SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)

2020-01-27T00:00:00

Description

This update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "SUSE_SU-2020-0234-1.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)", "description": "This update for python fixes the following issues :\n\nUpdated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2020-01-27T00:00:00", "modified": "2022-12-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": true, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/133259", "reporter": "This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=1088009", "https://bugzilla.suse.com/show_bug.cgi?id=985348", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143", "https://bugzilla.suse.com/show_bug.cgi?id=1042670", "https://www.suse.com/security/cve/CVE-2018-20852/", "https://bugzilla.suse.com/show_bug.cgi?id=1027282", "https://bugzilla.suse.com/show_bug.cgi?id=577032", "https://bugzilla.suse.com/show_bug.cgi?id=804978", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000158", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18207", "https://bugzilla.suse.com/show_bug.cgi?id=885882", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000030", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316", "https://bugzilla.suse.com/show_bug.cgi?id=857470", "https://bugzilla.suse.com/show_bug.cgi?id=898572", "https://www.suse.com/security/cve/CVE-2008-2315/", "https://bugzilla.suse.com/show_bug.cgi?id=1088004", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000110", "https://bugzilla.suse.com/show_bug.cgi?id=834601", "https://www.suse.com/security/cve/CVE-2013-1753/", "https://bugzilla.suse.com/show_bug.cgi?id=603255", "https://bugzilla.suse.com/show_bug.cgi?id=989523", "https://bugzilla.suse.com/show_bug.cgi?id=1153830", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752", "https://bugzilla.suse.com/show_bug.cgi?id=617751", "https://www.suse.com/security/cve/CVE-2019-16056/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1060", "https://bugzilla.suse.com/show_bug.cgi?id=673071", "https://bugzilla.suse.com/show_bug.cgi?id=945401", "https://www.suse.com/security/cve/CVE-2019-16935/", "https://bugzilla.suse.com/show_bug.cgi?id=406051", "https://bugzilla.suse.com/show_bug.cgi?id=718009", "https://bugzilla.suse.com/show_bug.cgi?id=425138", "https://bugzilla.suse.com/show_bug.cgi?id=856836", "https://bugzilla.suse.com/show_bug.cgi?id=1159035", "https://bugzilla.suse.com/show_bug.cgi?id=751718", "https://www.suse.com/security/cve/CVE-2016-1000110/", "https://bugzilla.suse.com/show_bug.cgi?id=638233", "https://bugzilla.suse.com/show_bug.cgi?id=430761", "https://bugzilla.suse.com/show_bug.cgi?id=964182", "https://bugzilla.suse.com/show_bug.cgi?id=1086001", "https://bugzilla.suse.com/show_bug.cgi?id=551715", "https://bugzilla.suse.com/show_bug.cgi?id=1130847", "https://www.suse.com/security/cve/CVE-2014-1912/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721", "https://bugzilla.suse.com/show_bug.cgi?id=462375", "https://bugzilla.suse.com/show_bug.cgi?id=1141853", "https://www.suse.com/security/cve/CVE-2018-14647/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