{"id": "CENTOS_RHSA-2011-0491.NASL", "bulletinFamily": "scanner", "title": "CentOS 4 : python (CESA-2011:0491)", "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n", "published": "2011-05-06T00:00:00", "modified": "2020-08-02T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/53814", "reporter": "This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?2f668285", "http://www.nessus.org/u?44c69a2a"], "cvelist": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2010-2089", "CVE-2011-1015", "CVE-2009-3720", "CVE-2010-1634"], "type": "nessus", "lastseen": "2020-08-01T01:06:52", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:tkinter", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:python-docs", "p-cpe:/a:centos:centos:python-tools"], "cvelist": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2010-2089", "CVE-2011-1015", "CVE-2009-3720", "CVE-2010-1634"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "description": "Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language.\n\nA flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the 'file://' URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying certain inputs could cause the audioop module to crash or, possibly, execute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled new connections. A remote user could use this flaw to cause a Python script using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python CGIHTTPServer module processed certain HTTP GET requests. A remote attacker could use a specially crafted request to obtain the CGI script's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser handled malformed UTF-8 sequences when processing XML files. A specially crafted XML file could cause Python applications using the Python Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own internal copy; therefore, users must have the version of Expat shipped with RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 3, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "da6050ef5c6e19225f2fc7615932d968fd29503e9a1e87a8ab988ddc7f7b394c", "hashmap": [{"hash": "932e05e271a5e759a90b2f9df1ffeddc", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "43e34c182d00517f4828289c349793cf", "key": "cpe"}, {"hash": "45892c8f34ccc47c0069e7597257f913", "key": "references"}, {"hash": "6ba8503880e104fe5806ae3a2be39f39", "key": "description"}, {"hash": "008dc9a838d2c9951d3a3ea008fefa02", "key": "sourceData"}, {"hash": "ad069cb07e974b83236651ea2531bcea", "key": "published"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d08e80d756199ad8742774a161e4fc6d", "key": "title"}, {"hash": "0ae9e6ebb3f4246d8a09479d00ba2731", "key": "pluginID"}, {"hash": "44cf416014827cd15d932f7bc55deccb", "key": "href"}, {"hash": "ea1bdd9185a2c3160cbbe9c0292c3d62", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=53814", "id": "CENTOS_RHSA-2011-0491.NASL", "lastseen": "2018-07-03T10:22:59", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "53814", "published": "2011-05-06T00:00:00", "references": ["http://lists.centos.org/pipermail/centos-announce/2011-May/017521.html", "http://lists.centos.org/pipermail/centos-announce/2011-May/017520.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0491 and \n# CentOS Errata and Security Advisory 2011:0491 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53814);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/02 18:48:52\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0491\");\n\n script_name(english:\"CentOS 4 : python (CESA-2011:0491)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2011-May/017520.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.centos.org/pipermail/centos-announce/2011-May/017521.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 4 : python (CESA-2011:0491)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-03T10:22:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:tkinter", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:python-docs", "p-cpe:/a:centos:centos:python-tools"], "cvelist": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2010-2089", "CVE-2011-1015", "CVE-2009-3720", "CVE-2010-1634"], "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cvss3": {}, "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n", "edition": 19, "enchantments": {"dependencies": {"modified": "2020-07-01T01:00:53", "references": [{"idList": ["SUSE_11_LIBPYTHON2_6-1_0-101109.NASL", "SUSE_11_2_LIBPYTHON2_6-1_0-101028.NASL", "SUSE_11_LIBPYTHON2_6-1_0-101028.NASL", "REDHAT-RHSA-2011-0491.NASL", "CENTOS_RHSA-2011-0492.NASL", "REDHAT-RHSA-2011-0554.NASL", "ORACLELINUX_ELSA-2011-0491.NASL", "REDHAT-RHSA-2011-0492.NASL", "SL_20110505_PYTHON_ON_SL4_X.NASL", "ORACLELINUX_ELSA-2011-0492.NASL"], "type": "nessus"}, {"idList": ["RHSA-2011:0027", "RHSA-2011:0491", "RHSA-2011:0492", "RHSA-2011:0554"], "type": "redhat"}, {"idList": ["ELSA-2011-0554", "ELSA-2011-0492", "ELSA-2011-0491"], "type": "oraclelinux"}, {"idList": ["SOL15905", "F5:K75910138", "F5:K15905"], "type": "f5"}, {"idList": ["EDB-ID:34145"], "type": "exploitdb"}, {"idList": ["OPENVAS:1361412562310870428", "OPENVAS:881427", "OPENVAS:870430", "OPENVAS:1361412562310880556", "OPENVAS:880500", "OPENVAS:1361412562310881427", "OPENVAS:880556", "OPENVAS:1361412562310122181", "OPENVAS:1361412562310870430", "OPENVAS:870428"], "type": "openvas"}, {"idList": ["USN-1613-2", "USN-1596-1", "USN-1613-1", "USN-1314-1"], "type": "ubuntu"}, {"idList": ["CESA-2011:0492", "CESA-2011:0491"], "type": "centos"}, {"idList": ["SECURITYVULNS:DOC:26401", "SECURITYVULNS:DOC:24260", "SECURITYVULNS:VULN:11004", "SECURITYVULNS:VULN:11688"], "type": "securityvulns"}, {"idList": ["SSV:19709"], "type": "seebug"}, {"idList": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2010-2089", "CVE-2011-1015", "CVE-2009-3720", "CVE-2010-1634"], "type": "cve"}, {"idList": ["GLSA-201401-04"], "type": "gentoo"}], "rev": 2}, "score": {"modified": "2020-07-01T01:00:53", "rev": 2, "value": 5.7, "vector": "NONE"}}, "hash": "f39b9e34f79334322417108cf8348c457f4b6bd971023ef6d99ffe61e4cbc89f", "hashmap": [{"hash": "932e05e271a5e759a90b2f9df1ffeddc", "key": "cvelist"}, {"hash": "6bc797f1a40d521ef126dae7812effd6", "key": "sourceData"}, {"hash": "940ea861ca17b410c27dae10f10b7adb", "key": "reporter"}, {"hash": "b7ae5a0c924d1d7d7970b1ffc572fa6c", "key": "references"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "43e34c182d00517f4828289c349793cf", "key": "cpe"}, {"hash": "46d7e514f3f52381ed955e8636485f27", "key": "description"}, {"hash": "f20607abf30980ba4a0faa7580f3f50a", "key": "href"}, {"hash": "9b257ef804cfe63c30c04ab15f4e91cd", "key": "cvss"}, {"hash": "ad069cb07e974b83236651ea2531bcea", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d08e80d756199ad8742774a161e4fc6d", "key": "title"}, {"hash": "0ae9e6ebb3f4246d8a09479d00ba2731", "key": "pluginID"}, {"hash": "f2612b8e00eb9a9023e994df6d8d928a", "key": "modified"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/53814", "id": "CENTOS_RHSA-2011-0491.NASL", "lastseen": "2020-07-01T01:00:53", "modified": "2020-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "53814", "published": "2011-05-06T00:00:00", "references": ["http://www.nessus.org/u?2f668285", "http://www.nessus.org/u?44c69a2a"], "reporter": "This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0491 and \n# CentOS Errata and Security Advisory 2011:0491 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53814);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:05\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0491\");\n\n script_name(english:\"CentOS 4 : python (CESA-2011:0491)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017520.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f668285\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017521.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44c69a2a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "title": "CentOS 4 : python (CESA-2011:0491)", "type": "nessus", "viewCount": 4}, "differentElements": ["modified"], "edition": 19, "lastseen": "2020-07-01T01:00:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:tkinter", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:python-docs", "p-cpe:/a:centos:centos:python-tools"], "cvelist": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2010-2089", "CVE-2011-1015", "CVE-2009-3720", "CVE-2010-1634"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-01-16T20:12:08", "references": [{"idList": ["SUSE_11_LIBPYTHON2_6-1_0-101109.NASL", "SUSE_11_2_LIBPYTHON2_6-1_0-101028.NASL", "SUSE_11_LIBPYTHON2_6-1_0-101028.NASL", "REDHAT-RHSA-2011-0491.NASL", "CENTOS_RHSA-2011-0492.NASL", "REDHAT-RHSA-2011-0554.NASL", "ORACLELINUX_ELSA-2011-0491.NASL", "REDHAT-RHSA-2011-0492.NASL", "SL_20110505_PYTHON_ON_SL4_X.NASL", "ORACLELINUX_ELSA-2011-0492.NASL"], "type": "nessus"}, {"idList": ["RHSA-2011:0027", "RHSA-2011:0491", "RHSA-2011:0492", "RHSA-2011:0554"], "type": "redhat"}, {"idList": ["ELSA-2011-0554", "ELSA-2011-0492", "ELSA-2011-0491"], "type": "oraclelinux"}, {"idList": ["SOL15905", "F5:K75910138", "F5:K15905"], "type": "f5"}, {"idList": ["EDB-ID:34145"], "type": "exploitdb"}, {"idList": ["OPENVAS:1361412562310870428", "OPENVAS:881427", "OPENVAS:870430", "OPENVAS:1361412562310880556", "OPENVAS:880500", "OPENVAS:1361412562310881427", "OPENVAS:880556", "OPENVAS:1361412562310122181", "OPENVAS:881282", "OPENVAS:1361412562310870430"], "type": "openvas"}, {"idList": ["USN-1613-2", "USN-1596-1", "USN-1613-1", "USN-1314-1"], "type": "ubuntu"}, {"idList": ["CESA-2011:0492", "CESA-2011:0491"], "type": "centos"}, {"idList": ["SECURITYVULNS:DOC:26401", "SECURITYVULNS:DOC:24260", "SECURITYVULNS:VULN:11004", "SECURITYVULNS:VULN:11688"], "type": "securityvulns"}, {"idList": ["SSV:19709"], "type": "seebug"}, {"idList": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2010-2089", "CVE-2011-1015", "CVE-2009-3720", "CVE-2010-1634"], "type": "cve"}, {"idList": ["GLSA-201401-04"], "type": "gentoo"}]}, "score": {"value": 7.2, "vector": "NONE"}}, "hash": "ce1f5ce38ac2be1fa10f29410182410ed872cfb3b8d5e561d999a0965fc05246", "hashmap": [{"hash": "99308dffe19657fb6fcf02bea66a9ae4", "key": "description"}, {"hash": "932e05e271a5e759a90b2f9df1ffeddc", "key": "cvelist"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b7ae5a0c924d1d7d7970b1ffc572fa6c", "key": "references"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "43e34c182d00517f4828289c349793cf", "key": "cpe"}, {"hash": "ad069cb07e974b83236651ea2531bcea", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "3c764d4cf584f9ded7aa4dcca57c78ff", "key": "modified"}, {"hash": "d08e80d756199ad8742774a161e4fc6d", "key": "title"}, {"hash": "0ae9e6ebb3f4246d8a09479d00ba2731", "key": "pluginID"}, {"hash": "44cf416014827cd15d932f7bc55deccb", "key": "href"}, {"hash": "ea1bdd9185a2c3160cbbe9c0292c3d62", "key": "cvss"}, {"hash": "e0894913564feb737c9ae9c8203b8e76", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=53814", "id": "CENTOS_RHSA-2011-0491.NASL", "lastseen": "2019-01-16T20:12:08", "modified": "2018-11-10T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "53814", "published": "2011-05-06T00:00:00", "references": ["http://www.nessus.org/u?2f668285", "http://www.nessus.org/u?44c69a2a"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0491 and \n# CentOS Errata and Security Advisory 2011:0491 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53814);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0491\");\n\n script_name(english:\"CentOS 4 : python (CESA-2011:0491)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017520.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f668285\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017521.