ID CENTOS_RHSA-2016-2586.NASL Type nessus Reporter Tenable Modified 2018-07-02T00:00:00
Description
An update for python is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es) :
A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)
Additional Changes :
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2016:2586 and
# CentOS Errata and Security Advisory 2016:2586 respectively.
#
include("compat.inc");
if (description)
{
script_id(95332);
script_version("3.2");
script_cvs_date("Date: 2018/07/02 18:48:54");
script_cve_id("CVE-2016-5636");
script_xref(name:"RHSA", value:"2016:2586");
script_name(english:"CentOS 7 : python (CESA-2016:2586)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"An update for python is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Low. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Python is an interpreted, interactive, object-oriented programming
language, which includes modules, classes, exceptions, very high level
dynamic data types and dynamic typing. Python supports interfaces to
many system calls and libraries, as well as to various windowing
systems.
Security Fix(es) :
* A vulnerability was discovered in Python, in the built-in
zipimporter. A specially crafted zip file placed in a module path such
that it would be loaded by a later 'import' statement could cause a
heap overflow, leading to arbitrary code execution. (CVE-2016-5636)
Additional Changes :
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.3 Release Notes linked from the References section."
);
# http://lists.centos.org/pipermail/centos-cr-announce/2016-November/003444.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?6cbce9ce"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected python packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tkinter");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
script_set_attribute(attribute:"patch_publication_date", value:"2016/11/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/28");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/CentOS/release")) audit(AUDIT_OS_NOT, "CentOS");
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-2.7.5-48.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-debug-2.7.5-48.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-devel-2.7.5-48.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-libs-2.7.5-48.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-test-2.7.5-48.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-tools-2.7.5-48.el7")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"tkinter-2.7.5-48.el7")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "CENTOS_RHSA-2016-2586.NASL", "bulletinFamily": "scanner", "title": "CentOS 7 : python (CESA-2016:2586)", "description": "An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "published": "2016-11-28T00:00:00", "modified": "2018-07-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=95332", "reporter": "Tenable", "references": ["http://www.nessus.org/u?6cbce9ce"], "cvelist": ["CVE-2016-5636"], "type": "nessus", "lastseen": "2018-09-01T23:34:28", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2016-5636"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "edition": 1, "enchantments": {}, "hash": "f7529d5136e41837304551f70fb5fdb07f72def0f0f04e84543f58c65326951b", "hashmap": [{"hash": "44f88fe1b50430a1cbe7a74903c281c2", "key": "cvelist"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "published"}, {"hash": "292d45b89536815ec9ef305e2e7f3c7b", "key": "href"}, {"hash": "717ed6f1e7caa3e5b388a0b592cc729b", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "0b968571bc3c04cc16405181220b3691", "key": "title"}, {"hash": "2ec649d39fe1ffbafe5f21b638b2223d", "key": "sourceData"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "443dc22bcfc36b7042d3677e0af49006", "key": "references"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "65394783071bddd5b79bc60b7c1ecd6c", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95332", "id": "CENTOS_RHSA-2016-2586.NASL", "lastseen": "2016-11-28T21:32:55", "modified": "2016-11-28T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.2", "pluginID": "95332", "published": "2016-11-28T00:00:00", "references": ["http://www.nessus.org/u?6cbce9ce"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2586 and \n# CentOS Errata and Security Advisory 2016:2586 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95332);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2016/11/28 15:05:43 $\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_osvdb_id(140125);\n script_xref(name:\"RHSA\", value:\"2016:2586\");\n\n script_name(english:\"CentOS 7 : python (CESA-2016:2586)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to\nmany system calls and libraries, as well as to various windowing\nsystems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in\nzipimporter. A specially crafted zip file placed in a module path such\nthat it would be loaded by a later 'import' statement could cause a\nheap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2016-November/003444.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cbce9ce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-48.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : python (CESA-2016:2586)", "type": "nessus", "viewCount": 14}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-11-28T21:32:55"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:tkinter", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "p-cpe:/a:centos:centos:python-debug", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:python-test", "p-cpe:/a:centos:centos:python-libs", "p-cpe:/a:centos:centos:python-tools"], "cvelist": ["CVE-2016-5636"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "edition": 3, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "b24698c46e463bbea5a09c3fcadb94d4d592d42d2b76b016151558c9c6c2710a", "hashmap": [{"hash": "44f88fe1b50430a1cbe7a74903c281c2", "key": "cvelist"}, {"hash": "65ce2cd9795171009a137f1144d186e7", "key": "sourceData"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "published"}, {"hash": "292d45b89536815ec9ef305e2e7f3c7b", "key": "href"}, {"hash": "717ed6f1e7caa3e5b388a0b592cc729b", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "0b968571bc3c04cc16405181220b3691", "key": "title"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "443dc22bcfc36b7042d3677e0af49006", "key": "references"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d86683f3eeccbf44e2ab34f88d992b1c", "key": "cpe"}, {"hash": "65394783071bddd5b79bc60b7c1ecd6c", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95332", "id": "CENTOS_RHSA-2016-2586.NASL", "lastseen": "2018-07-03T09:30:40", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "95332", "published": "2016-11-28T00:00:00", "references": ["http://www.nessus.org/u?6cbce9ce"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2586 and \n# CentOS Errata and Security Advisory 2016:2586 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95332);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/07/02 18:48:54\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_xref(name:\"RHSA\", value:\"2016:2586\");\n\n script_name(english:\"CentOS 7 : python (CESA-2016:2586)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to\nmany system calls and libraries, as well as to various windowing\nsystems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in\nzipimporter. A specially crafted zip file placed in a module path such\nthat it would be loaded by a later 'import' statement could cause a\nheap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2016-November/003444.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cbce9ce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-48.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : python (CESA-2016:2586)", "type": "nessus", "viewCount": 23}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-03T09:30:40"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:tkinter", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "p-cpe:/a:centos:centos:python-debug", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:python-test", "p-cpe:/a:centos:centos:python-libs", "p-cpe:/a:centos:centos:python-tools"], "cvelist": ["CVE-2016-5636"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "edition": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "f2ba1787e87ab79d9299d42e74cfe167fc9bcfe27bb176466d0adf057074bc4e", "hashmap": [{"hash": "44f88fe1b50430a1cbe7a74903c281c2", "key": "cvelist"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "published"}, {"hash": "292d45b89536815ec9ef305e2e7f3c7b", "key": "href"}, {"hash": "717ed6f1e7caa3e5b388a0b592cc729b", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "0b968571bc3c04cc16405181220b3691", "key": "title"}, {"hash": "2ec649d39fe1ffbafe5f21b638b2223d", "key": "sourceData"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "443dc22bcfc36b7042d3677e0af49006", "key": "references"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d86683f3eeccbf44e2ab34f88d992b1c", "key": "cpe"}, {"hash": "65394783071bddd5b79bc60b7c1ecd6c", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95332", "id": "CENTOS_RHSA-2016-2586.NASL", "lastseen": "2017-10-29T13:33:54", "modified": "2016-11-28T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "95332", "published": "2016-11-28T00:00:00", "references": ["http://www.nessus.org/u?6cbce9ce"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2586 and \n# CentOS Errata and Security Advisory 2016:2586 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95332);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2016/11/28 15:05:43 $\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_osvdb_id(140125);\n script_xref(name:\"RHSA\", value:\"2016:2586\");\n\n script_name(english:\"CentOS 7 : python (CESA-2016:2586)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to\nmany system calls and libraries, as well as to various windowing\nsystems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in\nzipimporter. A specially crafted zip file placed in a module path such\nthat it would be loaded by a later 'import' statement could cause a\nheap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2016-November/003444.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cbce9ce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-48.