnerability.
How do I fix RHSA-2022:1664?
To fix RHSA-2022:1664, update the affected packages to the recommended versions: rh-python38-python-3.8.13-1.el7 and rh-python38-python-lxml-4.4.1-8.el7.
What vulnerability is addressed in RHSA-2022:1664?
RHSA-2022:1664 addresses a security flaw in python-lxml that allows crafted HTML Cleaner scripts with SVG to pass through.
Which packages are affected by RHSA-2022:1664?
Affected packages include rh-python38-python, rh-python38-python-lxml, and rh-python38-python-pip in their respective versions.
Is RHSA-2022:1664 related to CVE-2021-43818?
Yes, RHSA-2022:1664 is directly related to CVE-2021-43818 which describes the vulnerability in HTML Cleaner.