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44c69a2a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 4 : python (CESA-2011:0491)", "type": "nessus", "viewCount": 2}, "differentElements": ["description"], "edition": 8, "lastseen": "2019-01-16T20:12:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:tkinter", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:python-docs", "p-cpe:/a:centos:centos:python-tools"], "cvelist": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2010-2089", "CVE-2011-1015", "CVE-2009-3720", "CVE-2010-1634"], "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cvss3": {}, "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n", "edition": 16, "enchantments": {"dependencies": {"modified": "2020-04-01T06:49:23", "references": [{"idList": ["RHSA-2011:0027", "RHSA-2011:0491", "RHSA-2011:0492", "RHSA-2011:0554"], "type": "redhat"}, {"idList": ["ELSA-2011-0554", "ELSA-2011-0492", "ELSA-2011-0491"], "type": "oraclelinux"}, {"idList": ["SOL15905", "F5:K75910138", "F5:K15905"], "type": "f5"}, {"idList": ["OPENVAS:881427", "OPENVAS:870430", "OPENVAS:1361412562310880556", "OPENVAS:880500", "OPENVAS:1361412562310880500", "OPENVAS:1361412562310881427", "OPENVAS:880556", "OPENVAS:1361412562310122181", "OPENVAS:1361412562310870430", "OPENVAS:870428"], "type": "openvas"}, {"idList": ["EDB-ID:34145"], "type": "exploitdb"}, {"idList": ["USN-1613-2", "USN-1596-1", "USN-1613-1", "USN-1314-1"], "type": "ubuntu"}, {"idList": ["SUSE_11_LIBPYTHON2_6-1_0-101109.NASL", "SUSE_11_2_LIBPYTHON2_6-1_0-101028.NASL", "REDHAT-RHSA-2011-0491.NASL", "CENTOS_RHSA-2011-0492.NASL", "REDHAT-RHSA-2011-0554.NASL", "ORACLELINUX_ELSA-2011-0491.NASL", "REDHAT-RHSA-2011-0492.NASL", "SL_20110505_PYTHON_ON_SL4_X.NASL", "SL_20110519_PYTHON_ON_SL6_X.NASL", "ORACLELINUX_ELSA-2011-0492.NASL"], "type": "nessus"}, {"idList": ["CESA-2011:0492", "CESA-2011:0491"], "type": "centos"}, {"idList": ["SECURITYVULNS:DOC:26401", "SECURITYVULNS:DOC:24260", "SECURITYVULNS:VULN:11004", "SECURITYVULNS:VULN:11688"], "type": "securityvulns"}, {"idList": ["SSV:19709"], "type": "seebug"}, {"idList": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2010-2089", "CVE-2011-1015", "CVE-2009-3720", "CVE-2010-1634"], "type": "cve"}, {"idList": ["GLSA-201401-04"], "type": "gentoo"}], "rev": 2}, "score": {"modified": "2020-04-01T06:49:23", "rev": 2, "value": 5.7, "vector": "NONE"}}, "hash": "93c929aeda149f1b12af382f347765c969f32917be6a86fb1b2c0c8c07a22a78", "hashmap": [{"hash": "932e05e271a5e759a90b2f9df1ffeddc", "key": "cvelist"}, {"hash": "6bc797f1a40d521ef126dae7812effd6", "key": "sourceData"}, {"hash": "940ea861ca17b410c27dae10f10b7adb", "key": "reporter"}, {"hash": "b7ae5a0c924d1d7d7970b1ffc572fa6c", "key": "references"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "43e34c182d00517f4828289c349793cf", "key": "cpe"}, {"hash": "46d7e514f3f52381ed955e8636485f27", "key": "description"}, {"hash": "f20607abf30980ba4a0faa7580f3f50a", "key": "href"}, {"hash": "9b257ef804cfe63c30c04ab15f4e91cd", "key": "cvss"}, {"hash": "0658bb008399a687b703257886c78457", "key": "modified"}, {"hash": "ad069cb07e974b83236651ea2531bcea", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d08e80d756199ad8742774a161e4fc6d", "key": "title"}, {"hash": "0ae9e6ebb3f4246d8a09479d00ba2731", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/53814", "id": "CENTOS_RHSA-2011-0491.NASL", "lastseen": "2020-04-01T06:49:23", "modified": "2020-04-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "53814", "published": "2011-05-06T00:00:00", "references": ["http://www.nessus.org/u?2f668285", "http://www.nessus.org/u?44c69a2a"], "reporter": "This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0491 and \n# CentOS Errata and Security Advisory 2011:0491 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53814);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:05\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0491\");\n\n script_name(english:\"CentOS 4 : python (CESA-2011:0491)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017520.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f668285\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017521.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44c69a2a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "title": "CentOS 4 : python (CESA-2011:0491)", "type": "nessus", "viewCount": 4}, "differentElements": ["modified"], "edition": 16, "lastseen": "2020-04-01T06:49:23"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:tkinter", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:python-docs", "p-cpe:/a:centos:centos:python-tools"], "cvelist": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2010-2089", "CVE-2011-1015", "CVE-2009-3720", "CVE-2010-1634"], "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cvss3": {}, "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n", "edition": 17, "enchantments": {"dependencies": {"modified": "2020-05-03T01:51:54", "references": [{"idList": ["SUSE_11_LIBPYTHON2_6-1_0-101109.NASL", "SUSE_11_2_LIBPYTHON2_6-1_0-101028.NASL", "SUSE_11_LIBPYTHON2_6-1_0-101028.NASL", "REDHAT-RHSA-2011-0491.NASL", "CENTOS_RHSA-2011-0492.NASL", "REDHAT-RHSA-2011-0554.NASL", "ORACLELINUX_ELSA-2011-0491.NASL", "REDHAT-RHSA-2011-0492.NASL", "SL_20110505_PYTHON_ON_SL4_X.NASL", "ORACLELINUX_ELSA-2011-0492.NASL"], "type": "nessus"}, {"idList": ["RHSA-2011:0027", "RHSA-2011:0491", "RHSA-2011:0492", "RHSA-2011:0554"], "type": "redhat"}, {"idList": ["ELSA-2011-0554", "ELSA-2011-0492", "ELSA-2011-0491"], "type": "oraclelinux"}, {"idList": ["SOL15905", "F5:K75910138", "F5:K15905"], "type": "f5"}, {"idList": ["OPENVAS:881427", "OPENVAS:870430", "OPENVAS:1361412562310880556", "OPENVAS:880500", "OPENVAS:1361412562310880500", "OPENVAS:1361412562310881427", "OPENVAS:880556", "OPENVAS:1361412562310122181", "OPENVAS:1361412562310870430", "OPENVAS:870428"], "type": "openvas"}, {"idList": ["EDB-ID:34145"], "type": "exploitdb"}, {"idList": ["USN-1613-2", "USN-1596-1", "USN-1613-1", "USN-1314-1"], "type": "ubuntu"}, {"idList": ["CESA-2011:0492", "CESA-2011:0491"], "type": "centos"}, {"idList": ["SECURITYVULNS:DOC:26401", "SECURITYVULNS:DOC:24260", "SECURITYVULNS:VULN:11004", "SECURITYVULNS:VULN:11688"], "type": "securityvulns"}, {"idList": ["SSV:19709"], "type": "seebug"}, {"idList": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2010-2089", "CVE-2011-1015", "CVE-2009-3720", "CVE-2010-1634"], "type": "cve"}, {"idList": ["GLSA-201401-04"], "type": "gentoo"}], "rev": 2}, "score": {"modified": "2020-05-03T01:51:54", "rev": 2, "value": 5.7, "vector": "NONE"}}, "hash": "a9e2fcf941556b9010fd8857ef95af2d3f7d6b34815f959a425e0ecc20ff69ef", "hashmap": [{"hash": "932e05e271a5e759a90b2f9df1ffeddc", "key": "cvelist"}, {"hash": "6bc797f1a40d521ef126dae7812effd6", "key": "sourceData"}, {"hash": "940ea861ca17b410c27dae10f10b7adb", "key": "reporter"}, {"hash": "e4757e4aab0a377bb88b128421c866e9", "key": "modified"}, {"hash": "b7ae5a0c924d1d7d7970b1ffc572fa6c", "key": "references"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "43e34c182d00517f4828289c349793cf", "key": "cpe"}, {"hash": "46d7e514f3f52381ed955e8636485f27", "key": "description"}, {"hash": "f20607abf30980ba4a0faa7580f3f50a", "key": "href"}, {"hash": "9b257ef804cfe63c30c04ab15f4e91cd", "key": "cvss"}, {"hash": "ad069cb07e974b83236651ea2531bcea", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d08e80d756199ad8742774a161e4fc6d", "key": "title"}, {"hash": "0ae9e6ebb3f4246d8a09479d00ba2731", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/53814", "id": "CENTOS_RHSA-2011-0491.NASL", "lastseen": "2020-05-03T01:51:54", "modified": "2020-05-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "53814", "published": "2011-05-06T00:00:00", "references": ["http://www.nessus.org/u?2f668285", "http://www.nessus.org/u?44c69a2a"], "reporter": "This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0491 and \n# CentOS Errata and Security Advisory 2011:0491 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53814);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:05\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0491\");\n\n script_name(english:\"CentOS 4 : python (CESA-2011:0491)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017520.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f668285\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017521.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44c69a2a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "title": "CentOS 4 : python (CESA-2011:0491)", "type": "nessus", "viewCount": 4}, "differentElements": ["modified"], "edition": 17, "lastseen": "2020-05-03T01:51:54"}], "edition": 20, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "43e34c182d00517f4828289c349793cf"}, {"key": "cvelist", "hash": "932e05e271a5e759a90b2f9df1ffeddc"}, {"key": "cvss", "hash": "9b257ef804cfe63c30c04ab15f4e91cd"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "46d7e514f3f52381ed955e8636485f27"}, {"key": "href", "hash": "f20607abf30980ba4a0faa7580f3f50a"}, {"key": "modified", "hash": "369e92b935a6f4ab6c9cb915addb4bf4"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "0ae9e6ebb3f4246d8a09479d00ba2731"}, {"key": "published", "hash": "ad069cb07e974b83236651ea2531bcea"}, {"key": "references", "hash": "b7ae5a0c924d1d7d7970b1ffc572fa6c"}, {"key": "reporter", "hash": "940ea861ca17b410c27dae10f10b7adb"}, {"key": "sourceData", "hash": "6bc797f1a40d521ef126dae7812effd6"}, {"key": "title", "hash": "d08e80d756199ad8742774a161e4fc6d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "83c19871baaee2179509eba84b338447fb247a792c73b1a71baeb1da1c709bad", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2011-0491", "ELSA-2011-0554", "ELSA-2011-0492"]}, {"type": "redhat", "idList": ["RHSA-2011:0554", "RHSA-2011:0492", "RHSA-2011:0027", "RHSA-2011:0491"]}, {"type": "openvas", "idList": ["OPENVAS:870430", "OPENVAS:1361412562310880500", "OPENVAS:1361412562310122181", "OPENVAS:881427", "OPENVAS:870428", "OPENVAS:1361412562310880556", "OPENVAS:880556", "OPENVAS:880500", "OPENVAS:1361412562310881427", "OPENVAS:1361412562310870430"]}, {"type": "nessus", "idList": ["SL_20110505_PYTHON_ON_SL4_X.NASL", "SUSE_11_LIBPYTHON2_6-1_0-101109.NASL", "ORACLELINUX_ELSA-2011-0491.NASL", "REDHAT-RHSA-2011-0491.NASL", "SL_20110519_PYTHON_ON_SL6_X.NASL", "CENTOS_RHSA-2011-0492.NASL", "SUSE_11_LIBPYTHON2_6-1_0-101028.NASL", "SUSE_11_2_LIBPYTHON2_6-1_0-101028.NASL", "REDHAT-RHSA-2011-0492.NASL", "ORACLELINUX_ELSA-2011-0492.NASL"]}, {"type": "centos", "idList": ["CESA-2011:0491", "CESA-2011:0492"]}, {"type": "cve", "idList": ["CVE-2011-1521", "CVE-2010-1634", "CVE-2009-3720", "CVE-2010-3493", "CVE-2010-2089", "CVE-2011-1015"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24260", "SECURITYVULNS:DOC:26401", "SECURITYVULNS:VULN:11004", "SECURITYVULNS:VULN:11688"]}, {"type": "gentoo", "idList": ["GLSA-201401-04"]}, {"type": "ubuntu", "idList": ["USN-1613-1", "USN-1613-2", "USN-1596-1", "USN-1314-1"]}, {"type": "f5", "idList": ["SOL15905", "F5:K15905", "F5:K75910138"]}, {"type": "exploitdb", "idList": ["EDB-ID:34145"]}, {"type": "seebug", "idList": ["SSV:19709"]}], "modified": "2020-08-01T01:06:52", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2020-08-01T01:06:52", "rev": 2}, "vulnersScore": 5.7}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0491 and \n# CentOS Errata and Security Advisory 2011:0491 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53814);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:05\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0491\");\n\n script_name(english:\"CentOS 4 : python (CESA-2011:0491)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017520.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f668285\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017521.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44c69a2a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "53814", "cpe": ["p-cpe:/a:centos:centos:tkinter", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:python-docs", "p-cpe:/a:centos:centos:python-tools"], "scheme": null}