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : python (CESA-2016:2586)", "type": "nessus", "viewCount": 23}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:33:54"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:centos:centos:tkinter", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "p-cpe:/a:centos:centos:python-debug", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:python-test", "p-cpe:/a:centos:centos:python-libs", "p-cpe:/a:centos:centos:python-tools"], "cvelist": ["CVE-2016-5636"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "edition": 4, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "767c2b5b3c943bd9ebba5caff712e9631a2ff764081e698eaa303c0f5b61c3c9", "hashmap": [{"hash": "44f88fe1b50430a1cbe7a74903c281c2", "key": "cvelist"}, {"hash": "65ce2cd9795171009a137f1144d186e7", "key": "sourceData"}, {"hash": "5b6e285ed6333e664cb3599907b7f5b6", "key": "published"}, {"hash": "292d45b89536815ec9ef305e2e7f3c7b", "key": "href"}, {"hash": "717ed6f1e7caa3e5b388a0b592cc729b", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "0b968571bc3c04cc16405181220b3691", "key": "title"}, {"hash": "8f8213e8b86855939d5beea715ce3045", "key": "naslFamily"}, {"hash": "443dc22bcfc36b7042d3677e0af49006", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "d86683f3eeccbf44e2ab34f88d992b1c", "key": "cpe"}, {"hash": "65394783071bddd5b79bc60b7c1ecd6c", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=95332", "id": "CENTOS_RHSA-2016-2586.NASL", "lastseen": "2018-08-30T19:31:42", "modified": "2018-07-02T00:00:00", "naslFamily": "CentOS Local Security Checks", "objectVersion": "1.3", "pluginID": "95332", "published": "2016-11-28T00:00:00", "references": ["http://www.nessus.org/u?6cbce9ce"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2586 and \n# CentOS Errata and Security Advisory 2016:2586 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95332);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/07/02 18:48:54\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_xref(name:\"RHSA\", value:\"2016:2586\");\n\n script_name(english:\"CentOS 7 : python (CESA-2016:2586)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to\nmany system calls and libraries, as well as to various windowing\nsystems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in\nzipimporter. A specially crafted zip file placed in a module path such\nthat it would be loaded by a later 'import' statement could cause a\nheap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2016-November/003444.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cbce9ce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-48.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "CentOS 7 : python (CESA-2016:2586)", "type": "nessus", "viewCount": 23}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:31:42"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "d86683f3eeccbf44e2ab34f88d992b1c"}, {"key": "cvelist", "hash": "44f88fe1b50430a1cbe7a74903c281c2"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "65394783071bddd5b79bc60b7c1ecd6c"}, {"key": "href", "hash": "292d45b89536815ec9ef305e2e7f3c7b"}, {"key": "modified", "hash": "28c8e8fb0a1a6b2926bc5fd729ee5bd4"}, {"key": "naslFamily", "hash": "8f8213e8b86855939d5beea715ce3045"}, {"key": "pluginID", "hash": "717ed6f1e7caa3e5b388a0b592cc729b"}, {"key": "published", "hash": "5b6e285ed6333e664cb3599907b7f5b6"}, {"key": "references", "hash": "443dc22bcfc36b7042d3677e0af49006"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "65ce2cd9795171009a137f1144d186e7"}, {"key": "title", "hash": "0b968571bc3c04cc16405181220b3691"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "b24698c46e463bbea5a09c3fcadb94d4d592d42d2b76b016151558c9c6c2710a", "viewCount": 25, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2586 and \n# CentOS Errata and Security Advisory 2016:2586 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95332);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/07/02 18:48:54\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_xref(name:\"RHSA\", value:\"2016:2586\");\n\n script_name(english:\"CentOS 7 : python (CESA-2016:2586)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to\nmany system calls and libraries, as well as to various windowing\nsystems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in\nzipimporter. A specially crafted zip file placed in a module path such\nthat it would be loaded by a later 'import' statement could cause a\nheap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2016-November/003444.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6cbce9ce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-48.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-48.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "CentOS Local Security Checks", "pluginID": "95332", "cpe": ["p-cpe:/a:centos:centos:tkinter", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "p-cpe:/a:centos:centos:python-debug", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:python-test", "p-cpe:/a:centos:centos:python-libs", "p-cpe:/a:centos:centos:python-tools"]}
{"cve": [{"lastseen": "2018-01-05T11:52:18", "references": ["http://www.securitytracker.com/id/1038138", "http://www.splunk.com/view/SP-CAAAPSV", "https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2", "https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS", "https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5", "http://www.openwall.com/lists/oss-security/2016/06/16/1", "http://rhn.redhat.com/errata/RHSA-2016-2586.html", "http://www.openwall.com/lists/oss-security/2016/06/15/15", "http://www.splunk.com/view/SP-CAAAPUE", "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", "https://bugs.python.org/issue26171", "http://www.securityfocus.com/bid/91247", "https://security.gentoo.org/glsa/201701-18"], "description": "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.", "edition": 4, "reporter": "NVD", "published": "2016-09-02T10:59:06", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "cve", "title": "CVE-2016-5636", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2016-5636"], "scanner": [], "cpe": ["cpe:/a:python:python:3.5.1", "cpe:/a:python:python:3.4.0", "cpe:/a:python:python:3.0.1", "cpe:/a:python:python:3.4.1", "cpe:/a:python:python:3.1.1", "cpe:/a:python:python:3.5.0", "cpe:/a:python:python:3.4.3", "cpe:/a:python:python:3.2.0", "cpe:/a:python:python:3.1.2", "cpe:/a:python:python:3.4.2", "cpe:/a:python:python:3.3.4", "cpe:/a:python:python:3.3.6", "cpe:/a:python:python:3.3.3", "cpe:/a:python:python:3.3.0", "cpe:/a:python:python:3.1.0", "cpe:/a:python:python:3.3.5", "cpe:/a:python:python:3.4.4", "cpe:/a:python:python:3.0", "cpe:/a:python:python:3.2.2", "cpe:/a:python:python:3.2.1", "cpe:/a:python:python:3.2.3", "cpe:/a:python:python:3.3.2", "cpe:/a:python:python:3.1.3", "cpe:/a:python:python:3.1.5", "cpe:/a:python:python:3.2.4", "cpe:/a:python:python:2.7.11", "cpe:/a:python:python:3.1.4", "cpe:/a:python:python:3.2.5", "cpe:/a:python:python:3.2.6", "cpe:/a:python:python:3.3.1"], "modified": "2018-01-04T21:31:03", "id": "CVE-2016-5636", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5636", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-09-01T23:45:51", "references": ["2016-eff21665e7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3A4AIH4CTP3XV2QU53HVNJR26OPPC6U3"], "pluginID": "1361412562310808715", "description": "Check the version of python", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-08-02T00:00:00", "title": "Fedora Update for python FEDORA-2016-eff21665e7", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310808715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2016-eff21665e7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808715\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:55:36 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-5636\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python FEDORA-2016-eff21665e7\");\n script_tag(name: \"summary\", value: \"Check the version of python\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Python is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nProgrammers can write new built-in modules for Python in C or C++.\nPython can be used as an extension language for applications that need\na programmable interface.\n\nNote that documentation for Python is provided in the python-docs\npackage.\n\nThis package provides the 'python' executable most of the actual\nimplementation is within the 'python-libs' package.\n\");\n script_tag(name: \"affected\", value: \"python on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-eff21665e7\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3A4AIH4CTP3XV2QU53HVNJR26OPPC6U3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.11~7.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:19", "references": ["2016-308f78b2f4", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVZP3N2LO5PCELJKDAN3WPHVCFXA4GEW"], "pluginID": "1361412562310808717", "description": "Check the version of python3", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-08-02T00:00:00", "title": "Fedora Update for python3 FEDORA-2016-308f78b2f4", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310808717", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808717", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2016-308f78b2f4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808717\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:57:35 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-5636\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python3 FEDORA-2016-308f78b2f4\");\n script_tag(name: \"summary\", value: \"Check the version of python3\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Python 3 is a new version of the language that is incompatible with the 2.x\nline of releases. The language is mostly the same, but many details, especially\nhow built-in objects like dictionaries and strings work, have changed\nconsiderably, and a lot of deprecated features have finally been removed.\n\");\n script_tag(name: \"affected\", value: \"python3 on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-308f78b2f4\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VVZP3N2LO5PCELJKDAN3WPHVCFXA4GEW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.4.3~11.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:48:33", "references": ["2016-d3a529aad6", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVQLDADAXY6O56IABJI2MVGAOW6R5YNX"], "pluginID": "1361412562310808437", "description": "Check the version of python", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-06-18T00:00:00", "title": "Fedora Update for python FEDORA-2016-d3a529aad6", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310808437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2016-d3a529aad6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808437\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-18 05:26:45 +0200 (Sat, 18 Jun 2016)\");\n script_cve_id(\"CVE-2016-5636\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python FEDORA-2016-d3a529aad6\");\n script_tag(name: \"summary\", value: \"Check the version of python\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n \n script_tag(name: \"insight\", value: \"Python is an interpreted, interactive,\n object-oriented programming language often compared to Tcl, Perl, Scheme or\n Java. Python includes modules, classes, exceptions, very high level dynamic\n data types and dynamic typing. Python supports interfaces to many system\n calls and libraries, as well as to various windowing systems (X11, Motif,\n Tk, Mac and MFC).\n\n Programmers can write new built-in modules for Python in C or C++.\n Python can be used as an extension language for applications that need\n a programmable interface.\n\n Note that documentation for Python is provided in the python-docs\n package.\n\n This package provides the 'python' executable most of the actual\n implementation is within the 'python-libs' package.