Lucene search
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2019-0997.NASLHistoryAug 12, 2019 - 12:00 a.m.
Oracle Linux 8 : python3 (ELSA-2019-0997)
2019-08-1200:00:00
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
88
From Red Hat Security Advisory 2019:0997 :
An update for python3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
This package provides the ‘python3’ executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3-libs package, which should be installed automatically along with python3. The remaining parts of the Python standard library are broken out into the python3-tkinter and python3-test packages.
Security Fix(es) :
- python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2019:0997 and
# Oracle Linux Security Advisory ELSA-2019-0997 respectively.
#
include("compat.inc");
if (description)
{
script_id(127576);
script_version("1.3");
script_cvs_date("Date: 2020/01/06");
script_cve_id("CVE-2019-9636");
script_xref(name:"RHSA", value:"2019:0997");
script_name(english:"Oracle Linux 8 : python3 (ELSA-2019-0997)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"From Red Hat Security Advisory 2019:0997 :
An update for python3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Python is an interpreted, interactive, object-oriented programming
language, which includes modules, classes, exceptions, very high level
dynamic data types and dynamic typing. Python supports interfaces to
many system calls and libraries, as well as to various windowing
systems.
This package provides the 'python3' executable: the reference
interpreter for the Python language, version 3. The majority of its
standard library is provided in the python3-libs package, which should
be installed automatically along with python3. The remaining parts of
the Python standard library are broken out into the python3-tkinter
and python3-test packages.
Security Fix(es) :
* python: Information Disclosure due to urlsplit improper NFKC
normalization (CVE-2019-9636)
For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section."
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2019-August/008967.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected python3 packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:platform-python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:platform-python-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:platform-python-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python3-idle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python3-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python3-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python3-tkinter");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/08");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 8", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"platform-python-3.6.8-2.0.1.el8_0")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"platform-python-debug-3.6.8-2.0.1.el8_0")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"platform-python-devel-3.6.8-2.0.1.el8_0")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"python3-idle-3.6.8-2.0.1.el8_0")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"python3-libs-3.6.8-2.0.1.el8_0")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"python3-test-3.6.8-2.0.1.el8_0")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"python3-tkinter-3.6.8-2.0.1.el8_0")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "platform-python / platform-python-debug / platform-python-devel / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | platform-python | p-cpe:/a:oracle:linux:platform-python |
| oracle | linux | platform-python-debug | p-cpe:/a:oracle:linux:platform-python-debug |
| oracle | linux | platform-python-devel | p-cpe:/a:oracle:linux:platform-python-devel |
| oracle | linux | python3-idle | p-cpe:/a:oracle:linux:python3-idle |
| oracle | linux | python3-libs | p-cpe:/a:oracle:linux:python3-libs |
| oracle | linux | python3-test | p-cpe:/a:oracle:linux:python3-test |
| oracle | linux | python3-tkinter | p-cpe:/a:oracle:linux:python3-tkinter |
| oracle | linux | 8 | cpe:/o:oracle:linux:8 |
Related
suse
suse
Security update for python3 (important)
2019-05-10 00:00:00
Security update for python3 (important)
2019-04-26 00:00:00
Security update for python (important)
2019-06-18 00:00:00
nessus
nessus
Scientific Linux Security Update : python on SL7.x x86_64 (20190408)
2019-04-09 00:00:00
RHEL 6 : python (RHSA-2019:1467)
2019-06-14 00:00:00
Fedora 28 : python3 (2019-86f32cbab1)
2019-04-05 00:00:00
cve
cve
CVE-2019-9636
2019-03-08 21:29:00
CVE-2019-10160
2019-06-07 18:29:00
centos
centos
python, tkinter security update
2019-06-20 20:32:56
python, tkinter security update
2019-04-12 14:02:06
python, tkinter security update
2019-06-24 17:07:31
archlinux
archlinux
[ASA-201906-17] python: information disclosure
2019-06-18 00:00:00
[ASA-201911-4] python2: information disclosure
2019-11-03 00:00:00
openvas
openvas
openSUSE: Security Advisory for python3 (openSUSE-SU-2019:1371-1)
2019-05-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:0971-1)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1124)
2020-01-23 00:00:00
debiancve
debiancve
CVE-2019-9636
2019-03-08 21:29:00
CVE-2019-10160
2019-06-07 18:29:00
osv
osv
CVE-2019-9636
2019-03-08 21:29:00
urlsplit does not handle NFKC normalization
2019-03-08 21:00:00
urlsplit does not handle NFKC normalization (second fix)
2019-06-07 17:50:33
prion
prion
Information disclosure
2019-03-08 21:29:00
Authentication flaw
2019-06-07 18:29:00
redhat
redhat
(RHSA-2019:0765) Important: rh-python36-python security update
2019-04-16 13:47:04
(RHSA-2019:2980) Important: python security update
2019-10-08 09:21:25
(RHSA-2019:0806) Important: python27-python security update
2019-04-23 11:23:49
mageia
mageia
Updated python packages fix security vulnerability
2019-04-11 01:07:23
ubuntucve
ubuntucve
CVE-2019-9636
2019-03-08 00:00:00
CVE-2019-10160
2019-06-07 00:00:00
ibm
ibm
symantec
symantec
Python CVE-2019-9636 Information Disclosure Vulnerability
2019-03-08 00:00:00
redhatcve
redhatcve
CVE-2019-9636
2021-03-20 23:54:20
CVE-2019-10160
2019-10-30 10:37:32
veracode
veracode
Information Disclosure
2019-05-16 03:38:57
Information Disclosure
2019-06-24 00:20:59
oraclelinux
oraclelinux
python3 security update
2019-07-30 00:00:00
python security update
2019-04-10 00:00:00
python security update
2019-06-13 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: python3-3.7.2-8.fc30
2019-03-29 19:41:06
[SECURITY] Fedora 28 Update: python3-3.6.8-3.fc28
2019-04-05 01:56:20
[SECURITY] Fedora 29 Update: python3-3.7.2-5.fc29
2019-03-25 06:10:50
alpinelinux
alpinelinux
CVE-2019-9636
2019-03-08 21:29:00
amazon
amazon
Important: python
2019-08-07 23:46:00
Important: python3
2019-08-07 23:48:00
Important: python3
2019-05-02 18:48:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-3.0-0005
2019-03-19 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-2.0-0141
2019-03-18 00:00:00
Critical Photon OS Security Update - PHSA-2019-0006
2019-03-18 00:00:00
f5
f5
K57542514 : Python vulnerabilities CVE-2019-9636 and CVE-2019-10160
2020-09-16 00:00:00
rocky
rocky
python27:2.7 security update
2019-05-07 03:40:00
almalinux
almalinux
Important: python27:2.7 security update
2019-05-07 03:40:00
Related for ORACLELINUX_ELSA-2019-0997.NASL