Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2020-DB0EB54982.NASLHistoryJan 05, 2021 - 12:00 a.m.
Fedora 32 : python-py (2020-db0eb54982)
2021-01-0500:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
101
7.6 High
AI Score
Confidence
High
1.10.0 (2020-12-12)
-
Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651)
-
Update vendored apipkg: 1.4 => 1.5
-
Update vendored iniconfig: 1.0.0 => 1.1.1
1.9.0 (2020-06-24)
-
Add type annotation stubs for the following modules :
-
py.error -
py.iniconfig -
py.path(not including SVN paths) -
py.io -
py.xmlThere are no plans to type other modules at this time.
The type annotations are provided in external .pyi files, not inline in the code, and may therefore contain small errors or omissions. If you use
pyin conjunction with a type checker, and encounter any type errors you believe should be accepted, please report it in an issue.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2020-db0eb54982.
#
include('compat.inc');
if (description)
{
script_id(144729);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/31");
script_cve_id("CVE-2020-29651");
script_xref(name:"FEDORA", value:"2020-db0eb54982");
script_name(english:"Fedora 32 : python-py (2020-db0eb54982)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"#### 1.10.0 (2020-12-12) ####
- Fix a regular expression DoS vulnerability in the
py.path.svnwc SVN blame functionality (CVE-2020-29651)
- Update vendored apipkg: 1.4 => 1.5
- Update vendored iniconfig: 1.0.0 => 1.1.1
#### 1.9.0 (2020-06-24) ####
- Add type annotation stubs for the following modules :
- ``py.error``
- ``py.iniconfig``
- ``py.path`` (not including SVN paths)
- ``py.io``
- ``py.xml``
There are no plans to type other modules at this time.
The type annotations are provided in external .pyi
files, not inline in the code, and may therefore contain
small errors or omissions. If you use ``py`` in
conjunction with a type checker, and encounter any type
errors you believe should be accepted, please report it
in an issue.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-db0eb54982");
script_set_attribute(attribute:"solution", value:
"Update the affected python-py package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-29651");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/09");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-py");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:32");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^32([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 32", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC32", reference:"python-py-1.10.0-1.fc32")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-py");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | python-py | p-cpe:/a:fedoraproject:fedora:python-py |
| fedoraproject | fedora | 32 | cpe:/o:fedoraproject:fedora:32 |
Related
nessus
nessus
Photon OS 4.0: Python3 PHSA-2021-4.0-0051
2021-10-07 00:00:00
openSUSE Security Update : python-py (openSUSE-2021-851)
2021-06-10 00:00:00
Photon OS 1.0: Python PHSA-2021-1.0-0419
2021-08-10 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: python-py-1.10.0-1.fc33
2021-01-05 01:27:02
[SECURITY] Fedora 32 Update: python-py-1.10.0-1.fc32
2021-01-05 01:19:19
suse
suse
Security update for python-py (moderate)
2021-07-11 00:00:00
Security update for python-py (moderate)
2021-06-07 00:00:00
github
github
py vulnerable to Regular Expression Denial of Service
2021-04-20 16:39:57
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2831-1)
2022-08-18 00:00:00
Fedora: Security Advisory for python-py (FEDORA-2020-8371993b6b)
2021-01-11 00:00:00
Ubuntu: Security Advisory (USN-5138-1)
2021-11-12 00:00:00
cvelist
cvelist
CVE-2020-29651
2020-12-09 06:58:22
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0419
2021-07-27 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-2.0-0362
2021-06-23 00:00:00
Important Photon OS Security Update - PHSA-2021-0258
2021-06-23 00:00:00
osv
osv
CVE-2020-29651
2020-12-09 07:15:12
py vulnerable to Regular Expression Denial of Service
2021-04-20 16:39:57
python-py vulnerability
2021-11-10 22:09:54
cbl_mariner
cbl_mariner
CVE-2020-29651 affecting package python-py 1.6.0-4
2021-01-11 21:49:33
ubuntu
ubuntu
python-py vulnerability
2021-11-10 00:00:00
cve
cve
CVE-2020-29651
2020-12-09 07:15:00
mageia
mageia
Updated python-py packages fix a security vulnerability
2021-02-06 21:20:41
ibm
ibm
debiancve
debiancve
CVE-2020-29651
2020-12-09 07:15:00
prion
prion
Input validation
2020-12-09 07:15:00
redhatcve
redhatcve
CVE-2020-29651
2020-12-10 15:15:56
ubuntucve
ubuntucve
CVE-2020-29651
2020-12-09 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00