\");\n\n script_tag(name: \"affected\", value: \"python on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-d3a529aad6\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVQLDADAXY6O56IABJI2MVGAOW6R5YNX\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.11~4.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:57", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGGEQWXVZ7CVHIOLQOBCFP3UKSGXD3LY", "2016-d5917e939e"], "pluginID": "1361412562310808453", "description": "Check the version of python", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-06-19T00:00:00", "title": "Fedora Update for python FEDORA-2016-d5917e939e", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310808453", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808453", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2016-d5917e939e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808453\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-19 05:26:44 +0200 (Sun, 19 Jun 2016)\");\n script_cve_id(\"CVE-2016-5636\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python FEDORA-2016-d5917e939e\");\n script_tag(name: \"summary\", value: \"Check the version of python\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"Python is an interpreted, interactive,\n object-oriented programming language often compared to Tcl, Perl, Scheme\n or Java. Python includes modules, classes, exceptions, very high level\n dynamic data types and dynamic typing. Python supports interfaces to\n many system calls and libraries, as well as to various windowing systems\n (X11, Motif, Tk, Mac and MFC).\n\n Programmers can write new built-in modules for Python in C or C++.\n Python can be used as an extension language for applications that need\n a programmable interface.\n\n Note that documentation for Python is provided in the python-docs\n package.\n\n This package provides the 'python' executable most of the actual\n implementation is within the 'python-libs' package.\");\n\n script_tag(name: \"affected\", value: \"python on Fedora 24\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-d5917e939e\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGGEQWXVZ7CVHIOLQOBCFP3UKSGXD3LY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.11~5.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:36", "references": ["2016-e63a732c9d", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IILKYSKZHMDIB4EO32NXPRWFWOXHXTPN"], "pluginID": "1361412562310808966", "description": "Check the version of python3", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-08-02T00:00:00", "title": "Fedora Update for python3 FEDORA-2016-e63a732c9d", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310808966", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808966", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2016-e63a732c9d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808966\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:56:14 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-5636\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python3 FEDORA-2016-e63a732c9d\");\n script_tag(name: \"summary\", value: \"Check the version of python3\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Python 3 is a new version of the language that is incompatible with the 2.x\nline of releases. The language is mostly the same, but many details, especially\nhow built-in objects like dictionaries and strings work, have changed\nconsiderably, and a lot of deprecated features have finally been removed.\n\");\n script_tag(name: \"affected\", value: \"python3 on Fedora 24\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-e63a732c9d\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IILKYSKZHMDIB4EO32NXPRWFWOXHXTPN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.5.1~12.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:48", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJNAPDT6G24LTNK7OSRNGHELZ7JLSXF3", "2016-9932f852c7"], "pluginID": "1361412562310808903", "description": "Check the version of python", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-08-02T00:00:00", "title": "Fedora Update for python FEDORA-2016-9932f852c7", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310808903", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808903", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python FEDORA-2016-9932f852c7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808903\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-02 10:56:55 +0530 (Tue, 02 Aug 2016)\");\n script_cve_id(\"CVE-2016-5636\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python FEDORA-2016-9932f852c7\");\n script_tag(name: \"summary\", value: \"Check the version of python\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Python is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nProgrammers can write new built-in modules for Python in C or C++.\nPython can be used as an extension language for applications that need\na programmable interface.\n\nNote that documentation for Python is provided in the python-docs\npackage.\n\nThis package provides the 'python' executable most of the actual\nimplementation is within the 'python-libs' package.\n\");\n script_tag(name: \"affected\", value: \"python on Fedora 24\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-9932f852c7\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJNAPDT6G24LTNK7OSRNGHELZ7JLSXF3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.11~8.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:42", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N32FJCDI6HMLUHBTJBOSMHGASPNX2HF7", "2016-32e5a8c3a8"], "pluginID": "1361412562310808441", "description": "Check the version of python3", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-06-18T00:00:00", "title": "Fedora Update for python3 FEDORA-2016-32e5a8c3a8", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310808441", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808441", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2016-32e5a8c3a8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808441\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-18 05:26:48 +0200 (Sat, 18 Jun 2016)\");\n script_cve_id(\"CVE-2016-5636\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python3 FEDORA-2016-32e5a8c3a8\");\n script_tag(name: \"summary\", value: \"Check the version of python3\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n \n script_tag(name: \"insight\", value: \"Python 3 is a new version of the language\n that is incompatible with the 2.x line of releases. The language is mostly the\n same, but many details, especially how built-in objects like dictionaries and\n strings work, have changed considerably, and a lot of deprecated features have\n finally been removed.\");\n\n script_tag(name: \"affected\", value: \"python3 on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-32e5a8c3a8\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N32FJCDI6HMLUHBTJBOSMHGASPNX2HF7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.4.3~7.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:48:06", "references": ["https://www.redhat.com/archives/rhsa-announce/2016-November/msg00022.html", "2016:2586-02"], "pluginID": "1361412562310871711", "description": "Check the version of python", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-11-04T00:00:00", "title": "RedHat Update for python RHSA-2016:2586-02", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:1361412562310871711", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871711", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2016:2586-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871711\");\n script_version(\"$Revision: 6690 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:51:07 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-04 05:43:41 +0100 (Fri, 04 Nov 2016)\");\n script_cve_id(\"CVE-2016-5636\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for python RHSA-2016:2586-02\");\n script_tag(name: \"summary\", value: \"Check the version of python\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"Python is an interpreted, interactive,\nobject-oriented programming language, which includes modules, classes, exceptions,\nvery high level dynamic data types and dynamic typing. Python supports interfaces\nto many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* A vulnerability was discovered in Python, in the built-in zipimporter. A\nspecially crafted zip file placed in a module path such that it would be\nloaded by a later 'import' statement could cause a heap overflow, leading\nto arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\n\");\n script_tag(name: \"affected\", value: \"python on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"RHSA\", value: \"2016:2586-02\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00022.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~48.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.7.5~48.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~48.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~48.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:50", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMWMJ6VPFLWNKKG46SPDUR2VQ2JISYDC", "2016-22eab18150"], "pluginID": "1361412562310808452", "description": "Check the version of python3", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-06-19T00:00:00", "title": "Fedora Update for python3 FEDORA-2016-22eab18150", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310808452", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808452", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python3 FEDORA-2016-22eab18150\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808452\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-19 05:26:37 +0200 (Sun, 19 Jun 2016)\");\n script_cve_id(\"CVE-2016-5636\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for python3 FEDORA-2016-22eab18150\");\n script_tag(name: \"summary\", value: \"Check the version of python3\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"Python 3 is a new version of the language\n that is incompatible with the 2.x line of releases. The language is mostly the\n same, but many details, especially how built-in objects like dictionaries and\n strings work, have changed considerably, and a lot of deprecated features\n have finally been removed.\");\n\n script_tag(name: \"affected\", value: \"python3 on Fedora 24\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-22eab18150\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMWMJ6VPFLWNKKG46SPDUR2VQ2JISYDC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.5.1~8.