10160", "https://www.suse.com/security/cve/CVE-2018-1000802/", "https://bugzilla.suse.com/show_bug.cgi?id=637176", "https://bugzilla.suse.com/show_bug.cgi?id=935856", "https://bugzilla.suse.com/show_bug.cgi?id=367853", "https://www.suse.com/security/cve/CVE-2011-4944/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935", "https://bugzilla.suse.com/show_bug.cgi?id=1138459", "https://www.suse.com/security/cve/CVE-2008-3143/", "https://bugzilla.suse.com/show_bug.cgi?id=827982", "https://www.suse.com/security/cve/CVE-2016-5699/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845", "https://bugzilla.suse.com/show_bug.cgi?id=1084650", "https://bugzilla.suse.com/show_bug.cgi?id=766778", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142", "https://bugzilla.suse.com/show_bug.cgi?id=1129346", "https://bugzilla.suse.com/show_bug.cgi?id=1041090", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521", "https://www.suse.com/security/cve/CVE-2008-1721/", "https://bugzilla.suse.com/show_bug.cgi?id=658604", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389", "https://bugzilla.suse.com/show_bug.cgi?id=1130840", "http://www.nessus.org/u?a7e022df", "https://www.suse.com/security/cve/CVE-2016-0772/", "https://bugzilla.suse.com/show_bug.cgi?id=1078485", "https://bugzilla.suse.com/show_bug.cgi?id=1068664", "https://bugzilla.suse.com/show_bug.cgi?id=1113755", "https://bugzilla.suse.com/show_bug.cgi?id=682554", "https://bugzilla.suse.com/show_bug.cgi?id=747125", "https://www.suse.com/security/cve/CVE-2016-5636/", "https://bugzilla.suse.com/show_bug.cgi?id=1073748", "https://bugzilla.suse.com/show_bug.cgi?id=901715", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144", "https://bugzilla.suse.com/show_bug.cgi?id=426563", "https://www.suse.com/security/cve/CVE-2008-3142/", "https://www.suse.com/security/cve/CVE-2014-7185/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1753", "https://bugzilla.suse.com/show_bug.cgi?id=298378", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000802", "https://bugzilla.suse.com/show_bug.cgi?id=534721", "https://bugzilla.suse.com/show_bug.cgi?id=379534", "https://bugzilla.suse.com/show_bug.cgi?id=581765", "https://www.suse.com/security/cve/CVE-2011-1521/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9948", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699", "https://bugzilla.suse.com/show_bug.cgi?id=1122191", "https://bugzilla.suse.com/show_bug.cgi?id=984751", "https://bugzilla.suse.com/show_bug.cgi?id=1111793", "https://www.suse.com/security/cve/CVE-2014-4650/", "https://bugzilla.suse.com/show_bug.cgi?id=836739", "https://www.suse.com/security/cve/CVE-2013-4238/", "https://www.suse.com/security/cve/CVE-2019-9636/", "https://www.suse.com/security/cve/CVE-2019-5010/", "https://bugzilla.suse.com/show_bug.cgi?id=572673", "https://www.suse.com/security/cve/CVE-2019-9947/", "https://bugzilla.suse.com/show_bug.cgi?id=436966", "https://www.suse.com/security/cve/CVE-2007-2052/", "https://bugzilla.suse.com/show_bug.cgi?id=1149955", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5636", "https://bugzilla.suse.com/show_bug.cgi?id=525