{"oraclelinux": [{"lastseen": "2019-05-29T18:38:07", "bulletinFamily": "unix", "description": "[2.3.4-14.10]\n- add patch adapted from upstream (patch 208) to add support for building\nagainst system expat; add --with-system-expat to configure invocation; remove\nembedded copy of expat 1.95.7 from the source tree during prep\n- ensure pyexpat.so gets built by explicitly listing all C modules in the\npayload in %files, rather than using dynfiles\nRelated: CVE-2009-3720\n- fixes for other security bugs (patches 44, 45, 46, 47, 48)\nResolves: CVE-2010-3493\nResolves: CVE-2011-1015\nResolves: CVE-2011-1521\nResolves: CVE-2010-1634\nResolves: CVE-2010-2089", "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "ELSA-2011-0491", "href": "http://linux.oracle.com/errata/ELSA-2011-0491.html", "title": "python security update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:35", "bulletinFamily": "unix", "description": "python:\n[2.6.6-20]\nResolves: CVE-2010-3493\n[2.6.6-19]\nResolves: CVE-2011-1015\n[2.6.6-18]\nResolves: CVE-2011-1521\n[2.6.6-17]\n- recompile against systemtap 1.4\nRelated: rhbz#569695\n[2.6.6-16]\n- recompile against systemtap 1.4\nRelated: rhbz#569695\n[2.6.6-15]\n- fix race condition that sometimes breaks the build with parallel make\nResolves: rhbz#690315\n[2.6.6-14]\n- backport pre-canned ways of salting a password to the 'crypt' module\nResolves: rhbz#681878\n[2.6.6-13]\n- move lib2to3/tests to the python-test subpackage\nRelated: rhbz#625395\n[2.6.6-12]\n- fix a new test in 2.6.6 that was failing on 64-bit big-endian architectures\nResolves: rhbz#677392\n[2.6.6-11]\n- fix incompatibility between 2.6.6 and our non-standard M2Crypto.SSL.SSLTimeoutError\nResolves: rhbz#681811\n[2.6.6-10]\n- add workaround for bug in rhythmbox-0.12 exposed by python 2.6.6\nResolves: rhbz#684991\n[2.6.6-9]\n- prevent tracebacks for the 'py-bt' gdb command on x86_64\nResolves: rhbz#639392\n[2.6.6-8]\n- fix a regression in 2.6.6 relative to 2.6.5 in urllib2\nResolves: rhbz#669847\n[2.6.6-7]\n- add an optional 'timeout' argument to the subprocess module (patch 131)\nResolves: rhbz#567229\n[2.6.6-6]\n- prevent _sqlite3.so being built with a redundant RPATH of _libdir (patch 130)\n- remove DOS batch file 'idle.bat'\n- remove shebang lines from .py files that aren't executable, and remove\nexecutability from .py files that don't have a shebang line\nRelated: rhbz#634944\n- add 'Obsoletes: python-ssl' to core package, as 2.6 contains the ssl module\nResolves: rhbz#529274\n[2.6.6-5]\n- allow the 'no_proxy' environment variable to override 'ftp_proxy' in\nurllib2 (patch 128)\nResolves: rhbz#637895\n- make garbage-collection assertion failures more informative (patch 129)\nResolves: rhbz#614680\n[2.6.6-4]\n- backport subprocess fixes to use the 'poll' system call, rather than 'select'\nResolves: rhbz#650588\n[2.6.6-3]\n- use an ephemeral port for IDLE, enabling multiple instances to be run\nResolves: rhbz#639222\n- add systemtap static markers, tapsets, and example scripts\nResolves: rhbz#569695\n[2.6.6-2]\n- fix dbm.release on ppc64/s390x\nResolves: rhbz#626756\n- fix missing lib2to3 test files\nResolves: rhbz#625395\n- fix test.test_commands SELinux incompatibility\nResolves: rhbz#625393\n- make 'pydoc -k' more robust in the face of broken modules\nResolves: rhbz#603073\n[2.6.6-1]\n- rebase to 2.6.6: (which contains the big whitespace cleanup of r81031)\n http://www.python.org/download/releases/2.6.6/\n - fixup patch 102, patch 11, patch 52, patch 110\n - drop upstreamed patches: patch 113 (CVE-2010-1634), patch 114\n (CVE-2010-2089), patch 115 (CVE-2008-5983), patch 116 (rhbz598564),\n patch 118 (rhbz540518)\n - add fix for upstream bug in test_posix.py introduced in 2.6.6 (patch 120)\nResolves: rhbz#627301\npython-docs:\n[2.6.6-2]\n- rebuild\n[2.6.6-1]\n- rebase to 2.6.6 to track the main python package\nRelated: rhbz#627301", "modified": "2011-05-28T00:00:00", "published": "2011-05-28T00:00:00", "id": "ELSA-2011-0554", "href": "http://linux.oracle.com/errata/ELSA-2011-0554.html", "title": "python security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:06", "bulletinFamily": "unix", "description": "[2.4.3-44]\n- add patch adapted from upstream (patch 208) to add support for building\nagainst system expat; add --with-system-expat to configure invocation; remove\nembedded copy of expat-1.95.8 from the source tree during prep\n- ensure pyexpat.so gets built by explicitly listing all C modules in the\npayload in %files, rather than using dynfiles\nResolves: CVE-2009-3720\n- backport three security fixes to 2.4 (patches 209, 210, 211):\nResolves: CVE-2011-1521\nResolves: CVE-2011-1015\nResolves: CVE-2010-3493", "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "ELSA-2011-0492", "href": "http://linux.oracle.com/errata/ELSA-2011-0492.html", "title": "python security update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:33", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying certain\ninputs could cause the audioop module to crash or, possibly, execute\narbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially-crafted XML file could cause Python applications using the Python\nExpat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own\ninternal copy; therefore, users must have the version of Expat shipped with\nRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\nissue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "modified": "2017-09-08T12:06:59", "published": "2011-05-05T04:00:00", "id": "RHSA-2011:0491", "href": "https://access.redhat.com/errata/RHSA-2011:0491", "type": "redhat", "title": "(RHSA-2011:0491) Moderate: python security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:48", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially-crafted XML file could cause Python applications using the Python\nExpat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own\ninternal copy; therefore, users must have the version of Expat shipped with\nRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\nissue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "modified": "2017-09-08T12:10:56", "published": "2011-05-05T04:00:00", "id": "RHSA-2011:0492", "href": "https://access.redhat.com/errata/RHSA-2011:0492", "type": "redhat", "title": "(RHSA-2011:0492) Moderate: python security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:37", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nThis erratum also upgrades Python to upstream version 2.6.6, and includes a\nnumber of bug fixes and enhancements. Documentation for these bug fixes\nand enhancements is available from the Technical Notes document, linked to\nin the References section.\n\nAll users of Python are advised to upgrade to these updated packages, which\ncorrect these issues, and fix the bugs and add the enhancements noted in\nthe Technical Notes.\n", "modified": "2018-06-06T20:24:06", "published": "2011-05-19T04:00:00", "id": "RHSA-2011:0554", "href": "https://access.redhat.com/errata/RHSA-2011:0554", "type": "redhat", "title": "(RHSA-2011:0554) Moderate: python security, bug fix, and enhancement update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:46", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nIt was found that many applications embedding the Python interpreter did\nnot specify a valid full path to the script or application when calling the\nPySys_SetArgv API function, which could result in the addition of the\ncurrent working directory to the module search path (sys.path). A local\nattacker able to trick a victim into running such an application in an\nattacker-controlled directory could use this flaw to execute code with the\nvictim's privileges. This update adds the PySys_SetArgvEx API. Developers\ncan modify their applications to use this new API, which sets sys.argv\nwithout modifying sys.path. (CVE-2008-5983)\n\nMultiple flaws were found in the Python rgbimg module. If an application\nwritten in Python was using the rgbimg module and loaded a\nspecially-crafted SGI image file, it could cause the application to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450)\n\nMultiple flaws were found in the Python audioop module. Supplying certain\ninputs could cause the audioop module to crash or, possibly, execute\narbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nThis update also fixes the following bugs:\n\n* When starting a child process from the subprocess module in Python 2.4,\nthe parent process could leak file descriptors if an error occurred. This\nupdate resolves the issue. (BZ#609017)\n\n* Prior to Python 2.7, programs that used \"ulimit -n\" to enable\ncommunication with large numbers of subprocesses could still monitor only\n1024 file descriptors at a time, which caused an exception:\n\n ValueError: filedescriptor out of range in select()\n\nThis was due to the subprocess module using the \"select\" system call. The\nmodule now uses the \"poll\" system call, removing this limitation.\n(BZ#609020)\n\n* Prior to Python 2.5, the tarfile module failed to unpack tar files if the\npath was longer than 100 characters. This update backports the tarfile\nmodule from Python 2.5 and the issue no longer occurs. (BZ#263401)\n\n* The email module incorrectly implemented the logic for obtaining\nattachment file names: the get_filename() fallback for using the deprecated\n\"name\" parameter of the \"Content-Type\" header erroneously used the\n\"Content-Disposition\" header. This update backports a fix from Python 2.6,\nwhich resolves this issue. (BZ#644147)\n\n* Prior to version 2.5, Python's optimized memory allocator never released\nmemory back to the system. The memory usage of a long-running Python\nprocess would resemble a \"high-water mark\". This update backports a fix\nfrom Python 2.5a1, which frees unused arenas, and adds a non-standard\nsys._debugmallocstats() function, which prints diagnostic information to\nstderr. Finally, when running under Valgrind, the optimized allocator is\ndeactivated, to allow more convenient debugging of Python memory usage\nissues. (BZ#569093)\n\n* The urllib and urllib2 modules ignored the no_proxy variable, which could\nlead to programs such as \"yum\" erroneously accessing a proxy server for\nURLs covered by a \"no_proxy\" exclusion. This update backports fixes of\nurllib and urllib2, which respect the \"no_proxy\" variable, which fixes\nthese issues. (BZ#549372)\n\nAs well, this update adds the following enhancements:\n\n* This update introduces a new python-libs package, subsuming the majority\nof the content of the core python package. This makes both 32-bit and\n64-bit Python libraries available on PowerPC systems. (BZ#625372)\n\n* The python-libs.i386 package is now available for 64-bit Itanium with the\n32-bit Itanium compatibility mode. (BZ#644761)\n\nAll Python users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n", "modified": "2017-09-08T11:55:06", "published": "2011-01-13T05:00:00", "id": "RHSA-2011:0027", "href": "https://access.redhat.com/errata/RHSA-2011:0027", "type": "redhat", "title": "(RHSA-2011:0027) Low: python security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:39:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880556", "title": "CentOS Update for python CESA-2011:0491 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2011:0491 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-May/017520.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880556\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2011:0491\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_name(\"CentOS Update for python CESA-2011:0491 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"python on CentOS 4\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the 'file://' URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n\n Multiple flaws were found in the Python audioop module. Supplying certain\n inputs could cause the audioop module to crash or, possibly, execute\n arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n\n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n\n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n\n This update makes Python use the system Expat library rather than its own\n internal copy. Therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n\n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:38:55", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881427", "title": "CentOS Update for python CESA-2011:0491 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2011:0491 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-May/017521.