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:48:35", "references": ["https://hg.python.org/cpython/rev/d590114c2394", "https://bugs.python.org/issue26171"], "pluginID": "1361412562310809216", "description": "This host is running Cpython and is\n prone to man in middle attack and arbitrary code execution Vulnerabilities.", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-09-12T00:00:00", "title": "Cpython Man in Middle Attack and Code Execution Vulnerabilities (Windows)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-0772", "CVE-2016-5636"], "modified": "2017-10-24T00:00:00", "id": "OPENVAS:1361412562310809216", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809216", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cpython_mima_nd_code_exec_vuln_win.nasl 7545 2017-10-24 11:45:30Z cfischer $\n#\n# Cpython Man in Middle Attack and Code Execution Vulnerabilities (Windows)\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:python:python\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809216\");\n script_version(\"$Revision: 7545 $\");\n script_cve_id(\"CVE-2016-5636\", \"CVE-2016-0772\");\n script_bugtraq_id(91247, 91225);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-10-24 13:45:30 +0200 (Tue, 24 Oct 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-09-12 12:56:46 +0530 (Mon, 12 Sep 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"Cpython Man in Middle Attack and Code Execution Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is running Cpython and is\n prone to man in middle attack and arbitrary code execution Vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to the smtplib \n library in CPython does not return an error when StartTLS fails and integer \n overflow error in the 'get_data' function in 'zipimport.c' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n man-in-the-middle attackers to bypass the TLS protections and remote attackers\n to cause buffer overflow.\n\n Impact Level: Application\");\n\n script_tag(name:\"affected\", value:\"Cpython before 2.7.12, 3.x before 3.4.5,\n and 3.5.x before 3.5.2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version Cpython 2.7.12, or\n 3.4.5, or 3.5.2 or later. For updates refer to https://hg.python.org/cpython\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name : \"URL\" , value : \"https://hg.python.org/cpython/rev/d590114c2394\");\n script_xref(name : \"URL\" , value : \"https://bugs.python.org/issue26171\");\n\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_Python_detection.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"pyVer/installed\",\"Host/runs_windows\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\npythonPort = \"\";\npythonVer = \"\";\n\n## Get HTTP Port\nif(!pythonPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\n## Get Version\nif(!pythonVer = get_app_version(cpe:CPE, port:pythonPort)){\n exit(0);\n}\n\n## Check for version before 2.7.12\nif(version_is_less(version:pythonVer, test_version:\"2.7.12\"))\n{\n fix = '2.7.12';\n VULN = TRUE;\n}\n\n## Check for version before 3.4.5\nelse if(pythonVer =~ \"^(3\\.)\")\n{\n if(version_in_range(version:pythonVer, test_version:\"3.0\", test_version2:\"3.4.4\"))\n {\n fix = '3.4.5';\n VULN = TRUE;\n }\n}\n\n## Check for version 3.5.x before 3.5.2\nelse if(pythonVer =~ \"^(3\\.5)\")\n{\n if(version_in_range(version:pythonVer, test_version:\"3.5.0\", test_version2:\"3.5.1\"))\n {\n fix = '3.5.2';\n VULN = TRUE;\n }\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:pythonVer, fixed_version:fix);\n security_message(data:report, port:pythonPort);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-01T23:40:23", "references": ["http://www.nessus.org/u?ae00407e"], "pluginID": "99850", "description": "According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 12, "reporter": "Tenable", "published": "2017-05-01T00:00:00", "title": "EulerOS 2.0 SP1 : python (EulerOS-SA-2017-1003)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Huawei Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2018-08-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python", "p-cpe:/a:huawei:euleros:python-devel", "p-cpe:/a:huawei:euleros:python-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99850", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99850);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/08/10 15:55:07\");\n\n script_cve_id(\n \"CVE-2016-5636\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : python (EulerOS-SA-2017-1003)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the python packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - A vulnerability was discovered in Python, in the\n built-in zipimporter. A specially crafted zip file\n placed in a module path such that it would be loaded by\n a later 'import' statement could cause a heap overflow,\n leading to arbitrary code execution. (CVE-2016-5636)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1003\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae00407e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"python-2.7.5-38.h3\",\n \"python-devel-2.7.5-38.h3\",\n \"python-libs-2.7.5-38.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:44:41", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3a529aad6"], "pluginID": "92173", "description": "Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data()\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2016-07-14T00:00:00", "title": "Fedora 23 : python (2016-d3a529aad6)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2016-10-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:23", "p-cpe:/a:fedoraproject:fedora:python"], "id": "FEDORA_2016-D3A529AAD6.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92173", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-d3a529aad6.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92173);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/10/18 17:03:07 $\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_xref(name:\"FEDORA\", value:\"2016-d3a529aad6\");\n\n script_name(english:\"Fedora 23 : python (2016-d3a529aad6)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Added patch for fixing possible integer overflow and heap corruption\nin zipimporter.get_data()\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3a529aad6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"python-2.7.11-4.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:41:53", "references": ["http://www.nessus.org/u?5ab12d8d", "http://bugs.python.org/issue26171"], "pluginID": "91699", "description": "Python reports :\n\nPossible integer overflow and heap corruption in zipimporter.get_data()", "edition": 5, "reporter": "Tenable", "published": "2016-06-20T00:00:00", "title": "FreeBSD : Python -- Integer overflow in zipimport module (1d0f6852-33d8-11e6-a671-60a44ce6887b)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2016-10-19T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:python35", "p-cpe:/a:freebsd:freebsd:python34", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:python27", "p-cpe:/a:freebsd:freebsd:python33"], "id": "FREEBSD_PKG_1D0F685233D811E6A67160A44CE6887B.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91699", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2016 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91699);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/19 14:02:53 $\");\n\n script_cve_id(\"CVE-2016-5636\");\n\n script_name(english:\"FreeBSD : Python -- Integer overflow in zipimport module (1d0f6852-33d8-11e6-a671-60a44ce6887b)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Python reports :\n\nPossible integer overflow and heap corruption in\nzipimporter.get_data()\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.python.org/issue26171\"\n );\n # http://www.freebsd.org/ports/portaudit/1d0f6852-33d8-11e6-a671-60a44ce6887b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ab12d8d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python35\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"python35<3.5.1_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python34<3.4.4_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python33<3.3.6_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python27<2.7.11_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:00:48", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2016-32e5a8c3a8"], "pluginID": "92076", "description": "Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data()\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2016-07-14T00:00:00", "title": "Fedora 23 : python3 (2016-32e5a8c3a8)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2016-10-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python3", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-32E5A8C3A8.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92076", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-32e5a8c3a8.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92076);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/10/18 16:42:54 $\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_xref(name:\"FEDORA\", value:\"2016-32e5a8c3a8\");\n\n script_name(english:\"Fedora 23 : python3 (2016-32e5a8c3a8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Added patch for fixing possible integer overflow and heap corruption\nin zipimporter.get_data()\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-32e5a8c3a8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"python3-3.4.3-7.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:33:48", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2016-eff21665e7"], "pluginID": "92336", "description": "CVE-2016-5636\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2016-07-18T00:00:00", "title": "Fedora 23 : python (2016-eff21665e7)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2016-10-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:23", "p-cpe:/a:fedoraproject:fedora:python"], "id": "FEDORA_2016-EFF21665E7.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92336", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-eff21665e7.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92336);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/18 17:03:08 $\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_xref(name:\"FEDORA\", value:\"2016-eff21665e7\");\n\n script_name(english:\"Fedora 23 : python (2016-eff21665e7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-5636\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-eff21665e7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"python-2.7.11-7.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:51:03", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2016-9932f852c7"], "pluginID": "92271", "description": "CVE-2016-5636\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2016-07-15T00:00:00", "title": "Fedora 24 : python (2016-9932f852c7)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2016-10-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:python"], "id": "FEDORA_2016-9932F852C7.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92271", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-9932f852c7.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92271);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/18 16:52:30 $\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_xref(name:\"FEDORA\", value:\"2016-9932f852c7\");\n\n script_name(english:\"Fedora 24 : python (2016-9932f852c7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-5636\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-9932f852c7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"python-2.7.11-8.