295", "https://bugzilla.suse.com/show_bug.cgi?id=794139", "https://www.suse.com/security/cve/CVE-2017-18207/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944", "https://bugzilla.suse.com/show_bug.cgi?id=985177", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9947", "https://www.suse.com/security/cve/CVE-2013-1752/", "https://www.suse.com/security/cve/CVE-2008-2316/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010", "https://www.suse.com/security/cve/CVE-2018-1060/", "https://www.suse.com/security/cve/CVE-2018-1000030/", "https://www.suse.com/security/cve/CVE-2019-10160/", "https://bugzilla.suse.com/show_bug.cgi?id=346490", "https://bugzilla.suse.com/show_bug.cgi?id=1153238", "https://bugzilla.suse.com/show_bug.cgi?id=697251", "https://bugzilla.suse.com/show_bug.cgi?id=1078326", "https://bugzilla.suse.com/show_bug.cgi?id=1073269", "https://www.suse.com/security/cve/CVE-2017-1000158/", "https://bugzilla.suse.com/show_bug.cgi?id=1149792", "https://bugzilla.suse.com/show_bug.cgi?id=754447", "https://www.suse.com/security/cve/CVE-2011-3389/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238", "https://bugzilla.suse.com/show_bug.cgi?id=831442", "https://bugzilla.suse.com/show_bug.cgi?id=1109847", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315", "https://bugzilla.suse.com/show_bug.cgi?id=1079300", "https://www.suse.com/security/cve/CVE-2012-0845/", "https://bugzilla.suse.com/show_bug.cgi?id=441088", "https://bugzilla.suse.com/show_bug.cgi?id=863741", "https://bugzilla.suse.com/show_bug.cgi?id=399190", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14647", "https://bugzilla.suse.com/show_bug.cgi?id=856835", "https://bugzilla.suse.com/show_bug.cgi?id=997436", "https://bugzilla.suse.com/show_bug.cgi?id=432677", "https://www.suse.com/security/cve/CVE-2008-3144/", "https://bugzilla.suse.com/show_bug.cgi?id=707667", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061", "https://bugzilla.suse.com/show_bug.cgi?id=437293", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16056", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9636", "https://bugzilla.suse.com/show_bug.cgi?id=747794", "https://bugzilla.suse.com/show_bug.cgi?id=380942", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052", "https://bugzilla.suse.com/show_bug.cgi?id=1083507", "https://bugzilla.suse.com/show_bug.cgi?id=214983", "https://bugzilla.suse.com/show_bug.cgi?id=1081750", "https://www.suse.com/security/cve/CVE-2018-1061/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20852", "https://www.suse.com/security/cve/CVE-2012-1150/", "https://www.suse.com/security/cve/CVE-2019-9948/"], "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2011-1521", "CVE-2011-3389", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150", "CVE-2013-1752", "CVE-2013-1753", "CVE-2013-4238", "CVE-2014-1912", "CVE-2014-4650", "CVE-2014-7185", "CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699", "CVE-2017-1000158", "CVE-2017-18207", "CVE-2018-1000030", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647", "CVE-2018-20852", "CVE-2019-10160", "CVE-2019-16056", "CVE-2019-16935", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9947", "CVE-2019-9948"], "immutableFields": [], "lastseen": "2023-01-11T15:05:20", "viewCount": 25, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2019:0981", "ALSA-2019:3335", "ALSA-2020:1605", "ALSA-2020:4433"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-5010"]}, {"type": "amazon", "idList": ["ALAS-2011-010", "ALAS-2012-080", "ALAS-2012-081", "ALAS-2012-098", "ALAS-2013-220", "ALAS-2013-241", "ALAS-2014-292", "ALAS-2014-293", "ALAS-2014-440", "ALAS-2015-552", "ALAS-2015-621", "ALAS-2016-724", "ALAS-2016-741", "ALAS-2018-1003", "ALAS-2018-1101", "ALAS-2018-1108", "ALAS-2018-1132", "ALAS-2018-943", "ALAS-2018-945", "ALAS-2019-1169", "ALAS-2019-1202", "ALAS-2019-1204", "ALAS-2019-1230", "ALAS-2019-1242", "ALAS-2019-1243", "ALAS-2019-1258", "ALAS-2019-1259", "ALAS-2019-1314", "ALAS-2019-1324", "ALAS-2020-1342", "ALAS-2020-1375", "ALAS-2020-1428", "ALAS-2020-1429", "ALAS2-2018-1132", "ALAS2-2019-1169", "ALAS2-2019-1204", "ALAS2-2019-1230", "ALAS2-2019-1247", "ALAS2-2019-1258", "ALAS2-2019-1259", "ALAS2-2019-1291", "ALAS2-2019-1368", "ALAS2-2020-1432"]}, {"type": "apple", "idList": ["APPLE:E8FF9F04ED54DD8E8D5B899FB4A8000E", "APPLE:HT207615"]}, {"type": "archlinux", "idList": ["ASA-201409-3", "ASA-201412-15", "ASA-201906-17", "ASA-201911-4"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "centos", "idList": ["CESA-2007:1076", "CESA-2007:1077-01", "CESA-2009:1176", "CESA-2009:1178", "CESA-2011:0491", "CESA-2011:0492", "CESA-2011:1380", "CESA-2012:0744", "CESA-2012:0745", "CESA-2012:1088", "CESA-2012:1089", "CESA-2013:1582", "CESA-2015:1330", "CESA-2015:2101", "CESA-2016:1626", "CESA-2016:2586", "CESA-2018:3041", "CESA-2019:0710", "CESA-2019:1467", "CESA-2019:1587", "CESA-2019:2030", "CESA-2020:1131", "CESA-2020:1132", "CESA-2020:3888", "CESA-2020:3911"]}, {"type": "cert", "idList": ["VU:797896", "VU:864643"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2011-505", "CPAI-2012-020", "CPAI-2016-0607", "CPAI-2019-1561"]}, {"type": "checkpoint_security", "idList": ["CPS:SK86440"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:00A5222591F42E54CF0AA3142F2C10BC", "CFOUNDRY:372C89C2034124B41C6B1DC1B76A49D9", "CFOUNDRY:596815DF0937570BB2850A53D4DFA6B2", "CFOUNDRY:96AA06BA747CBCB841534EC96B876550", "CFOUNDRY:C7368B69703D2F78B11155E4CE99EC4C", "CFOUNDRY:EDF9B83EB83E197F691D5842752D4768"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1616001357", "CLSA-2021:1632401716", "CLSA-2021:1633442879"]}, {"type": "cve", "idList": ["CVE-2004-2770", "CVE-2007-2052", "CVE-2008-1721", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-5031", "CVE-2010-1449", "CVE-2010-1634", "CVE-2011-1521", "CVE-2011-3389", "CVE-2011-4137", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150", "CVE-2012-1587", "CVE-2013-1752", "CVE-2013-1753", "CVE-2013-4238", "CVE-2013-4328", "CVE-2013-7040", "CVE-2014-1912", "CVE-2014-4650", "CVE-2014-7185", "CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699", "CVE-2017-1000158", "CVE-2017-18207", "CVE-2018-1000030", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647", "CVE-2018-20852", "CVE-2019-10160", "CVE-2019-16056", "CVE-2019-16935