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881427\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:50:39 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\",\n \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2011:0491\");\n script_name(\"CentOS Update for python CESA-2011:0491 centos4 x86_64\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"python on CentOS 4\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the 'file://' URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n\n Multiple flaws were found in the Python audioop module. Supplying certain\n inputs could cause the audioop module to crash or, possibly, execute\n arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n\n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n\n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n\n This update makes Python use the system Expat library rather than its own\n internal copy. Therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n\n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-07-27T10:55:19", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2017-07-12T00:00:00", "published": "2011-05-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870430", "id": "OPENVAS:870430", "title": "RedHat Update for python RHSA-2011:0491-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2011:0491-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n \n Multiple flaws were found in the Python audioop module. Supplying certain\n inputs could cause the audioop module to crash or, possibly, execute\n arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n \n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n \n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n \n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n \n This update makes Python use the system Expat library rather than its own\n internal copy; therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00005.html\");\n script_id(870430);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-06 16:22:00 +0200 (Fri, 06 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:0491-01\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_name(\"RedHat Update for python RHSA-2011:0491-01\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:58:38", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2018-01-03T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881427", "id": "OPENVAS:881427", "title": "CentOS Update for python CESA-2011:0491 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2011:0491 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n \n Multiple flaws were found in the Python audioop module. Supplying certain\n inputs could cause the audioop module to crash or, possibly, execute\n arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n \n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n \n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n \n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n \n This update makes Python use the system Expat library rather than its own\n internal copy; therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"python on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-May/017521.html\");\n script_id(881427);\n script_version(\"$Revision: 8273 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 07:29:19 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:50:39 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\",\n \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0491\");\n script_name(\"CentOS Update for python CESA-2011:0491 centos4 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:56", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2011-05-06T00:00:00", "id": "OPENVAS:1361412562310870430", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870430", "title": "RedHat Update for python RHSA-2011:0491-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2011:0491-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00005.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870430\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-06 16:22:00 +0200 (Fri, 06 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:0491-01\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_name(\"RedHat Update for python RHSA-2011:0491-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_4\");\n script_tag(name:\"affected\", value:\"python on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the 'file://' URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n\n Multiple flaws were found in the Python audioop module. Supplying certain\n inputs could cause the audioop module to crash or, possibly, execute\n arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n\n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n\n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n\n This update makes Python use the system Expat library rather than its own\n internal copy. Therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n\n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.10.el4\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:35", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880556", "id": "OPENVAS:880556", "title": "CentOS Update for python CESA-2011:0491 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2011:0491 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n \n Multiple flaws were found in the Python audioop module. Supplying certain\n inputs could cause the audioop module to crash or, possibly, execute\n arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n \n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n \n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n \n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n \n This update makes Python use the system Expat library rather than its own\n internal copy; therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-May/017520.html\");\n script_id(880556);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0491\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_name(\"CentOS Update for python CESA-2011:0491 centos4 i386\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.3.4~14.10.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:36", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880500", "title": "CentOS Update for python CESA-2011:0492 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2011:0492 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2011-May/017518.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880500\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"CESA\", value:\"2011:0492\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_name(\"CentOS Update for python CESA-2011:0492 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"python on CentOS 5\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the 'file://' URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n\n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n\n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n\n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n\n This update makes Python use the system Expat library rather than its own\n internal copy. Therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n\n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-07-25T10:55:35", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880500", "id": "OPENVAS:880500", "title": "CentOS Update for python CESA-2011:0492 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2011:0492 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n \n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n \n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n \n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n \n This update makes Python use the system Expat library rather than its own\n internal copy; therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-May/017518.html\");\n script_id(880500);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0492\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_name(\"CentOS Update for python CESA-2011:0492 centos5 i386\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:22", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2011-0492", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122181", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122181", "title": "Oracle Linux Local Check: ELSA-2011-0492", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0492.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122181\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:22 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0492\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0492\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0492.html\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~44.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~44.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~44.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~44.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~44.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2017-07-27T10:55:19", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2017-07-12T00:00:00", "published": "2011-05-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870428", "id": "OPENVAS:870428", "title": "RedHat Update for python RHSA-2011:0492-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2011:0492-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n \n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n \n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n \n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n \n This update makes Python use the system Expat library rather than its own\n internal copy; therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00006.html\");\n script_id(870428);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-06 16:22:00 +0200 (Fri, 06 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:0492-01\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_name(\"RedHat Update for python RHSA-2011:0492-01\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2020-08-01T04:11:09", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:0491 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n", "modified": "2020-08-02T00:00:00", "id": "ORACLELINUX_ELSA-2011-0491.NASL", "href": "https://www.tenable.com/plugins/nessus/68270", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : python (ELSA-2011-0491)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0491 and \n# Oracle Linux Security Advisory ELSA-2011-0491 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68270);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:09\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0491\");\n\n script_name(english:\"Oracle Linux 4 : python (ELSA-2011-0491)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0491 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-May/002122.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-08-01T04:51:39", "bulletinFamily": "scanner", "description": "A flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n", "modified": "2020-08-02T00:00:00", "id": "SL_20110505_PYTHON_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61033", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61033);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:19\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n\n script_name(english:\"Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1105&L=scientific-linux-errata&T=0&P=474\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?acadd092\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"python-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-devel-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-08-01T04:22:54", "bulletinFamily": "scanner", "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n", "modified": "2020-08-02T00:00:00", "id": "REDHAT-RHSA-2011-0491.NASL", "href": "https://www.tenable.com/plugins/nessus/53820", "published": "2011-05-06T00:00:00", "title": "RHEL 4 : python (RHSA-2011:0491)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0491. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53820);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2019/10/25 13:36:16\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0491\");\n\n script_name(english:\"RHEL 4 : python (RHSA-2011:0491)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1521\"\n );\n # https://rhn.redhat.com/errata/RHSA-2009-1625.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0491\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0491\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"python-2.3.4-14.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-08-01T01:06:52", "bulletinFamily": "scanner", "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n", "modified": "2020-08-02T00:00:00", "id": "CENTOS_RHSA-2011-0492.NASL", "href": "https://www.tenable.com/plugins/nessus/53815", "published": "2011-05-06T00:00:00", "title": "CentOS 5 : python (CESA-2011:0492)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0492 and \n# CentOS Errata and Security Advisory 2011:0492 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53815);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/25 13:36:05\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0492\");\n\n script_name(english:\"CentOS 5 : python (CESA-2011:0492)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017518.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e31c929d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017519.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68bb9ae5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-devel-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-libs / python-tools / tkinter\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-08-01T04:22:54", "bulletinFamily": "scanner", "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n", "modified": "2020-08-02T00:00:00", "id": "REDHAT-RHSA-2011-0492.NASL", "href": "https://www.tenable.com/plugins/nessus/53821", "published": "2011-05-06T00:00:00", "title": "RHEL 5 : python (RHSA-2011:0492)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0492. