CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
93.5%
Current release: 5.0.1 - February 20, 2011
Fix issue 91 (invalid text in XML declaration causes sanitizer to crash)
Fix issue 254 (sanitization can be bypassed by malformed XML comments)
Fix issue 255 (sanitizer doesn’t strip unsafe URI schemes)
Previous release: 5.0 - January 25, 2011
Improved MathML support
Support microformats (rel-tag, rel-enclosure, xfn, hcard)
Support IRIs
Allow safe CSS through sanitization
Allow safe HTML5 through sanitization
Support SVG
Support inline XML entity declarations
Support unescaped quotes and angle brackets in attributes
Support additional date formats
Added the request_headers argument to parse()
Added the response_headers argument to parse()
Support multiple entry, feed, and source authors
Officially make Python 2.4 the earliest supported version
Support Python 3
Bug fixes, bug fixes, bug fixes
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2011-4988.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(53457);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2009-5065", "CVE-2011-1156", "CVE-2011-1157", "CVE-2011-1158");
script_bugtraq_id(46867, 47177);
script_xref(name:"FEDORA", value:"2011-4988");
script_name(english:"Fedora 15 : python-feedparser-5.0.1-1.fc15 (2011-4988)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Current release: 5.0.1 - February 20, 2011
- Fix issue 91 (invalid text in XML declaration causes
sanitizer to crash)
- Fix issue 254 (sanitization can be bypassed by
malformed XML comments)
- Fix issue 255 (sanitizer doesn't strip unsafe URI
schemes)
Previous release: 5.0 - January 25, 2011
- Improved MathML support
- Support microformats (rel-tag, rel-enclosure, xfn,
hcard)
- Support IRIs
- Allow safe CSS through sanitization
- Allow safe HTML5 through sanitization
- Support SVG
- Support inline XML entity declarations
- Support unescaped quotes and angle brackets in
attributes
- Support additional date formats
- Added the request_headers argument to parse()
- Added the response_headers argument to parse()
- Support multiple entry, feed, and source authors
- Officially make Python 2.4 the earliest supported
version
- Support Python 3
- Bug fixes, bug fixes, bug fixes
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=684877"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058309.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?2a46e6e6"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected python-feedparser package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-feedparser");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
script_set_attribute(attribute:"patch_publication_date", value:"2011/04/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/18");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC15", reference:"python-feedparser-5.0.1-1.fc15")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-feedparser");
}