", "CVE-2019-18348", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9947", "CVE-2019-9948"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1189-1:6BC2A", "DEBIAN:DLA-1190-1:84E6F", "DEBIAN:DLA-1519-1:1A158", "DEBIAN:DLA-1520-1:70B85", "DEBIAN:DLA-154-1:C91BD", "DEBIAN:DLA-1663-1:4268B", "DEBIAN:DLA-1834-1:7FA17", "DEBIAN:DLA-1835-1:96F0B", "DEBIAN:DLA-1835-2:87B43", "DEBIAN:DLA-1852-1:7CEC9", "DEBIAN:DLA-1852-1:E8143", "DEBIAN:DLA-1889-1:E4DD0", "DEBIAN:DLA-1906-1:2D8B3", "DEBIAN:DLA-1924-1:DDBDB", "DEBIAN:DLA-1925-1:B2568", "DEBIAN:DLA-2280-1:96280", "DEBIAN:DLA-2337-1:70801", "DEBIAN:DLA-25-1:0FCA7", "DEBIAN:DLA-2628-1:6F808", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DLA-522-1:8516F", "DEBIAN:DLA-871-1:C4200", "DEBIAN:DSA-1551-1:41B8A", "DEBIAN:DSA-1620-1:7CA52", "DEBIAN:DSA-1667-1:B9268", "DEBIAN:DSA-1977-1:4A5F0", "DEBIAN:DSA-2356-1:91E00", "DEBIAN:DSA-2358-1:F21E5", "DEBIAN:DSA-2368-1:91542", "DEBIAN:DSA-2381-:320B8", "DEBIAN:DSA-2398-1:A6208", "DEBIAN:DSA-2398-2:1A463", "DEBIAN:DSA-2880-1:28B7E", "DEBIAN:DSA-4306-1:95510", "DEBIAN:DSA-4307-1:C7B50"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2010-1449", "DEBIANCVE:CVE-2010-1634", "DEBIANCVE:CVE-2011-1521", "DEBIANCVE:CVE-2011-3389", "DEBIANCVE:CVE-2011-4137", "DEBIANCVE:CVE-2011-4944", "DEBIANCVE:CVE-2012-0845", "DEBIANCVE:CVE-2012-1150", "DEBIANCVE:CVE-2013-1753", "DEBIANCVE:CVE-2013-4238", "DEBIANCVE:CVE-2013-7040", "DEBIANCVE:CVE-2014-1912", "DEBIANCVE:CVE-2014-4650", "DEBIANCVE:CVE-2014-7185", "DEBIANCVE:CVE-2016-0772", "DEBIANCVE:CVE-2016-1000110", "DEBIANCVE:CVE-2016-5636", "DEBIANCVE:CVE-2016-5699", "DEBIANCVE:CVE-2017-1000158", "DEBIANCVE:CVE-2018-1000030", "DEBIANCVE:CVE-2018-1000802", "DEBIANCVE:CVE-2018-1060", "DEBIANCVE:CVE-2018-1061", "DEBIANCVE:CVE-2018-14647", "DEBIANCVE:CVE-2018-20852", "DEBIANCVE:CVE-2019-10160", "DEBIANCVE:CVE-2019-16056", "DEBIANCVE:CVE-2019-16935", "DEBIANCVE:CVE-2019-18348", "DEBIANCVE:CVE-2019-5010", "DEBIANCVE:CVE-2019-9636", "DEBIANCVE:CVE-2019-9947", "DEBIANCVE:CVE-2019-9948"]}, {"type": "exploitdb", "idList": ["EDB-ID:33894", "EDB-ID:43500"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:35A921A81EE6FB28E829D4305BB3A08D", "EXPLOITPACK:8E7AE717DB9D8AE0105415BFDE08CC6D", "EXPLOITPACK:9C529D1C084FC5AFEA7C8A0D0E5A989A"]}, {"type": "f5", "idList": ["F5:K01955184", "F5:K10420455", "F5:K13400", "F5:K15638", "F5:K28622040", "F5:K37332121", "F5:K53192206", "F5:K53955014", "F5:K57542514", "F5:K75004031", "F5:K75910138", "F5:K78825687", "F5:K93278412", "SOL13400", "SOL15638", "SOL75004031"]}, {"type": "fedora", "idList": ["FEDORA:00A2322B5E", "FEDORA:02DC06048FC7", "FEDORA:045BF605A2AA", "FEDORA:04F1C20CB8", "FEDORA:071096091F43", "FEDORA:094916547A7E", "FEDORA:096D7228ED", "FEDORA:0CED66063610", "FEDORA:0ED9D6087788", "FEDORA:0FD96602C182", "FEDORA:109F760E86F6", "FEDORA:1262420CBE", "FEDORA:132956044E67", "FEDORA:179F720CEB", "FEDORA:1AC5420CC5", "FEDORA:1AE322106C", "FEDORA:1ED6B601DA54", "FEDORA:1FEA26070D5D", "FEDORA:200AC208B1", "FEDORA:206E92195B", "FEDORA:21C7E60167A3", "FEDORA:2282A6067310", "FEDORA:2368560677B3", "FEDORA:23DC121EA6", "FEDORA:2490220CD3", "FEDORA:269F320D