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-18T16:47:32", "references": ["http://rhn.redhat.com/errata/RHSA-2016-2586.html", "https://www.redhat.com/security/data/cve/CVE-2016-5636.html"], "pluginID": "94549", "description": "An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "edition": 9, "reporter": "Tenable", "published": "2016-11-04T00:00:00", "title": "RHEL 7 : python (RHSA-2016:2586)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2018-10-17T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-tools", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-devel", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:tkinter", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:python-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-test", "p-cpe:/a:redhat:enterprise_linux:python-debug", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:python-libs"], "id": "REDHAT-RHSA-2016-2586.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=94549", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2586. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94549);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/10/17 12:00:18\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_xref(name:\"RHSA\", value:\"2016:2586\");\n\n script_name(english:\"RHEL 7 : python (RHSA-2016:2586)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to\nmany system calls and libraries, as well as to various windowing\nsystems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in\nzipimporter. A specially crafted zip file placed in a module path such\nthat it would be loaded by a later 'import' statement could cause a\nheap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2016-2586.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2016-5636.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2586\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-debug-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"python-debuginfo-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-devel-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"python-libs-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-test-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-tools-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"tkinter-2.7.5-48.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-48.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debug / python-debuginfo / python-devel / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:33:44", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-November/006476.html"], "pluginID": "94707", "description": "From Red Hat Security Advisory 2016:2586 :\n\nAn update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "edition": 6, "reporter": "Tenable", "published": "2016-11-11T00:00:00", "title": "Oracle Linux 7 : python (ELSA-2016-2586)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2018-07-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tkinter", "p-cpe:/a:oracle:linux:python", "p-cpe:/a:oracle:linux:python-libs", "p-cpe:/a:oracle:linux:python-test", "p-cpe:/a:oracle:linux:python-tools", "p-cpe:/a:oracle:linux:python-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:python-debug"], "id": "ORACLELINUX_ELSA-2016-2586.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=94707", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2586 and \n# Oracle Linux Security Advisory ELSA-2016-2586 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94707);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_xref(name:\"RHSA\", value:\"2016:2586\");\n\n script_name(english:\"Oracle Linux 7 : python (ELSA-2016-2586)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2586 :\n\nAn update for python is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage, which includes modules, classes, exceptions, very high level\ndynamic data types and dynamic typing. Python supports interfaces to\nmany system calls and libraries, as well as to various windowing\nsystems.\n\nSecurity Fix(es) :\n\n* A vulnerability was discovered in Python, in the built-in\nzipimporter. A specially crafted zip file placed in a module path such\nthat it would be loaded by a later 'import' statement could cause a\nheap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-November/006476.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-2.7.5-48.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-debug-2.7.5-48.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-devel-2.7.5-48.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-libs-2.7.5-48.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-test-2.7.5-48.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-tools-2.7.5-48.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"tkinter-2.7.5-48.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debug / python-devel / python-libs / python-test / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:49:57", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2016-e63a732c9d"], "pluginID": "92297", "description": "CVE-2016-5636\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2016-07-15T00:00:00", "title": "Fedora 24 : python3 (2016-e63a732c9d)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2016-10-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python3", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-E63A732C9D.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92297", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-e63a732c9d.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92297);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/18 17:03:08 $\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_xref(name:\"FEDORA\", value:\"2016-e63a732c9d\");\n\n script_name(english:\"Fedora 24 : python3 (2016-e63a732c9d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-5636\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-e63a732c9d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"python3-3.5.1-12.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:57:41", "references": ["https://bodhi.fedoraproject.org/updates/FEDORA-2016-d5917e939e"], "pluginID": "92175", "description": "Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data()\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2016-07-14T00:00:00", "title": "Fedora 24 : python (2016-d5917e939e)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5636"], "modified": "2016-10-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:24", "p-cpe:/a:fedoraproject:fedora:python"], "id": "FEDORA_2016-D5917E939E.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92175", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-d5917e939e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92175);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/10/18 17:03:07 $\");\n\n script_cve_id(\"CVE-2016-5636\");\n script_xref(name:\"FEDORA\", value:\"2016-d5917e939e\");\n\n script_name(english:\"Fedora 24 : python (2016-d5917e939e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Added patch for fixing possible integer overflow and heap corruption\nin zipimporter.get_data()\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-d5917e939e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"python-2.7.11-5.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-04-15T16:21:42", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "aarch64", "packageName": "python", "packageFilename": "python-2.7.5-48.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64", "packageName": "python", "packageFilename": "python-2.7.5-48.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64le", "packageName": "python", "packageFilename": "python-2.7.5-48.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "s390x", "packageName": "python", "packageFilename": "python-2.7.5-48.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "src", "packageName": "python", "packageFilename": "python-2.7.5-48.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python", "packageFilename": "python-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "aarch64", "packageName": "python-debug", "packageFilename": "python-debug-2.7.5-48.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64", "packageName": "python-debug", "packageFilename": "python-debug-2.7.5-48.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64le", "packageName": "python-debug", "packageFilename": "python-debug-2.7.5-48.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "s390x", "packageName": "python-debug", "packageFilename": "python-debug-2.7.5-48.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python-debug", "packageFilename": "python-debug-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "aarch64", "packageName": "python-debuginfo", "packageFilename": "python-debuginfo-2.7.5-48.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "i686", "packageName": "python-debuginfo", "packageFilename": "python-debuginfo-2.7.5-48.el7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc", "packageName": "python-debuginfo", "packageFilename": "python-debuginfo-2.7.5-48.el7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64", "packageName": "python-debuginfo", "packageFilename": "python-debuginfo-2.7.5-48.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64le", "packageName": "python-debuginfo", "packageFilename": "python-debuginfo-2.7.5-48.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "s390", "packageName": "python-debuginfo", "packageFilename": "python-debuginfo-2.7.5-48.el7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "s390x", "packageName": "python-debuginfo", "packageFilename": "python-debuginfo-2.7.5-48.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python-debuginfo", "packageFilename": "python-debuginfo-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "aarch64", "packageName": "python-devel", "packageFilename": "python-devel-2.7.5-48.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64", "packageName": "python-devel", "packageFilename": "python-devel-2.7.5-48.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64le", "packageName": "python-devel", "packageFilename": "python-devel-2.7.5-48.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "s390x", "packageName": "python-devel", "packageFilename": "python-devel-2.7.5-48.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python-devel", "packageFilename": "python-devel-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "aarch64", "packageName": "python-libs", "packageFilename": "python-libs-2.7.5-48.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "i686", "packageName": "python-libs", "packageFilename": "python-libs-2.7.5-48.el7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc", "packageName": "python-libs", "packageFilename": "python-libs-2.7.5-48.el7.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64", "packageName": "python-libs", "packageFilename": "python-libs-2.7.5-48.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64le", "packageName": "python-libs", "packageFilename": "python-libs-2.7.5-48.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "s390", "packageName": "python-libs", "packageFilename": "python-libs-2.7.5-48.el7.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "s390x", "packageName": "python-libs", "packageFilename": "python-libs-2.7.5-48.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python-libs", "packageFilename": "python-libs-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "aarch64", "packageName": "python-test", "packageFilename": "python-test-2.7.5-48.