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53821);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2019/10/25 13:36:16\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0492\");\n\n script_name(english:\"RHEL 5 : python (RHSA-2011:0492)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0492\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0492\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"python-devel-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-libs / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-08-01T04:11:09", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:0492 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n", "modified": "2020-08-02T00:00:00", "id": "ORACLELINUX_ELSA-2011-0492.NASL", "href": "https://www.tenable.com/plugins/nessus/68271", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : python (ELSA-2011-0492)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0492 and \n# Oracle Linux Security Advisory ELSA-2011-0492 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68271);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:09\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0492\");\n\n script_name(english:\"Oracle Linux 5 : python (ELSA-2011-0492)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0492 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-May/002121.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"python-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"python-devel-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-libs / python-tools / tkinter\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-08-01T04:59:32", "bulletinFamily": "scanner", "description": " - a race condition in the accept() implementation of\n smtpd.py could lead to a denial of service\n (CVE-2010-3493).\n\n - integer overflows and insufficient size checks could\n crash the audioop module (CVE-2010-2089, CVE-2010-1634).", "modified": "2020-08-02T00:00:00", "id": "SUSE_11_2_LIBPYTHON2_6-1_0-101028.NASL", "href": "https://www.tenable.com/plugins/nessus/53756", "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : libpython2_6-1_0 (openSUSE-SU-2010:1049-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libpython2_6-1_0-3487.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53756);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:38\");\n\n script_cve_id(\"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\");\n\n script_name(english:\"openSUSE Security Update : libpython2_6-1_0 (openSUSE-SU-2010:1049-1)\");\n script_summary(english:\"Check for the libpython2_6-1_0-3487 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - a race condition in the accept() implementation of\n smtpd.py could lead to a denial of service\n (CVE-2010-3493).\n\n - integer overflows and insufficient size checks could\n crash the audioop module (CVE-2010-2089, CVE-2010-1634).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=638233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libpython2_6-1_0 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_6-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_6-1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libpython2_6-1_0-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-base-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-curses-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-demo-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-devel-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-gdbm-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-idle-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-tk-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"python-xml-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libpython2_6-1_0-32bit-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"python-32bit-2.6.2-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"python-base-32bit-2.6.2-6.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpython2_6-1_0 / libpython2_6-1_0-32bit / python / python-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-01T05:00:18", "bulletinFamily": "scanner", "description": "The following issues have been fixed :\n\n - a race condition in the accept() implementation of\n smtpd.py could lead to a denial of service.\n (CVE-2010-3493)\n\n - integer overflows and insufficient size checks could\n crash the audioop module. (CVE-2010-2089 /\n CVE-2010-1634)", "modified": "2020-08-02T00:00:00", "id": "SUSE_11_LIBPYTHON2_6-1_0-101109.NASL", "href": "https://www.tenable.com/plugins/nessus/51623", "published": "2011-01-21T00:00:00", "title": "SuSE 11.1 Security Update : Python (SAT Patch Number 3493)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51623);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:39\");\n\n script_cve_id(\"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\");\n\n script_name(english:\"SuSE 11.1 Security Update : Python (SAT Patch Number 3493)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issues have been fixed :\n\n - a race condition in the accept() implementation of\n smtpd.py could lead to a denial of service.\n (CVE-2010-3493)\n\n - integer overflows and insufficient size checks could\n crash the audioop module. (CVE-2010-2089 /\n CVE-2010-1634)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=638233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1634.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3493.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 3493.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libpython2_6-1_0-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-base-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-curses-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-devel-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-tk-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-xml-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpython2_6-1_0-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpython2_6-1_0-32bit-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-base-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-base-32bit-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-curses-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-devel-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-tk-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-xml-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libpython2_6-1_0-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"python-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"python-base-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"python-curses-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"python-demo-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"python-gdbm-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"python-idle-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"python-tk-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"python-xml-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libpython2_6-1_0-32bit-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-32bit-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-base-32bit-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libpython2_6-1_0-32bit-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-32bit-2.6.0-8.10.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-base-32bit-2.6.0-8.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-01T05:00:18", "bulletinFamily": "scanner", "description": "The following issues have been fixed :\n\n - a race condition in the accept() implementation of\n smtpd.py could lead to a denial of service.\n (CVE-2010-3493)\n\n - integer overflows and insufficient size checks could\n crash the audioop module. (CVE-2010-2089 /\n CVE-2010-1634)", "modified": "2020-08-02T00:00:00", "id": "SUSE_11_LIBPYTHON2_6-1_0-101028.NASL", "href": "https://www.tenable.com/plugins/nessus/51134", "published": "2010-12-12T00:00:00", "title": "SuSE 11 Security Update : Python (SAT Patch Number 3491)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51134);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/25 13:36:39\");\n\n script_cve_id(\"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\");\n\n script_name(english:\"SuSE 11 Security Update : Python (SAT Patch Number 3491)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following issues have been fixed :\n\n - a race condition in the accept() implementation of\n smtpd.py could lead to a denial of service.\n (CVE-2010-3493)\n\n - integer overflows and insufficient size checks could\n crash the audioop module. (CVE-2010-2089 /\n CVE-2010-1634)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=609761\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=638233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1634.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2089.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3493.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 3491.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libpython2_6-1_0-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"python-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"python-base-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"python-curses-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"python-devel-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"python-xml-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libpython2_6-1_0-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libpython2_6-1_0-32bit-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"python-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"python-base-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"python-base-32bit-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"python-curses-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"python-devel-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"python-xml-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libpython2_6-1_0-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"python-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"python-base-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"python-curses-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"python-demo-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"python-gdbm-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"python-idle-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"python-tk-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"python-xml-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libpython2_6-1_0-32bit-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"python-32bit-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"python-base-32bit-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libpython2_6-1_0-32bit-2.6.0-8.8.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"python-32bit-2.6.0-8.9.6.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"python-base-32bit-2.6.0-8.8.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-01T04:51:39", "bulletinFamily": "scanner", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n", "modified": "2020-08-02T00:00:00", "id": "SL_20110519_PYTHON_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61046", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : python on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61046);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/10/25 13:36:19\");\n\n script_cve_id(\"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n\n script_name(english:\"Scientific Linux Security Update : python on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nThis erratum also upgrades Python to upstream version 2.6.6, and\nincludes a number of bug fixes and enhancements. Documentation for\nthese bug fixes and enhancements is available from the Technical Notes\ndocument, linked to in the References section.\n\nAll users of Python are advised to upgrade to these updated packages,\nwhich correct these issues, and fix the bugs and add the enhancements\nnoted in the Technical Notes.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=660\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e9be180\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"python-2.6.6-20.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-devel-2.6.6-20.