Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1924.NASL
HistorySep 17, 2019 - 12:00 a.m.

Debian DLA-1924-1 : python3.4 security update

2019-09-1700:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
JSON

A vulnerability was discovered in Python, an interactive high-level object-oriented language.

CVE-2019-16056

The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied.

For Debian 8 ‘Jessie’, this problem has been fixed in version 3.4.2-1+deb8u7.

We recommend that you upgrade your python3.4 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1924-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(128882);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2019-16056");

  script_name(english:"Debian DLA-1924-1 : python3.4 security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability was discovered in Python, an interactive high-level
object-oriented language.

CVE-2019-16056

The email module wrongly parses email addresses that contain multiple
@ characters. An application that uses the email module and implements
some kind of checks on the From/To headers of a message could be
tricked into accepting an email address that should be denied.

For Debian 8 'Jessie', this problem has been fixed in version
3.4.2-1+deb8u7.

We recommend that you upgrade your python3.4 packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/python3.4"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:idle-python3.4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython3.4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython3.4-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython3.4-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython3.4-minimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython3.4-stdlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython3.4-testsuite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3.4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3.4-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3.4-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3.4-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3.4-examples");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3.4-minimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3.4-venv");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"idle-python3.4", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"libpython3.4", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"libpython3.4-dbg", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"libpython3.4-dev", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"libpython3.4-minimal", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"libpython3.4-stdlib", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"libpython3.4-testsuite", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"python3.4", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"python3.4-dbg", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"python3.4-dev", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"python3.4-doc", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"python3.4-examples", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"python3.4-minimal", reference:"3.4.2-1+deb8u7")) flag++;
if (deb_check(release:"8.0", prefix:"python3.4-venv", reference:"3.4.2-1+deb8u7")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxidle-python3.4p-cpe:/a:debian:debian_linux:idle-python3.4
debiandebian_linuxlibpython3.4p-cpe:/a:debian:debian_linux:libpython3.4
debiandebian_linuxlibpython3.4-dbgp-cpe:/a:debian:debian_linux:libpython3.4-dbg
debiandebian_linuxlibpython3.4-devp-cpe:/a:debian:debian_linux:libpython3.4-dev
debiandebian_linuxlibpython3.4-minimalp-cpe:/a:debian:debian_linux:libpython3.4-minimal
debiandebian_linuxlibpython3.4-stdlibp-cpe:/a:debian:debian_linux:libpython3.4-stdlib
debiandebian_linuxlibpython3.4-testsuitep-cpe:/a:debian:debian_linux:libpython3.4-testsuite
debiandebian_linuxpython3.4p-cpe:/a:debian:debian_linux:python3.4
debiandebian_linuxpython3.4-dbgp-cpe:/a:debian:debian_linux:python3.4-dbg
debiandebian_linuxpython3.4-devp-cpe:/a:debian:debian_linux:python3.4-dev
Rows per page:
1-10 of 151

Related

openvas 38
osv 8
debian 4
fedora 20
nessus 79
symantec 1
redhat 9
veracode 1
suse 5
prion 1
ubuntu 2
oraclelinux 5
centos 2
ubuntucve 1
amazon 3
photon 12
cve 1
debiancve 1
redhatcve 1
cloudfoundry 1
alpinelinux 1
almalinux 1
rocky 1
mageia 1
openvas
openvas
Debian LTS: Security Advisory for python3.4 (DLA-1924-1)
2019-09-17 00:00:00
Fedora Update for python38 FEDORA-2019-d11594bf0a
2020-01-09 00:00:00
Fedora Update for python38 FEDORA-2019-d58eb75449
2019-09-13 00:00:00
osv
osv
python2.7 - security update
2019-09-16 00:00:00
python3.4 - security update
2019-09-16 00:00:00
CVE-2019-16056
2019-09-06 18:15:15
debian
debian
[SECURITY] [DLA 1924-1] python3.4 security update
2019-09-16 20:33:44
[SECURITY] [DLA 1925-1] python2.7 security update
2019-09-16 20:34:13
[SECURITY] [DLA 2337-1] python2.7 security update
2020-08-22 14:48:43
fedora
fedora
[SECURITY] Fedora 29 Update: python38-3.8.0~b4-1.fc29
2019-09-11 03:35:29
[SECURITY] Fedora 30 Update: python38-3.8.0~b4-1.fc30
2019-09-11 03:13:32
[SECURITY] Fedora 31 Update: python38-3.8.0~b4-1.fc31
2019-09-14 16:39:55
nessus
nessus
Photon OS 2.0: Python2 PHSA-2019-2.0-0177
2019-10-07 00:00:00
Photon OS 1.0: Python2 PHSA-2019-1.0-0252
2019-10-11 00:00:00
Fedora 29 : python38 (2019-d58eb75449)
2019-09-11 00:00:00
symantec
symantec
Python CVE-2019-16056 Security Bypass Vulnerability
2019-09-06 00:00:00
redhat
redhat
(RHSA-2020:2520) Moderate: python security update
2020-06-10 21:32:56
(RHSA-2019:3948) Moderate: python27-python security, bug fix, and enhancement update
2019-11-25 08:47:12
(RHSA-2020:1131) Moderate: python security update
2020-03-31 09:22:44
veracode
veracode
Information Disclosure
2020-05-10 23:23:08
suse
suse
Security update for python3 (moderate)
2019-11-09 00:00:00
Security update for python3 (moderate)
2019-11-05 00:00:00
Security update for python (moderate)
2019-10-27 00:00:00
prion
prion
Design/Logic Flaw
2019-09-06 18:15:00
ubuntu
ubuntu
Python vulnerabilities
2019-10-10 00:00:00
Python vulnerabilities
2019-10-09 00:00:00
oraclelinux
oraclelinux
python3 security update
2020-04-06 00:00:00
python3 security and bug fix update
2020-05-05 00:00:00
python security update
2020-04-06 00:00:00
centos
centos
python3 security update
2020-04-08 19:10:03
python, tkinter security update
2020-04-08 19:09:30
ubuntucve
ubuntucve
CVE-2019-16056
2019-09-06 00:00:00
amazon
amazon
Medium: python27, python34, python35, python36
2019-10-28 17:10:00
Medium: python, python3
2019-11-19 17:53:00
Important: python34
2019-11-19 17:31:00
photon
photon
Important Photon OS Security Update - PHSA-2019-0176
2019-09-23 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0176
2019-09-23 00:00:00
Important Photon OS Security Update - PHSA-2019-0030
2019-09-23 00:00:00
cve
cve
CVE-2019-16056
2019-09-06 18:15:00
debiancve
debiancve
CVE-2019-16056
2019-09-06 18:15:00
redhatcve
redhatcve
CVE-2019-16056
2019-09-09 09:21:16
cloudfoundry
cloudfoundry
USN-4151-1: Python vulnerabilities | Cloud Foundry
2019-11-06 00:00:00
alpinelinux
alpinelinux
CVE-2019-16056
2019-09-06 18:15:00
almalinux
almalinux
Moderate: python27:2.7 security, bug fix, and enhancement update
2020-04-28 08:55:59
rocky
rocky
python27:2.7 security, bug fix, and enhancement update
2020-04-28 08:55:59
mageia
mageia
Updated python packages fix security vulnerabilities
2019-11-08 02:36:48
JSON
Related for DEBIAN_DLA-1924.NASL
openvas38osv8debian4fedora20nessus79symantec1redhat9veracode1suse5prion1ubuntu2oraclelinux5centos2ubuntucve1amazon3photon12cve1debiancve1redhatcve1cloudfoundry1alpinelinux1almalinux1rocky1mageia1