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64", "packageName": "python-test", "packageFilename": "python-test-2.7.5-48.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64le", "packageName": "python-test", "packageFilename": "python-test-2.7.5-48.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "s390x", "packageName": "python-test", "packageFilename": "python-test-2.7.5-48.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python-test", "packageFilename": "python-test-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "aarch64", "packageName": "python-tools", "packageFilename": "python-tools-2.7.5-48.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64", "packageName": "python-tools", "packageFilename": "python-tools-2.7.5-48.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64le", "packageName": "python-tools", "packageFilename": "python-tools-2.7.5-48.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "s390x", "packageName": "python-tools", "packageFilename": "python-tools-2.7.5-48.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python-tools", "packageFilename": "python-tools-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "aarch64", "packageName": "tkinter", "packageFilename": "tkinter-2.7.5-48.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64", "packageName": "tkinter", "packageFilename": "tkinter-2.7.5-48.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "ppc64le", "packageName": "tkinter", "packageFilename": "tkinter-2.7.5-48.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "s390x", "packageName": "tkinter", "packageFilename": "tkinter-2.7.5-48.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "tkinter", "packageFilename": "tkinter-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}], "description": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later \"import\" statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "reporter": "RedHat", "published": "2016-11-03T10:07:15", "type": "redhat", "title": "(RHSA-2016:2586) Low: python security, bug fix, and enhancement update", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5636"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:33:09", "id": "RHSA-2016:2586", "href": "https://access.redhat.com/errata/RHSA-2016:2586", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:17", "references": ["http://bugs.python.org/issue26171"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.3.6_5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python33", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.4.4_3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python34", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "3.5.1_3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python35", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "2.7.11_3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python27", "operator": "lt"}], "description": "\nPython reports:\n\nPossible integer overflow and heap corruption in\n zipimporter.get_data()\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2016-01-21T00:00:00", "title": "Python -- Integer overflow in zipimport module", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5636"], "modified": "2016-01-21T00:00:00", "id": "1D0F6852-33D8-11E6-A671-60A44CE6887B", "href": "https://vuxml.freebsd.org/freebsd/1d0f6852-33d8-11e6-a671-60a44ce6887b.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:41", "references": ["https://rhn.redhat.com/errata/RHSA-2016-2586.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python-devel", "packageFilename": "python-devel-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python-debug", "packageFilename": "python-debug-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python-test", "packageFilename": "python-test-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "i686", "packageName": "python-libs", "packageFilename": "python-libs-2.7.5-48.el7.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python-tools", "packageFilename": "python-tools-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python", "packageFilename": "python-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "tkinter", "packageFilename": "tkinter-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "7", "packageVersion": "2.7.5-48.el7", "arch": "x86_64", "packageName": "python-libs", "packageFilename": "python-libs-2.7.5-48.el7.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2016:2586\n\n\nPython is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later \"import\" statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2016-November/003444.html\n\n**Affected packages:**\npython\npython-debug\npython-devel\npython-libs\npython-test\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-2586.html", "edition": 1, "reporter": "CentOS Project", "published": "2016-11-25T15:43:04", "title": "python, tkinter security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5636"], "modified": "2016-11-25T15:43:04", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2016-November/003444.html", "id": "CESA-2016:2586", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2017-01-10T14:18:03", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5636", "https://bugs.gentoo.org/show_bug.cgi?id=585910", "https://bugs.gentoo.org/show_bug.cgi?id=531002", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0772", "https://bugs.gentoo.org/show_bug.cgi?id=585946"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.4.5", "arch": "all", "packageName": "dev-lang/python", "packageFilename": "UNKNOWN", "operator": "lt"}], "edition": 1, "description": "### Background\n\nPython is an interpreted, interactive, object-oriented programming language. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted index file using Python\u2019s dumbdbm module, possibly resulting in execution of arbitrary code with the privileges of the process. \n\nA remote attacker could entice a user to process a specially crafted input stream using Python\u2019s zipimporter module, possibly allowing attackers to cause unspecified impact. \n\nA man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Python 2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-2.7.12:2.7\"\n \n\nAll Python 3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/python-3.4.5:3.4\"", "reporter": "Gentoo Foundation", "published": "2017-01-10T00:00:00", "type": "gentoo", "title": "Python: Multiple vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-0772", "CVE-2016-5636"], "modified": "2017-01-10T00:00:00", "href": "https://security.gentoo.org/glsa/201701-18", "id": "GLSA-201701-18", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2018-10-18T16:04:07", "references": [], "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n02/09/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in CPython (Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2. Malicious users can exploit these vulnerabilities to bypass the TLS protections, inject arbitrary HTTP headers or have unspecified impact.\n\n### *Affected products*:\nCPython 2.x before 2.7.12; \nCPython 3.x before 3.4.5; \nCPython 3.5.x before 3.5.2.\n\n### *Solution*:\nUpdate to the latest version \n[Patch to disable http header injection](<http://bugs.python.org/file37264/disable_http_header_injection.patch>) \n[Patch to StartTLS stripping attack (for branch 3.4)](<https://hg.python.org/cpython/rev/d590114c2394>) \n[Patch to StartTLS stripping attack (for branch 2.7)](<https://hg.python.org/cpython/rev/b3ce713fb9be>)\n\n### *Impacts*:\nCI \n\n### *Related products*:\n[Python](<https://threats.kaspersky.com/en/product/Python/>)\n\n### *CVE-IDS*:\n[CVE-2016-5699](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699>) \n[CVE-2016-5636](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636>) \n[CVE-2016-0772](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772>)", "edition": 18, "reporter": "Kaspersky Lab", "published": "2016-02-09T00:00:00", "title": "\r KLA10866Multiple vulnerabilities in Python ", "type": "kaspersky", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2016-0772", "CVE-2016-5636", "CVE-2016-5699"], "modified": "2018-10-16T00:00:00", "id": "KLA10866", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10866", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2018-10-02T16:55:13", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "i686", "packageFilename": "python34-test-3.4.3-1.32.amzn1.i686.rpm", "packageName": "python34-test", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "i686", "packageFilename": "python27-test-2.7.10-4.122.amzn1.i686.rpm", "packageName": "python27-test", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "x86_64", "packageFilename": "python34-test-3.4.3-1.32.amzn1.x86_64.rpm", "packageName": "python34-test", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "i686", "packageFilename": "python34-tools-3.4.3-1.32.amzn1.i686.rpm", "packageName": "python34-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "x86_64", "packageFilename": "python27-test-2.7.10-4.122.amzn1.x86_64.rpm", "packageName": "python27-test", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "src", "packageFilename": "python26-2.6.9-2.86.amzn1.src.rpm", "packageName": "python26", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "i686", "packageFilename": "python26-debuginfo-2.6.9-2.86.amzn1.i686.rpm", "packageName": "python26-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "x86_64", "packageFilename": "python27-debuginfo-2.7.10-4.122.amzn1.x86_64.rpm", "packageName": "python27-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "x86_64", "packageFilename": "python34-tools-3.4.3-1.32.amzn1.x86_64.rpm", "packageName": "python34-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "x86_64", "packageFilename": "python34-3.4.3-1.32.amzn1.x86_64.rpm", "packageName": "python34", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "x86_64", "packageFilename": "python34-libs-3.4.3-1.32.amzn1.x86_64.rpm", "packageName": "python34-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "i686", "packageFilename": "python34-3.4.3-1.32.amzn1.i686.rpm", "packageName": "python34", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "i686", "packageFilename": "python34-libs-3.4.3-1.32.amzn1.i686.rpm", "packageName": "python34-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "x86_64", "packageFilename": "python27-2.7.10-4.122.amzn1.x86_64.rpm", "packageName": "python27", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "i686", "packageFilename": "python27-devel-2.7.10-4.122.amzn1.i686.rpm", "packageName": "python27-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "x86_64", "packageFilename": "python27-devel-2.7.10-4.122.amzn1.x86_64.rpm", "packageName": "python27-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "x86_64", "packageFilename": "python26-test-2.6.9-2.86.amzn1.x86_64.rpm", "packageName": "python26-test", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "i686", "packageFilename": "python26-2.6.9-2.86.amzn1.i686.rpm", "packageName": "python26", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "x86_64", "packageFilename": "python26-libs-2.6.9-2.86.amzn1.x86_64.rpm", "packageName": "python