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-libs-2.6.6-20.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-test-2.6.6-20.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-tools-2.6.6-20.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tkinter-2.6.6-20.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "centos": [{"lastseen": "2020-07-17T03:29:48", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:0491\n\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying certain\ninputs could cause the audioop module to crash or, possibly, execute\narbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially-crafted XML file could cause Python applications using the Python\nExpat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own\ninternal copy; therefore, users must have the version of Expat shipped with\nRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\nissue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/029558.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/029559.html\n\n**Affected packages:**\npython\npython-devel\npython-docs\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0491.html", "modified": "2011-05-05T21:37:03", "published": "2011-05-05T21:37:02", "href": "http://lists.centos.org/pipermail/centos-announce/2011-May/029558.html", "id": "CESA-2011:0491", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-07-17T03:32:59", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:0492\n\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially-crafted XML file could cause Python applications using the Python\nExpat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own\ninternal copy; therefore, users must have the version of Expat shipped with\nRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\nissue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/029556.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/029557.html\n\n**Affected packages:**\npython\npython-devel\npython-libs\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0492.html", "modified": "2011-05-05T20:50:48", "published": "2011-05-05T20:50:48", "href": "http://lists.centos.org/pipermail/centos-announce/2011-May/029556.html", "id": "CESA-2011:0492", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "cve": [{"lastseen": "2019-10-26T13:21:37", "bulletinFamily": "NVD", "description": "Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.", "modified": "2019-10-25T11:53:00", "id": "CVE-2010-3493", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3493", "published": "2010-10-19T20:00:00", "title": "CVE-2010-3493", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-26T13:21:32", "bulletinFamily": "NVD", "description": "Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.", "modified": "2019-10-25T11:53:00", "id": "CVE-2010-1634", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1634", "published": "2010-05-27T19:30:00", "title": "CVE-2010-1634", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-26T13:21:33", "bulletinFamily": "NVD", "description": "The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.", "modified": "2019-10-25T11:53:00", "id": "CVE-2010-2089", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2089", "published": "2010-05-27T19:30:00", "title": "CVE-2010-2089", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-14T12:43:04", "bulletinFamily": "NVD", "description": "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.", "modified": "2017-09-19T01:29:00", "id": "CVE-2009-3720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3720", "published": "2009-11-03T16:30:00", "title": "CVE-2009-3720", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-26T13:33:10", "bulletinFamily": "NVD", "description": "The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.", "modified": "2019-10-25T11:53:00", "id": "CVE-2011-1015", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1015", "published": "2011-05-09T22:55:00", "title": "CVE-2011-1015", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-26T13:33:14", "bulletinFamily": "NVD", "description": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.", "modified": "2019-10-25T11:53:00", "id": "CVE-2011-1521", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1521", "published": "2011-05-24T23:55:00", "title": "CVE-2011-1521", "type": "cve", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:44", "bulletinFamily": "unix", "description": "### Background\n\nPython is an interpreted, interactive, object-oriented programming language. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly cause a Denial of Service condition or perform a man-in-the-middle attack to disclose sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Python 3.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-3.3.2-r1\"\n \n\nAll Python 3.2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-3.2.5-r1\"\n \n\nAll Python 2.6 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.6.8\"\n \n\nAll Python 2.7 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.7.3-r1\"", "modified": "2015-06-17T00:00:00", "published": "2014-01-06T00:00:00", "id": "GLSA-201401-04", "href": "https://security.gentoo.org/glsa/201401-04", "type": "gentoo", "title": "Python: Multiple vulnerabilities", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:37", "bulletinFamily": "software", "description": "Buffer overflow in audioop.lin2lin, memory corruption in audioop.reverse.", "modified": "2010-07-17T00:00:00", "published": "2010-07-17T00:00:00", "id": "SECURITYVULNS:VULN:11004", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11004", "title": "python security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:096\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : python\r\n Date : May 22, 2011\r\n Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities have been identified and fixed in python:\r\n \r\n The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module\r\n in Python 2.5, 2.6, and 3.0 allows remote attackers to read script\r\n source code via an HTTP GET request that lacks a / &#40;slash&#41; character\r\n at the beginning of the URI &#40;CVE-2011-1015&#41;.\r\n \r\n A flaw was found in the Python urllib and urllib2 libraries where\r\n they would not differentiate between different target URLs when\r\n handling automatic redirects. This caused Python applications using\r\n these modules to follow any new URL that they understood, including\r\n the file:// URL type. This could allow a remote server to force a\r\n local Python application to read a local file instead of the remote\r\n one, possibly exposing local files that were not meant to be exposed\r\n &#40;CVE-2011-1521&#41;.\r\n \r\n Packages for 2009.0 are provided as of the Extended Maintenance\r\n Program. Please visit this link to learn more:\r\n http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n 71a60b6ca82c16cfa81779f586aa2c0a 2009.0/i586/libpython2.5-2.5.2-5.10mdv2009.0.i586.rpm\r\n 2138c57ad81a8beaf0c1eb999fd08818 2009.0/i586/libpython2.5-devel-2.5.2-5.10mdv2009.0.i586.rpm\r\n 6c9a3ffe4bc52ed61e77a77c374ad2c4 2009.0/i586/python-2.5.2-5.10mdv2009.0.i586.rpm\r\n 0d31faceacbae7dc06f844d1214e2d16 2009.0/i586/python-base-2.5.2-5.10mdv2009.0.i586.rpm\r\n 49b78565dcb28d01e5c691b0f2bcd3af 2009.0/i586/python-docs-2.5.2-5.10mdv2009.0.i586.rpm\r\n 1ffd2e9dd42735800a7f6ad7d941a5ac 2009.0/i586/tkinter-2.5.2-5.10mdv2009.0.i586.rpm\r\n cdafb079c8e76379949c49c3cb1ef4b2 2009.0/i586/tkinter-apps-2.5.2-5.10mdv2009.0.i586.rpm \r\n 5cb94b684ff22b2eda7e04753bdce16d 2009.0/SRPMS/python-2.5.2-5.10mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n e04c68e9eb21516ce89484751ded4332 2009.0/x86_64/lib64python2.5-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n 92622926645273db1a646a736ea2a432 \r\n2009.0/x86_64/lib64python2.5-devel-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n c427548e0873e70318b9c945a09bba83 2009.0/x86_64/python-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n 03f147cad7afa130c07920fe93426bc3 2009.0/x86_64/python-base-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n 70162d5fe5b7808212243660f9e54241 2009.0/x86_64/python-docs-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n a86197e50c1c75c0256f7e40cab56a34 2009.0/x86_64/tkinter-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n 926914ec91cb07fc4e796dc9f9245f3f 2009.0/x86_64/tkinter-apps-2.5.2-5.10mdv2009.0.x86_64.rpm \r\n 5cb94b684ff22b2eda7e04753bdce16d 2009.0/SRPMS/python-2.5.2-5.10mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n 53d5109e8564c4532d5dedef2ac043f4 2010.1/i586/libpython2.6-2.6.5-2.3mdv2010.2.i586.rpm\r\n 023b47ab6db33ddcd14b69a3b7d9b6f8 2010.1/i586/libpython2.6-devel-2.6.5-2.3mdv2010.2.i586.rpm\r\n ca24b1ba72889504816ff01f8296dad7 2010.1/i586/python-2.6.5-2.3mdv2010.2.i586.rpm\r\n 9f951c32522a8d4a20dc6218d7f5b977 2010.1/i586/python-docs-2.6.5-2.3mdv2010.2.i586.rpm\r\n 17194376e65542d2a94c650ac3b4d895 2010.1/i586/tkinter-2.6.5-2.3mdv2010.2.i586.rpm\r\n 7cbc356feff956567b2f5ab6d64f3600 2010.1/i586/tkinter-apps-2.6.5-2.3mdv2010.2.i586.rpm \r\n 31ecbe18b9a10119e03ef380a913db1e 2010.1/SRPMS/python-2.6.5-2.3mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 81b99d093052e70a8a53085917e4afb3 2010.1/x86_64/lib64python2.6-2.6.5-2.3mdv2010.2.x86_64.rpm\r\n fcc80b83b1fdce270e712f2657fbb8ca \r\n2010.1/x86_64/lib64python2.6-devel-2.6.5-2.3mdv2010.2.x86_64.rpm\r\n f3c02fbd937c6100b4a65e334055e7fa 2010.1/x86_64/python-2.6.5-2.3mdv2010.2.x86_64.rpm\r\n 1043662e88b55abe675a263082ce82c2 2010.1/x86_64/python-docs-2.6.5-2.3mdv2010.2.x86_64.rpm\r\n 93ba6c063614368421de9e4b4bdbbb6a 2010.1/x86_64/tkinter-2.6.5-2.3mdv2010.2.x86_64.rpm\r\n cf0decdce784a86d5307dd19b6914a8e 2010.1/x86_64/tkinter-apps-2.6.5-2.3mdv2010.2.x86_64.rpm \r\n 31ecbe18b9a10119e03ef380a913db1e 2010.1/SRPMS/python-2.6.5-2.3mdv2010.2.src.rpm\r\n\r\n Corporate 4.0:\r\n 198c6a033fc80b0355e065a14f644696 \r\ncorporate/4.0/i586/libpython2.4-2.4.5-0.8.20060mlcs4.i586.rpm\r\n c0616f9351989ea9d7033d958a5eafd8 \r\ncorporate/4.0/i586/libpython2.4-devel-2.4.5-0.8.20060mlcs4.i586.rpm\r\n e1becc70b0a76ca8ae6ceb1697705171 corporate/4.0/i586/python-2.4.5-0.8.20060mlcs4.i586.rpm\r\n 1e43557301ab20d6ef1deaee5095987f corporate/4.0/i586/python-base-2.4.5-0.8.20060mlcs4.i586.rpm\r\n ad1797a8ded8c1ef1eaa4ff94f0a090e corporate/4.0/i586/python-docs-2.4.5-0.8.20060mlcs4.i586.rpm\r\n 1e086c1a3d1074363f2d5e8d9c396e4e corporate/4.0/i586/tkinter-2.4.5-0.8.20060mlcs4.i586.rpm \r\n cc3e848102354412fe99da194af47f39 corporate/4.0/SRPMS/python-2.4.5-0.8.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n da20c277e2ff0776b7499287096702ac \r\ncorporate/4.0/x86_64/lib64python2.4-2.4.5-0.8.20060mlcs4.x86_64.rpm\r\n d0075eb6df5b520c04eb936f10a73c32 \r\ncorporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.8.20060mlcs4.x86_64.rpm\r\n b491194cce5942ad249ba283c52954b0 corporate/4.0/x86_64/python-2.4.5-0.8.20060mlcs4.x86_64.rpm\r\n 13d75957e66ce76d338e9326cad6cdff \r\ncorporate/4.0/x86_64/python-base-2.4.5-0.8.20060mlcs4.x86_64.rpm\r\n f7896e57d5b843f3f7ff7dd4b3eebe03 \r\ncorporate/4.0/x86_64/python-docs-2.4.5-0.8.20060mlcs4.x86_64.rpm\r\n 70586950943cc3dafce38ac09a0ff83d \r\ncorporate/4.0/x86_64/tkinter-2.4.5-0.8.20060mlcs4.x86_64.rpm \r\n cc3e848102354412fe99da194af47f39 corporate/4.0/SRPMS/python-2.4.5-0.8.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n d28940e4700e46457096fcc2a13307cc mes5/i586/libpython2.5-2.5.2-5.10mdvmes5.2.i586.rpm\r\n bcf1487a2fae5458d9ab0ac34a5a307a mes5/i586/libpython2.5-devel-2.5.2-5.10mdvmes5.2.i586.rpm\r\n 38c26a661f8858439a1cc2df1bd41df5 mes5/i586/python-2.5.2-5.10mdvmes5.2.i586.rpm\r\n 9b13e52c7ef8e8d0795d7fdc6808b2b8 mes5/i586/python-base-2.5.2-5.10mdvmes5.2.i586.rpm\r\n 5002cd05dd26292cb2cee766a6555865 mes5/i586/python-docs-2.5.2-5.10mdvmes5.2.i586.rpm\r\n 36426ccd627743116fad029322e53dd3 mes5/i586/tkinter-2.5.2-5.10mdvmes5.2.i586.rpm\r\n fa420530fd85947a87b3f45eeff156f3 mes5/i586/tkinter-apps-2.5.2-5.10mdvmes5.2.i586.rpm \r\n 95e5e9d7cf268894a9d520de0ce560d0 mes5/SRPMS/python-2.5.2-5.10mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 23d67a8f9b6d8815dca9b8bd4664f40a mes5/x86_64/lib64python2.5-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n d64356213d58f79800d4948880c5eeb6 \r\nmes5/x86_64/lib64python2.5-devel-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n 75a6f96e22760d4fdcc2ae46a512b260 mes5/x86_64/python-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n efcf39cf6b3bcc1d78fd35be60215b59 mes5/x86_64/python-base-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n fba99d4b5b1ff39ab9521a543d7c6ec8 mes5/x86_64/python-docs-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n 68763e27ed0848ca8f9d2d30f31b02d9 mes5/x86_64/tkinter-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n 5ee0e3d48de97f70edd16ff8dc13615e mes5/x86_64/tkinter-apps-2.5.2-5.10mdvmes5.2.x86_64.rpm \r\n 95e5e9d7cf268894a9d520de0ce560d0 mes5/SRPMS/python-2.5.2-5.10mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFN2PFImqjQ0CJFipgRAiU/AJ4r8U479TGDL2Y/y8pnigz1WmCxMgCgsARl\r\nAYo6vcjj/qwevAUXSbsysc8=\r\n=oy4t\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-05-25T00:00:00", "published": "2011-05-25T00:00:00", "id": "SECURITYVULNS:DOC:26401", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26401", "title": "[ MDVSA-2011:096 ] python", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "description": "Source code leakage in CGIHTTPServer, local files acces in urllib.", "modified": "2011-05-25T00:00:00", "published": "2011-05-25T00:00:00", "id": "SECURITYVULNS:VULN:11688", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11688", "title": "python security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2010:132\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : python\r\n Date : July 14, 2010\r\n Affected: 2008.0, 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,\r\n Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been found and corrected in python:\r\n \r\n Multiple integer overflows in audioop.c in the audioop module in\r\n Ptthon allow context-dependent attackers to cause a denial of service\r\n &#40;application crash&#41; via a large fragment, as demonstrated by a call\r\n to audioop.lin2lin with a long string in the first argument, leading\r\n to a buffer overflow. NOTE: this vulnerability exists because of an\r\n incorrect fix for CVE-2008-3143.5 &#40;CVE-2010-1634&#41;.\r\n \r\n The audioop module in Python does not verify the relationships between\r\n size arguments and byte string lengths, which allows context-dependent\r\n attackers to cause a denial of service &#40;memory corruption and\r\n application crash&#41; via crafted arguments, as demonstrated by a call\r\n to audioop.reverse with a one-byte string, a different vulnerability\r\n than CVE-2010-1634 &#40;CVE-2010-2089&#41;.\r\n \r\n Packages for 2008.0 and 2009.0 are provided as of the Extended\r\n Maintenance Program. Please visit this link to learn more:\r\n http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 4f913679ea6f154f0d7c84c8bafd3fe3 2008.0/i586/libpython2.5-2.5.2-2.7mdv2008.0.i586.rpm\r\n dfab01f9210fa284ad3b4dd271bfb3dd 2008.0/i586/libpython2.5-devel-2.5.2-2.7mdv2008.0.i586.rpm\r\n b6245a9dc5423d14ba96f4f388dd0fe6 2008.0/i586/python-2.5.2-2.7mdv2008.0.i586.rpm\r\n 15c39b51c66cc78aec157eaed0267a7b 2008.0/i586/python-base-2.5.2-2.7mdv2008.0.i586.rpm\r\n e38a9894712bf82a8dcc1eee1265592c 2008.0/i586/python-docs-2.5.2-2.7mdv2008.0.i586.rpm\r\n 2f2100e6dd35a4aef8e503394a723e81 2008.0/i586/tkinter-2.5.2-2.7mdv2008.0.i586.rpm\r\n 29b96d4b84a7241fc78f55671f1a33f0 2008.0/i586/tkinter-apps-2.5.2-2.7mdv2008.0.i586.rpm \r\n 211a673f3cd2e1b7d153d6f40291ad86 2008.0/SRPMS/python-2.5.2-2.7mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 5f9e4e0e27dfa80a7fa2bf62998edf25 2008.0/x86_64/lib64python2.5-2.5.2-2.7mdv2008.0.x86_64.rpm\r\n 36bfe236a350a8e9a0e2657eefadd299 2008.0/x86_64/lib64python2.5-devel-2.5.2-2.7mdv2008.0.x86_64.rpm\r\n c03cc44dac5ecdf49d7bf2ca5ad5477a 2008.0/x86_64/python-2.5.2-2.7mdv2008.0.x86_64.rpm\r\n 1965d6962b5cfe7349f4369bceda2ce4 2008.0/x86_64/python-base-2.5.2-2.7mdv2008.0.x86_64.rpm\r\n e13c770d7ddcc045251733d69865a3ae 2008.0/x86_64/python-docs-2.5.2-2.7mdv2008.0.x86_64.rpm\r\n cff8d5ef80f29b2f9e32e171420ede11 2008.0/x86_64/tkinter-2.5.2-2.7mdv2008.0.x86_64.rpm\r\n e8d3db4327d427c9451bf604e5cd1bb7 2008.0/x86_64/tkinter-apps-2.5.2-2.7mdv2008.0.x86_64.rpm \r\n 211a673f3cd2e1b7d153d6f40291ad86 2008.0/SRPMS/python-2.5.2-2.7mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n 598630ce234cff98465351b4af90d664 2009.0/i586/libpython2.5-2.5.2-5.6mdv2009.0.i586.rpm\r\n 44a691ffb51a47dd653fbf03d5a9be00 2009.0/i586/libpython2.5-devel-2.5.2-5.6mdv2009.0.i586.rpm\r\n ea55908df10ad9e82a5d361612bcbca7 2009.0/i586/python-2.5.2-5.6mdv2009.0.i586.rpm\r\n cb25c56f6f68e0bb036cd1be0360595d 2009.0/i586/python-base-2.5.2-5.6mdv2009.0.i586.rpm\r\n 0161f8c43b4fbf019ef24a72760d3113 2009.0/i586/python-docs-2.5.2-5.6mdv2009.0.i586.rpm\r\n 987651d11ca710910a89e52330873187 2009.0/i586/tkinter-2.5.2-5.6mdv2009.0.i586.rpm\r\n a73ba0fa7adcb1ebe2806335e575e8b2 2009.0/i586/tkinter-apps-2.5.2-5.6mdv2009.0.i586.rpm \r\n a6602a71f4573ecb82951a861165fee8 2009.0/SRPMS/python-2.5.2-5.6mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n f22f06db4cc4e8f431aadeaa552f0891 2009.0/x86_64/lib64python2.5-2.5.2-5.6mdv2009.0.x86_64.rpm\r\n a15984e4b2e6821789ba36760aa08a79 2009.0/x86_64/lib64python2.5-devel-2.5.2-5.6mdv2009.0.x86_64.rpm\r\n 329f34c1eb9cbf68805edcbb0efda8a2 2009.0/x86_64/python-2.5.2-5.6mdv2009.0.x86_64.rpm\r\n 5404e1caa073784bbcb6aab8dff592bf 2009.0/x86_64/python-base-2.5.2-5.6mdv2009.0.x86_64.rpm\r\n 59e2bbd0517468929db90ad4e9448dc7 2009.0/x86_64/python-docs-2.5.2-5.6mdv2009.0.x86_64.rpm\r\n b9821ba18b02ad9ae3b5831ac4893fee 2009.0/x86_64/tkinter-2.5.2-5.6mdv2009.0.x86_64.rpm\r\n 3593d6bdf3fbc698301edee3d0906e58 2009.0/x86_64/tkinter-apps-2.5.2-5.6mdv2009.0.x86_64.rpm \r\n a6602a71f4573ecb82951a861165fee8 2009.0/SRPMS/python-2.5.2-5.6mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 3404f9ddf0f432a2ba81e78ce0408fd8 2009.1/i586/libpython2.6-2.6.1-6.4mdv2009.1.i586.rpm\r\n 1642bfa7d7c8c2979f80491cd592447b 2009.1/i586/libpython2.6-devel-2.6.1-6.4mdv2009.1.i586.rpm\r\n e32c4080ae403710eb91bf8508430ecb 2009.1/i586/python-2.6.1-6.4mdv2009.1.i586.rpm\r\n f8221639b02160a28dc7c96d48050195 2009.1/i586/python-docs-2.6.1-6.4mdv2009.1.i586.rpm\r\n d1488967010eb649113916a3eef85213 2009.1/i586/tkinter-2.6.1-6.4mdv2009.1.i586.rpm\r\n c6c3a71a9efa1b8f010027a6d1418fa6 2009.1/i586/tkinter-apps-2.6.1-6.4mdv2009.1.i586.rpm \r\n 08fb9cd480e9a5ffa2efe603c17b0e71 2009.1/SRPMS/python-2.6.1-6.4mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 363de5386b3df783c2d599295b6c9fd9 2009.1/x86_64/lib64python2.6-2.6.1-6.4mdv2009.1.x86_64.rpm\r\n f09af1e423ba5755b7b0b524d0a4fada 2009.1/x86_64/lib64python2.6-devel-2.6.1-6.4mdv2009.1.x86_64.rpm\r\n ce6deed593b82a1b973de15001f79362 2009.1/x86_64/python-2.6.1-6.4mdv2009.1.x86_64.rpm\r\n a58bbe02634432f582b8b433287863e5 2009.1/x86_64/python-docs-2.6.1-6.4mdv2009.1.x86_64.rpm\r\n 35868acab80516ebb52b08feeff616bb 2009.1/x86_64/tkinter-2.6.1-6.4mdv2009.1.x86_64.rpm\r\n ccb5413b65fd391a8d0fa553ec28b513 2009.1/x86_64/tkinter-apps-2.6.1-6.4mdv2009.1.x86_64.rpm \r\n 08fb9cd480e9a5ffa2efe603c17b0e71 2009.1/SRPMS/python-2.6.1-6.4mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n 5f0ff97a0a93f7dd724156b4c75a189f 2010.0/i586/libpython2.6-2.6.4-1.3mdv2010.0.i586.rpm\r\n ed6881e0fbf01066dfd29ce5b415931c 2010.0/i586/libpython2.6-devel-2.6.4-1.3mdv2010.0.i586.rpm\r\n 3324fa6ce72997b71417b7425e3c8caf 2010.0/i586/python-2.6.4-1.3mdv2010.0.i586.rpm\r\n 6d842db0d14e29b1c007b99b78926e5d 2010.0/i586/python-docs-2.6.4-1.3mdv2010.0.i586.rpm\r\n bd34f1e94486390acff010381d08da03 2010.0/i586/tkinter-2.6.4-1.3mdv2010.0.i586.rpm\r\n 02521a044b36eb44ef9854f38b83364a 2010.0/i586/tkinter-apps-2.6.4-1.3mdv2010.0.i586.rpm \r\n b8341a9e215e7986ff904d7fdf74804c 2010.0/SRPMS/python-2.6.4-1.3mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 213ec645079b9cf5e32898fcbfc28fad 2010.0/x86_64/lib64python2.6-2.6.4-1.3mdv2010.0.x86_64.rpm\r\n 37b43ce708c77e503c1f93b26a168605 2010.0/x86_64/lib64python2.6-devel-2.6.4-1.3mdv2010.0.x86_64.rpm\r\n 9a3a70fe1762ee70dbc8262ee662c39b 2010.0/x86_64/python-2.6.4-1.3mdv2010.0.x86_64.rpm\r\n ded2b20c7d903a2294425222d5e9ca62 2010.0/x86_64/python-docs-2.6.4-1.3mdv2010.0.x86_64.rpm\r\n 0be4dcaea55b6c0b7e6876d62ec7e7b6 2010.0/x86_64/tkinter-2.6.4-1.3mdv2010.0.x86_64.rpm\r\n cee4059bb748ee05150955eb4e2167f6 2010.0/x86_64/tkinter-apps-2.6.4-1.3mdv2010.0.x86_64.rpm \r\n b8341a9e215e7986ff904d7fdf74804c 2010.0/SRPMS/python-2.6.4-1.3mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n 77685502f90b113db3ba22822b3cf9fc 2010.1/i586/libpython2.6-2.6.5-2.1mdv2010.1.i586.rpm\r\n bf9e3d224cf0059ec9344b034ec077af 2010.1/i586/libpython2.6-devel-2.6.5-2.1mdv2010.1.i586.rpm\r\n 5d7158a82859935be01a4be3d9ab13d8 2010.1/i586/python-2.6.5-2.1mdv2010.1.i586.rpm\r\n b6a754e44856a2f3cef1c27cda7607d6 2010.1/i586/python-docs-2.6.5-2.1mdv2010.1.i586.rpm\r\n 0f4fa85de1e74e999e32231d09a9a8f2 2010.1/i586/tkinter-2.6.5-2.1mdv2010.1.i586.rpm\r\n dca56ed98ff41e72884d1f0d06d77f40 2010.1/i586/tkinter-apps-2.6.5-2.1mdv2010.1.i586.rpm \r\n 107556cf0daafd475511abb2b598b7e3 2010.1/SRPMS/python-2.6.5-2.1mdv2010.1.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 14bcbf073fc47d3a423c6fefe15b5939 2010.1/x86_64/lib64python2.6-2.6.5-2.1mdv2010.1.x86_64.rpm\r\n 9acea2705dc72a6ad717fbcd961db368 2010.1/x86_64/lib64python2.6-devel-2.6.5-2.1mdv2010.1.x86_64.rpm\r\n 3e2047db297a58cef19bd3a22bab1953 2010.1/x86_64/python-2.6.5-2.1mdv2010.1.x86_64.rpm\r\n 618c9b3e812d73ae236a409ce1453a89 2010.1/x86_64/python-docs-2.6.5-2.1mdv2010.1.x86_64.rpm\r\n 8ad00fe7d002305ac26ff720ca3fc3ff 2010.1/x86_64/tkinter-2.6.5-2.1mdv2010.1.x86_64.rpm\r\n 3a8fdef37c200ca7b74f7e263dbaf04b 2010.1/x86_64/tkinter-apps-2.6.5-2.1mdv2010.1.x86_64.rpm \r\n 107556cf0daafd475511abb2b598b7e3 2010.1/SRPMS/python-2.6.5-2.1mdv2010.1.src.rpm\r\n\r\n Corporate 4.0:\r\n 24663decfe6c6ba75771371777834d6a corporate/4.0/i586/libpython2.4-2.4.5-0.6.20060mlcs4.i586.rpm\r\n 2d362036a85055bcae84aa30e320425b corporate/4.0/i586/libpython2.4-devel-2.4.5-0.6.20060mlcs4.i586.rpm\r\n 07a94afed3c78c4e071197ba7dba676b corporate/4.0/i586/python-2.4.5-0.6.20060mlcs4.i586.rpm\r\n b46bc657628e0790dc68c0298d0fa8c2 corporate/4.0/i586/python-base-2.4.5-0.6.20060mlcs4.i586.rpm\r\n 00fea68fc4a04885a56d4979dbcd4805 corporate/4.0/i586/python-docs-2.4.5-0.6.20060mlcs4.i586.rpm\r\n e7f1dd4a85e67c89d9053bbd5a0dcb1d corporate/4.0/i586/tkinter-2.4.5-0.6.20060mlcs4.i586.rpm \r\n 2bd3365c9ce6ef9caf80b7824e5cdba2 corporate/4.0/SRPMS/python-2.4.5-0.6.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 6a321e2d0675667c4a20ca9eef9e659f corporate/4.0/x86_64/lib64python2.4-2.4.5-0.6.20060mlcs4.x86_64.rpm\r\n c4747b33200becebdf06b999233d2d85 corporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.6.20060mlcs4.x86_64.rpm\r\n f0e7f6603385328327f62613820d09ad corporate/4.0/x86_64/python-2.4.5-0.6.20060mlcs4.x86_64.rpm\r\n fab004a4528c0ea88257c28f68767232 corporate/4.0/x86_64/python-base-2.4.5-0.6.20060mlcs4.x86_64.rpm\r\n 949f7e382bebc814c821d619abfd5d57 corporate/4.0/x86_64/python-docs-2.4.5-0.6.20060mlcs4.x86_64.rpm\r\n f61e8d55e2a2be3c0dc62903fce980d5 corporate/4.0/x86_64/tkinter-2.4.5-0.6.20060mlcs4.x86_64.rpm \r\n 2bd3365c9ce6ef9caf80b7824e5cdba2 corporate/4.0/SRPMS/python-2.4.5-0.6.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 28d975daaf5f623144e20493dd451745 mes5/i586/libpython2.5-2.5.2-5.7mdvmes5.1.i586.rpm\r\n 2aff847d8b904ded1e3af26f2104959c mes5/i586/libpython2.5-devel-2.5.2-5.7mdvmes5.1.i586.rpm\r\n 7453da455746ae242478602e28f8ad54 mes5/i586/python-2.5.2-5.7mdvmes5.1.i586.rpm\r\n 50ef79c0fe2a2ddb0768e9e42cd1a78d mes5/i586/python-base-2.5.2-5.7mdvmes5.1.i586.rpm\r\n eaba93ba9f5a77fdcd23b199c81ecf10 mes5/i586/python-docs-2.5.2-5.7mdvmes5.1.i586.rpm\r\n 6c0014be0c8647ac1c0ad4e6a5d48c92 mes5/i586/tkinter-2.5.2-5.7mdvmes5.1.i586.rpm\r\n 78fe0ba52d451894a19be61b1b41a8f7 mes5/i586/tkinter-apps-2.5.2-5.7mdvmes5.1.i586.rpm \r\n 49d1708b056d60fb851ce89033d84224 mes5/SRPMS/python-2.5.2-5.7mdvmes5.