26-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "i686", "packageFilename": "python34-devel-3.4.3-1.32.amzn1.i686.rpm", "packageName": "python34-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "i686", "packageFilename": "python27-libs-2.7.10-4.122.amzn1.i686.rpm", "packageName": "python27-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "x86_64", "packageFilename": "python27-tools-2.7.10-4.122.amzn1.x86_64.rpm", "packageName": "python27-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "x86_64", "packageFilename": "python26-tools-2.6.9-2.86.amzn1.x86_64.rpm", "packageName": "python26-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "x86_64", "packageFilename": "python26-debuginfo-2.6.9-2.86.amzn1.x86_64.rpm", "packageName": "python26-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "i686", "packageFilename": "python27-tools-2.7.10-4.122.amzn1.i686.rpm", "packageName": "python27-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "i686", "packageFilename": "python27-debuginfo-2.7.10-4.122.amzn1.i686.rpm", "packageName": "python27-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "x86_64", "packageFilename": "python26-2.6.9-2.86.amzn1.x86_64.rpm", "packageName": "python26", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "i686", "packageFilename": "python34-debuginfo-3.4.3-1.32.amzn1.i686.rpm", "packageName": "python34-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "i686", "packageFilename": "python27-2.7.10-4.122.amzn1.i686.rpm", "packageName": "python27", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "x86_64", "packageFilename": "python27-libs-2.7.10-4.122.amzn1.x86_64.rpm", "packageName": "python27-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "i686", "packageFilename": "python26-libs-2.6.9-2.86.amzn1.i686.rpm", "packageName": "python26-libs", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "x86_64", "packageFilename": "python34-devel-3.4.3-1.32.amzn1.x86_64.rpm", "packageName": "python34-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "x86_64", "packageFilename": "python26-devel-2.6.9-2.86.amzn1.x86_64.rpm", "packageName": "python26-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "i686", "packageFilename": "python26-test-2.6.9-2.86.amzn1.i686.rpm", "packageName": "python26-test", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "i686", "packageFilename": "python26-tools-2.6.9-2.86.amzn1.i686.rpm", "packageName": "python26-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "src", "packageFilename": "python34-3.4.3-1.32.amzn1.src.rpm", "packageName": "python34", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.7.10-4.122.amzn1", "arch": "src", "packageFilename": "python27-2.7.10-4.122.amzn1.src.rpm", "packageName": "python27", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "2.6.9-2.86.amzn1", "arch": "i686", "packageFilename": "python26-devel-2.6.9-2.86.amzn1.i686.rpm", "packageName": "python26-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "3.4.3-1.32.amzn1", "arch": "x86_64", "packageFilename": "python34-debuginfo-3.4.3-1.32.amzn1.x86_64.rpm", "packageName": "python34-debuginfo", "operator": "lt"}], "description": "**Issue Overview:**\n\nIt was found that Python's httplib library (used urllib, urllib2 and others) did not properly check HTTP header input in HTTPConnection.putheader(). An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values. ([CVE-2016-5699 __](<https://access.redhat.com/security/cve/CVE-2016-5699>))\n\nIt was found that Python's smtplib library did not return an exception if StartTLS fails to establish correctly in the SMTP.starttls() function. An attacker with ability to launch an active man in the middle attack could strip out the STARTTLS command without generating an exception on the python SMTP client application, preventing the establishment of the TLS layer. ([CVE-2016-0772 __](<https://access.redhat.com/security/cve/CVE-2016-0772>))\n\nA vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later \"import\" statement could cause a heap overflow, leading to arbitrary code execution. ([CVE-2016-5636 __](<https://access.redhat.com/security/cve/CVE-2016-5636>)) \n\n\n \n**Affected Packages:** \n\n\npython26,python27,python34\n\n \n**Issue Correction:** \nRun _yum update python26_ to update your system. \nRun _yum update python27_ to update your system. \nRun _yum update python34_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n python26-libs-2.6.9-2.86.amzn1.i686 \n python26-tools-2.6.9-2.86.amzn1.i686 \n python26-test-2.6.9-2.86.amzn1.i686 \n python26-2.6.9-2.86.amzn1.i686 \n python26-debuginfo-2.6.9-2.86.amzn1.i686 \n python26-devel-2.6.9-2.86.amzn1.i686 \n python27-devel-2.7.10-4.122.amzn1.i686 \n python27-test-2.7.10-4.122.amzn1.i686 \n python27-tools-2.7.10-4.122.amzn1.i686 \n python27-debuginfo-2.7.10-4.122.amzn1.i686 \n python27-2.7.10-4.122.amzn1.i686 \n python27-libs-2.7.10-4.122.amzn1.i686 \n python34-tools-3.4.3-1.32.amzn1.i686 \n python34-test-3.4.3-1.32.amzn1.i686 \n python34-3.4.3-1.32.amzn1.i686 \n python34-devel-3.4.3-1.32.amzn1.i686 \n python34-debuginfo-3.4.3-1.32.amzn1.i686 \n python34-libs-3.4.3-1.32.amzn1.i686 \n \n src: \n python26-2.6.9-2.86.amzn1.src \n python27-2.7.10-4.122.amzn1.src \n python34-3.4.3-1.32.amzn1.src \n \n x86_64: \n python26-libs-2.6.9-2.86.amzn1.x86_64 \n python26-tools-2.6.9-2.86.amzn1.x86_64 \n python26-test-2.6.9-2.86.amzn1.x86_64 \n python26-devel-2.6.9-2.86.amzn1.x86_64 \n python26-2.6.9-2.86.amzn1.x86_64 \n python26-debuginfo-2.6.9-2.86.amzn1.x86_64 \n python27-devel-2.7.10-4.122.amzn1.x86_64 \n python27-test-2.7.10-4.122.amzn1.x86_64 \n python27-tools-2.7.10-4.122.amzn1.x86_64 \n python27-2.7.10-4.122.amzn1.x86_64 \n python27-debuginfo-2.7.10-4.122.amzn1.x86_64 \n python27-libs-2.7.10-4.122.amzn1.x86_64 \n python34-3.4.3-1.32.amzn1.x86_64 \n python34-debuginfo-3.4.3-1.32.amzn1.x86_64 \n python34-devel-3.4.3-1.32.amzn1.x86_64 \n python34-tools-3.4.3-1.32.amzn1.x86_64 \n python34-test-3.4.3-1.32.amzn1.x86_64 \n python34-libs-3.4.3-1.32.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2016-07-20T18:00:00", "title": "Medium: python26,python27,python34", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:13", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-0772", "CVE-2016-5636", "CVE-2016-5699"], "modified": "2016-07-20T18:00:00", "id": "ALAS-2016-724", "href": "https://alas.aws.amazon.com/ALAS-2016-724.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:48:46", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "2.7.3-6+deb7u3", "arch": "all", "packageFilename": "python2.7_2.7.3-6+deb7u3_all.deb", "packageName": "python2.7", "operator": "lt"}], "description": "Package : python2.7\nVersion : 2.7.3-6+deb7u3\nCVE ID : CVE-2016-0772 CVE-2016-5636 CVE-2016-5699\n\n * CVE-2016-0772\n A vulnerability in smtplib allowing MITM attacker to perform a\n startTLS stripping attack. smtplib does not seem to raise an\n exception when the remote end (smtp server) is capable of\n negotiating starttls but fails to respond with 220 (ok) to an\n explicit call of SMTP.starttls(). This may allow a malicious\n MITM to perform a startTLS stripping attack if the client code\n does not explicitly check the response code for startTLS.\n * CVE-2016-5636\n Issue #26171: Fix possible integer overflow and heap corruption\n in zipimporter.get_data().\n * CVE-2016-5699\n Protocol injection can occur not only if an application sets a\n header based on user-supplied values, but also if the application\n ever tries to fetch a URL specified by an attacker (SSRF case) OR\n if the application ever accesses any malicious web server\n (redirection case).\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n2.7.3-6+deb7u3.\n\nWe recommend that you upgrade your python2.7 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 2, "reporter": "Debian", "published": "2016-06-21T20:25:23", "title": "[SECURITY] [DLA 522-1] python2.7 security update", "type": "debian", "enchantments": {}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-0772", "CVE-2016-5636", "CVE-2016-5699"], "modified": "2016-06-21T20:25:23", "id": "DEBIAN:DLA-522-1:8516F", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201606/msg00022.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:48:58", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-48.0.1.el7", "arch": "x86_64", "packageFilename": "python-test-2.7.5-48.0.1.el7.x86_64.rpm", "packageName": "python-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-48.0.1.el7", "arch": "x86_64", "packageFilename": "python-libs-2.7.5-48.0.1.el7.x86_64.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-48.0.1.el7", "arch": "x86_64", "packageFilename": "python-2.7.5-48.0.1.el7.x86_64.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-48.0.1.el7", "arch": "x86_64", "packageFilename": "python-devel-2.7.5-48.0.1.el7.x86_64.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-48.0.1.el7", "arch": "i686", "packageFilename": "python-libs-2.7.5-48.0.1.el7.i686.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-48.0.1.el7", "arch": "x86_64", "packageFilename": "tkinter-2.7.5-48.0.1.el7.x86_64.rpm", "packageName": "tkinter", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-48.0.1.el7", "arch": "x86_64", "packageFilename": "python-tools-2.7.5-48.0.1.el7.x86_64.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-48.0.1.el7", "arch": "src", "packageFilename": "python-2.7.5-48.0.1.el7.src.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-48.0.1.el7", "arch": "x86_64", "packageFilename": "python-debug-2.7.5-48.0.1.el7.x86_64.rpm", "packageName": "python-debug", "operator": "lt"}], "description": "[2.7.5-48.0.1]\n- Add Oracle Linux distribution in platform.py [orabug 20812544]\n[2.7.5-48]\n- Fix for CVE-2016-1000110 HTTPoxy attack\nResolves: rhbz#1359164\n[2.7.5-47]\n- Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.get_data()\nResolves: rhbz#1356364\n[2.7.5-46]\n- Drop patch 221 that backported sslwrap function since it was introducing regressions\n- Refactor patch 227\nResolves: rhbz#1331425\n[2.7.5-45]\n- Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647)\n Raise an error when STARTTLS fails (upstream patch)\n- Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699)\n Disabled HTTP header injections in httplib (upstream patch)\nResolves: rhbz#1346357\n[2.7.5-44]\n- Fix iteration over files with very long lines\nResolves: rhbz#1271760\n[2.7.5-43]\n- Move python.conf from /etc/tmpfiles.d/ to /usr/lib/tmpfiles.d/\nResolves: rhbz#1288426\n[2.7.5-42]\n- JSON decoder lone surrogates fix\nResolves: rhbz#1301017\n[2.7.5-41]\n- Updated PEP493 implementation\nResolves: rhbz#1315758\n[2.7.5-40]\n- Backport of Computed Goto dispatch\nResolves: rhbz#1289277", "edition": 3, "reporter": "Oracle", "published": "2016-11-09T00:00:00", "title": "python security, bug fix, and enhancement update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-0772", "CVE-2016-5636", "CVE-2016-1000110", "CVE-2016-5699"], "modified": "2016-11-09T00:00:00", "id": "ELSA-2016-2586", "href": "http://linux.oracle.com/errata/ELSA-2016-2586.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:37:55", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-58.0.1.el7", "arch": "x86_64", "packageFilename": "python-libs-2.7.5-58.0.1.el7.x86_64.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-58.0.1.el7", "arch": "x86_64", "packageFilename": "python-2.7.5-58.0.1.el7.x86_64.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-58.0.1.el7", "arch": "x86_64", "packageFilename": "python-debug-2.7.5-58.0.1.el7.x86_64.rpm", "packageName": "python-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-58.0.1.el7", "arch": "x86_64", "packageFilename": "python-devel-2.7.5-58.0.1.el7.x86_64.rpm", "packageName": "python-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-58.0.1.el7", "arch": "src", "packageFilename": "python-2.7.5-58.0.1.el7.src.rpm", "packageName": "python", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-58.0.1.el7", "arch": "x86_64", "packageFilename": "python-test-2.7.5-58.0.1.el7.x86_64.rpm", "packageName": "python-test", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-58.0.1.el7", "arch": "x86_64", "packageFilename": "python-tools-2.7.5-58.0.1.el7.x86_64.rpm", "packageName": "python-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-58.0.1.el7", "arch": "i686", "packageFilename": "python-libs-2.7.5-58.0.1.el7.i686.rpm", "packageName": "python-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "2.7.5-58.0.1.el7", "arch": "x86_64", "packageFilename": "tkinter-2.7.5-58.0.1.el7.x86_64.rpm", "packageName": "tkinter", "operator": "lt"}], "description": "[2.7.5-58.0.1]\n- Add Oracle Linux distribution in platform.py [orabug 20812544]\n[2.7.5-58]\n- Set stream to None in case an _open() fails.\nResolves: rhbz#1432003\n[2.7.5-57]\n- Fix implicit declaration warnings of functions added by patches 147 and 265\nResolves: rhbz#1441237\n[2.7.5-56]\n- Fix shutil.make_archive ignoring empty directories when creating zip files\nResolves: rhbz#1439734\n[2.7.5-55]\n- Update Python RPM macros with new ones from EPEL7 to simplify packaging\nResolves: rhbz#1297522\n[2.7.5-54]\n- Protect key list during fork()\nResolves: rhbz#1268226\n[2.7.5-53]\n- Fix _ssl.c reference leaks\nResolves: rhbz#1272562\n[2.7.5-52]\n- Workaround Python's threading library issue with non returning wait, for signals with timeout\nResolves: rhbz#1368076\n[2.7.5-51]\n- Enable certificate verification by default\nResolves: rhbz#1219110\n[2.7.5-50]\n- Fix incorrect parsing of certain regular expressions\nResolves: rhbz#1373363\n[2.7.5-49]\n- Fix ssl module's parsing of GEN_RID subject alternative name fields in X.509 certs\nResolves: rhbz#1364444\n[2.7.5-48]\n- Fix for CVE-2016-1000110 HTTPoxy attack\nResolves: rhbz#1359164\n[2.7.5-47]\n- Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.get_data()\nResolves: rhbz#1356364\n[2.7.5-46]\n- Drop patch 221 that backported sslwrap function since it was introducing regressions\n- Refactor patch 227\nResolves: rhbz#1331425\n[2.7.5-45]\n- Fix for CVE-2016-0772 python: smtplib StartTLS stripping attack (rhbz#1303647)\n Raise an error when STARTTLS fails (upstream patch)\n- Fix for CVE-2016-5699 python: http protocol steam injection attack (rhbz#1303699)\n Disabled HTTP header injections in httplib (upstream patch)\nResolves: rhbz#1346357\n[2.7.5-44]\n- Fix iteration over files with very long lines\nResolves: rhbz#1271760\n[2.7.5-43]\n- Move python.conf from /etc/tmpfiles.d/ to /usr/lib/tmpfiles.d/\nResolves: rhbz#1288426\n[2.7.5-42]\n- JSON decoder lone surrogates fix\nResolves: rhbz#1301017\n[2.7.5-41]\n- Updated PEP493 implementation\nResolves: rhbz#1315758\n[2.7.5-40]\n- Backport of Computed Goto dispatch\nResolves: rhbz#1289277", "edition": 3, "reporter": "Oracle", "published": "2017-08-07T00:00:00", "title": "python security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-0772", "CVE-2016-5636", "CVE-2016-1000110", "CVE-2016-5699", "CVE-2014-9365"], "modified": "2017-08-07T00:00:00", "id": "ELSA-2017-1868", "href": "http://linux.oracle.com/errata/ELSA-2017-1868.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:14", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5699", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-0772", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-1000110", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-5636"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "3.5.2-2ubuntu0~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython3.5-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.4.3-1ubuntu1~14.04.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython3.4-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "2.7.12-1ubuntu0~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython2.7-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.7.6-8ubuntu0.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.3-0ubuntu3.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.7.6-8ubuntu0.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "3.5.2-2ubuntu0~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.7.3-0ubuntu3.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython2.7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "2.7.12-1ubuntu0~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.3-0ubuntu3.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.2-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.4.3-1ubuntu1~14.04.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython3.4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "3.5.2-2ubuntu0~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.5-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.4.3-1ubuntu1~14.04.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.4-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.7.3-0ubuntu3.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.7.6-8ubuntu0.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython2.7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "2.7.3-0ubuntu3.9", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.4.3-1ubuntu1~14.04.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython3.4-stdlib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.7.6-8ubuntu0.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython2.7-stdlib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "3.5.2-2ubuntu0~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython3.5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "2.7.12-1ubuntu0~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python2.7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "2.7.12-1ubuntu0~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython2.7-stdlib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "2.7.12-1ubuntu0~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython2.7", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "2.7.6-8ubuntu0.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython2.7-minimal", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.4.3-1ubuntu1~14.04.5", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "python3.4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "3.5.2-2ubuntu0~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython3.5-stdlib", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.3-0ubuntu3.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libpython3.2", "operator": "lt"}], "description": "It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. (CVE-2016-0772)\n\nR\u00e9mi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this to cause a CGI application to redirect outgoing HTTP requests. (CVE-2016-1000110)\n\nInsu Yun discovered an integer overflow in the zipimporter module in Python that could lead to a heap-based overflow. An attacker could use this to craft a special zip file that when read by Python could possibly execute arbitrary code. (CVE-2016-5636)\n\nGuido Vranken discovered that the urllib modules in Python did not properly handle carriage return line feed (CRLF) in headers. A remote attacker could use this to craft URLs that inject arbitrary HTTP headers. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5699)", "edition": 3, "reporter": "Ubuntu", "published": "2016-11-22T00:00:00", "title": "Python vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-0772", "CVE-2016-5636", "CVE-2016-1000110", "CVE-2016-5699"], "modified": "2016-11-22T00:00:00", "id": "USN-3134-1", "href": "https://usn.ubuntu.com/3134-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:25:41", "references": [], "description": "USN-3134-1: Python vulnerabilities\n\n# \n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04 LTS \n\n# Description\n\nIt was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. ([CVE-2016-0772](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0772>))\n\nR\u00e9mi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this to cause a CGI application to redirect outgoing HTTP requests. ([CVE-2016-1000110](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1000110>))\n\nInsu Yun discovered an integer overflow in the zipimporter module in Python that could lead to a heap-based overflow. An attacker could use this to craft a special zip file that when read by Python could possibly execute arbitrary code. ([CVE-2016-5636](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5636>))\n\nGuido Vranken discovered that the urllib modules in Python did not properly handle carriage return line feed (CRLF) in headers. A remote attacker could use this to craft URLs that inject arbitrary HTTP headers. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. ([CVE-2016-5699](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5699>))\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * All versions prior to 3151.5 \n * 3233.x versions prior to 3233.6 \n * 3263.x versions prior to 3263.12 \n * 3312.x versions prior to 3312.7 \n * All other versions \n * All versions of Cloud Foundry cflinuxfs2 prior to v.1.92.0 \n * Python Buildpack versions prior to v1.5.8 \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry team recommends upgrading to the following BOSH stemcells: \n * Upgrade all lower versions of 3151.x to version 3151.5 \n * Upgrade all lower versions of 3233.x to version 3233.6 \n * Upgrade all lower versions of 3263.x to version 3263.12 \n * Upgrade all lower versions of 3312.x to version 3312.7 \n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.92.0 or later versions \n * For existing deployments, upgrade the Python Buildpack to v1.5.8 or later and restage all applications that use automated buildpack detection. \n\n# Credit\n\nR\u00e9mi Rampin, Insu Yun, Guido Vranken\n\n# References\n\n * <https://www.ubuntu.com/usn/usn-3134-1>\n * <http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-0772>\n * <http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1000110>\n * <http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5636>\n * <http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5699>\n * <https://github.com/cloudfoundry/python-buildpack/releases>\n", "edition": 4, "reporter": "Cloud Foundry", "published": "2016-12-14T00:00:00", "title": "USN-3134-1: Python vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2016-0772", "CVE-2016-5636", "CVE-2016-1000110", "CVE-2016-5699"], "modified": "2016-12-14T00:00:00", "id": "CFOUNDRY:596815DF0937570BB2850A53D4DFA6B2", "href": "https://www.cloudfoundry.org/blog/usn-3134-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