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n ad5c6abd37cd342183f540370bbbb03b mes5/x86_64/lib64python2.5-2.5.2-5.7mdvmes5.1.x86_64.rpm\r\n 2722a15a452703ff5b5ef6d6542e56d3 mes5/x86_64/lib64python2.5-devel-2.5.2-5.7mdvmes5.1.x86_64.rpm\r\n 2cac9f75b9cb85182e8a420329dfaccd mes5/x86_64/python-2.5.2-5.7mdvmes5.1.x86_64.rpm\r\n e04fdf9d4f629dd51b3bb27e22e4a152 mes5/x86_64/python-base-2.5.2-5.7mdvmes5.1.x86_64.rpm\r\n 77b9ee5a5be480ce55eccee414c0f4d5 mes5/x86_64/python-docs-2.5.2-5.7mdvmes5.1.x86_64.rpm\r\n 8de9bb41acd3ed981b9b44dbf7d139a5 mes5/x86_64/tkinter-2.5.2-5.7mdvmes5.1.x86_64.rpm\r\n 6d1a1b1173907b8602d7ca0ad71bc537 mes5/x86_64/tkinter-apps-2.5.2-5.7mdvmes5.1.x86_64.rpm \r\n 49d1708b056d60fb851ce89033d84224 mes5/SRPMS/python-2.5.2-5.7mdvmes5.1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFMPcWfmqjQ0CJFipgRAgC9AKCCg+mLAWCbtfXJCQPNEYsjz1BzogCg5B8+\r\nnyO+UGRvVtbkbK42OCE47C4=\r\n=DtKJ\r\n-----END PGP SIGNATURE-----", "modified": "2010-07-17T00:00:00", "published": "2010-07-17T00:00:00", "id": "SECURITYVULNS:DOC:24260", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24260", "title": "[ MDVSA-2010:132 ] python", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:27:14", "bulletinFamily": "unix", "description": "Giampaolo Rodola discovered that the smtpd module in Python 3 did not \nproperly handle certain error conditions. A remote attacker could exploit \nthis to cause a denial of service via daemon outage. This issue only \naffected Ubuntu 10.04 LTS. (CVE-2010-3493)\n\nNiels Heinen discovered that the urllib module in Python 3 would process \nLocation headers that specify a file:// URL. A remote attacker could use \nthis to obtain sensitive information or cause a denial of service via \nresource consumption. (CVE-2011-1521)", "modified": "2011-12-19T00:00:00", "published": "2011-12-19T00:00:00", "id": "USN-1314-1", "href": "https://ubuntu.com/security/notices/USN-1314-1", "title": "Python 3 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-07-09T00:33:58", "bulletinFamily": "unix", "description": "USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the \ncorresponding updates for Python 2.4.\n\nOriginal advisory details:\n\nIt was discovered that Python would prepend an empty string to sys.path \nunder certain circumstances. A local attacker with write access to the \ncurrent working directory could exploit this to execute arbitrary code. \n(CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input \nvalidation. If a user or automatated system were tricked into opening a \ncrafted audio file, an attacker could cause a denial of service via \napplication crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. \nA remote attacker could exploit this to cause a denial of service via \ndaemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform \ninput validation on certain HTTP GET requests. A remote attacker could \npotentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process \nLocation headers that specify a redirection to file: URLs. A remote \nattacker could exploit this to obtain sensitive information or cause a \ndenial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in \nthe Content-Type HTTP header. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks against Internet Explorer 7 \nusers. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when \ncreating the ~/.pypirc file. A local attacker could exploit this to obtain \nsensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its \ninput when handling HTTP POST requests. A remote attacker could exploit \nthis to cause a denial of service via excessive CPU utilization. \n(CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values \nwithout restricting the ability to trigger hash collisions predictably. If \na user or application using pyexpat were tricked into opening a crafted XML \nfile, an attacker could cause a denial of service by consuming excessive \nCPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly \nhandle memory reallocation when processing XML files. If a user or \napplication using pyexpat were tricked into opening a crafted XML file, an \nattacker could cause a denial of service by consuming excessive memory \nresources. (CVE-2012-1148)", "modified": "2012-10-17T00:00:00", "published": "2012-10-17T00:00:00", "id": "USN-1613-2", "href": "https://ubuntu.com/security/notices/USN-1613-2", "title": "Python 2.4 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:23:59", "bulletinFamily": "unix", "description": "It was discovered that Python would prepend an empty string to sys.path \nunder certain circumstances. A local attacker with write access to the \ncurrent working directory could exploit this to execute arbitrary code. \n(CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input \nvalidation. If a user or automatated system were tricked into opening a \ncrafted audio file, an attacker could cause a denial of service via \napplication crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. \nA remote attacker could exploit this to cause a denial of service via \ndaemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform \ninput validation on certain HTTP GET requests. A remote attacker could \npotentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process \nLocation headers that specify a redirection to file: URLs. A remote \nattacker could exploit this to obtain sensitive information or cause a \ndenial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in \nthe Content-Type HTTP header. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks against Internet Explorer 7 \nusers. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when \ncreating the ~/.pypirc file. A local attacker could exploit this to obtain \nsensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its \ninput when handling HTTP POST requests. A remote attacker could exploit \nthis to cause a denial of service via excessive CPU utilization. \n(CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values \nwithout restricting the ability to trigger hash collisions predictably. If \na user or application using pyexpat were tricked into opening a crafted XML \nfile, an attacker could cause a denial of service by consuming excessive \nCPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly \nhandle memory reallocation when processing XML files. If a user or \napplication using pyexpat were tricked into opening a crafted XML file, an \nattacker could cause a denial of service by consuming excessive memory \nresources. (CVE-2012-1148)", "modified": "2012-10-17T00:00:00", "published": "2012-10-17T00:00:00", "id": "USN-1613-1", "href": "https://ubuntu.com/security/notices/USN-1613-1", "title": "Python 2.5 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T01:41:45", "bulletinFamily": "unix", "description": "It was discovered that Python would prepend an empty string to sys.path \nunder certain circumstances. A local attacker with write access to the \ncurrent working directory could exploit this to execute arbitrary code. \n(CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input \nvalidation. If a user or automatated system were tricked into opening a \ncrafted audio file, an attacker could cause a denial of service via \napplication crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. \nA remote attacker could exploit this to cause a denial of service via \ndaemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform \ninput validation on certain HTTP GET requests. A remote attacker could \npotentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process \nLocation headers that specify a redirection to file: URLs. A remote \nattacker could exploit this to obtain sensitive information or cause a \ndenial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in \nthe Content-Type HTTP header. An attacker could potentially exploit this \nto conduct cross-site scripting (XSS) attacks against Internet Explorer 7 \nusers. This issue only affected Ubuntu 11.04. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when \ncreating the ~/.pypirc file. A local attacker could exploit this to obtain \nsensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its \ninput when handling HTTP POST requests. A remote attacker could exploit \nthis to cause a denial of service via excessive CPU utilization. \n(CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm attacks. \nAn attacker could cause a denial of service under certian circumstances. \nThis update adds the '-R' command line option and honors setting the \nPYTHONHASHSEED environment variable to 'random' to salt str and datetime \nobjects with an unpredictable value. (CVE-2012-1150)", "modified": "2012-10-04T00:00:00", "published": "2012-10-04T00:00:00", "id": "USN-1596-1", "href": "https://ubuntu.com/security/notices/USN-1596-1", "title": "Python 2.6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2016-11-09T00:09:44", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable **column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-01T00:00:00", "published": "2014-12-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/900/sol15905.html", "id": "SOL15905", "title": "SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T02:18:15", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 242353 (BIG-IP) and ID 491424 (F5 WebSafe) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H495544 on the **Diagnostics** &gt; **Identified** &gt; **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP AAM| None| 11.4.0 - 11.6.0| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| None \nBIG-IP APM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP ASM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP Edge Gateway| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP GTM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP Link Controller| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP PEM| None| 11.3.0 - 11.6.0| None \nBIG-IP PSM| 10.1.0| 11.0.0 - 11.4.1 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP WebAccelerator| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP WOM| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nARX| None| 6.2.0 - 6.4.0| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.4.0| None \nBIG-IQ Device| None| 4.2.0 - 4.4.0| None \nBIG-IQ Security| None| 4.0.0 - 4.4.0| None \nLineRate| None| 2.4.0 - 2.5.0 \n1.6.0 - 1.6.4| None \nF5 WebSafe| None| 1.0.0| None\n\nIf the previous table lists a version in the **Versions known to be not vulnerable **column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-17T20:01:00", "published": "2014-12-12T01:48:00", "id": "F5:K15905", "href": "https://support.f5.com/csp/article/K15905", "title": "Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-04-06T22:39:57", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2018-09-12T00:17:00", "published": "2018-09-12T00:17:00", "id": "F5:K75910138", "href": "https://support.f5.com/csp/article/K75910138", "title": "Python vulnerabilities CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, and CVE-2012-1150", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "exploitdb": [{"lastseen": "2016-02-03T20:35:19", "bulletinFamily": "exploit", "description": "Python 3.2 'audioop' Module Memory Corruption Vulnerability. CVE-2010-2089. Dos exploit for unix platform", "modified": "2010-06-14T00:00:00", "published": "2010-06-14T00:00:00", "id": "EDB-ID:34145", "href": "https://www.exploit-db.com/exploits/34145/", "type": "exploitdb", "title": "Python <= 3.2 - 'audioop' Module Memory Corruption Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/40863/info\r\n\r\nThe 'audioop' module for Python is prone to a memory-corruption vulnerability.\r\n\r\nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.\r\n\r\n $ python -c \"import audioop; audioop.reverse('X', 2)\" ", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/34145/"}], "seebug": [{"lastseen": "2017-11-19T18:11:05", "bulletinFamily": "exploit", "description": "CVE ID: CVE-2010-2089\r\n\r\nPython\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u811a\u672c\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nPython\u7684audioop\u6a21\u5757\u4e2d\u7684\u591a\u6570\u51fd\u6570\u76f4\u63a5\u5c06\u5b57\u8282\u5b57\u7b26\u4e32\uff08\u97f3\u9891\u6570\u636e\uff09\u548csize\u53c2\u6570\uff08\u91c7\u6837\u7684\u5b57\u8282\u6570\uff09\u7528\u4f5c\u4e86\u8f93\u5165\uff0c\u4f46\u6ca1\u6709\u68c0\u67e5\u5b57\u8282\u5b57\u7b26\u4e32\u7684\u957f\u5ea6\u4e3a size\u7684\u6574\u6570\u500d\u3002\u5982\u679c\u7528\u6237\u4ece\u97f3\u9891\u6587\u4ef6\u8bfb\u53d6\u4e86\u7279\u5236\u53c2\u6570\uff0c\u5c31\u53ef\u80fd\u5bf9\u672a\u7ecf\u521d\u59cb\u5316\u7684\u5185\u5b58\u6267\u884c\u8bfb\u5199\u8bbf\u95ee\uff0c\u5e94\u7528\u7a0b\u5e8f\u53ef\u80fd\u4f1a\u5d29\u6e83\u3002\n\nPython Software Foundation Python 3.2\r\nPython Software Foundation Python 2.7\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPython Software Foundation\r\n--------------------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://bugs.python.org/file15823/audioop_check_length.patch", "modified": "2010-05-31T00:00:00", "published": "2010-05-31T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19709", "id": "SSV:19709", "type": "seebug", "title": "Python audioop\u6a21\u5757\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "sourceData": "\n $ python -c &quot;import audioop; audioop.reverse('X', 2)&quot;\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-19709", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}