4C", "FEDORA:27E2C635B8E4", "FEDORA:2827460D7732", "FEDORA:2A3D62083D", "FEDORA:2B464605DA54", "FEDORA:2B4CF20C99", "FEDORA:2C36E606E488", "FEDORA:2D2B820A5C", "FEDORA:2EDC5604B22D", "FEDORA:2F07020CD7", "FEDORA:320272143B", "FEDORA:32C0C208B4", "FEDORA:37BAE20CD9", "FEDORA:38E5F21625", "FEDORA:39BC8648F027", "FEDORA:3B9866076974", "FEDORA:3C93C6049718", "FEDORA:3CB7960A4420", "FEDORA:3EBBA608B7E0", "FEDORA:3F23C623C260", "FEDORA:4053B20CDA", "FEDORA:41B6B6005555", "FEDORA:4329260E587A", "FEDORA:448466076F61", "FEDORA:45707604CD90", "FEDORA:45E2C214D4", "FEDORA:462E6208E1", "FEDORA:4857E22DBD", "FEDORA:486336075F15", "FEDORA:4867220AB1", "FEDORA:48FBB20CE9", "FEDORA:4B77660C7BDE", "FEDORA:4C0A96021754", "FEDORA:4FA016419F1F", "FEDORA:4FCC221CAB", "FEDORA:4FECC20A10", "FEDORA:5015E613FFC0", "FEDORA:504CC6389DFC", "FEDORA:5191B22DC7", "FEDORA:543086075EF0", "FEDORA:55212604E121", "FEDORA:55FE8604DFF9", "FEDORA:55FF821575", "FEDORA:56C2C601CFA0", "FEDORA:573A76075B24", "FEDORA:586F0625A750", "FEDORA:5A55A6051CF5", "FEDORA:5A57F22DE8", "FEDORA:5A77C60200D2", "FEDORA:5B059609AE6F", "FEDORA:5C1B660A291E", "FEDORA:5C9E36075B24", "FEDORA:5DDA721219", "FEDORA:5E9EC6087580", "FEDORA:607306060C60", "FEDORA:61CEB60525CF", "FEDORA:6206560167BB", "FEDORA:62E9022DEA", "FEDORA:66C72604D404", "FEDORA:6BF3822E23", "FEDORA:6DB226077836", "FEDORA:6DE72217A3", "FEDORA:73438221A8", "FEDORA:74DE463D8BDD", "FEDORA:7617922E25", "FEDORA:794FB6085F84", "FEDORA:79A3360CE877", "FEDORA:7A86F6087662", "FEDORA:7A99560A8F88", "FEDORA:7D6AB6133B32", "FEDORA:7EE8622E3A", "FEDORA:849DD6547A63", "FEDORA:84F90606E1D2", "FEDORA:853AD608EC23", "FEDORA:862A060321A8", "FEDORA:86A6A60BF244", "FEDORA:88C4462CD8F9", "FEDORA:88F7421515", "FEDORA:8D0BB60525B8", "FEDORA:8D61A604973B", "FEDORA:9207D605DCCF", "FEDORA:9301E6076020", "FEDORA:980D160648E9", "FEDORA:9848360648DC", "FEDORA:996DF604E834", "FEDORA:99A466079738", "FEDORA:99CA760D80C9", "FEDORA:9B4EA605CC38", "FEDORA:9C4D36076D01", "FEDORA:9D331212AC", "FEDORA:9D9DE60A9B8D", "FEDORA:9DF1D605042E", "FEDORA:9F764605D68D", "FEDORA:A120E60BDFFD", "FEDORA:A2C3F213B0", "FEDORA:A2CF8605771B", "FEDORA:A3CA160A9B8F", "FEDORA:A47F0601CAC6", "FEDORA:AD13120DB6", "FEDORA:AD6D26085AD3", "FEDORA:AE27360D4BD6", "FEDORA:AE30560F3A00", "FEDORA:B1957605F08E", "FEDORA:B215721F22", "FEDORA:B52EF60A8F8C", "FEDORA:B61A36076D27", "FEDORA:B6D9960762A9", "FEDORA:B940C60A8A0C", "FEDORA:B94AE607798F", "FEDORA:BF65760525B8", "FEDORA:BFDED20E5F", "FEDORA:C291D604A73C", "FEDORA:C5762206E3", "FEDORA:C57FE60A2910", "FEDORA:C730C64C5090", "FEDORA:C8C1E60918F1", "FEDORA:C91256087AAF", "FEDORA:CA341608FD0B", "FEDORA:CF8B162C3B99", "FEDORA:D187060603E3", "FEDORA:D37956047C92", "FEDORA:D432B602F037", "FEDORA:D4C3521434", "FEDORA:D68E221277", "FEDORA:D6C69615CA42", "FEDORA:D75F56048166", "FEDORA:DB61F60CE102", "FEDORA:DBDE4606041A", "FEDORA:DD0FD6512E62", "FEDORA:DD3CA6513109", "FEDORA:DD57B208B1", "FEDORA:DFCF964B861F", "FEDORA:E0DB26065299", "FEDORA:E272360D99E0", "FEDORA:E3D4760350F4", "FEDORA:E452E6021791", "FEDORA:E51866176380", "FEDORA:E608564C614C", "FEDORA:E627160A4090", "FEDORA:E779120CA7", "FEDORA:EA23E62567AD", "FEDORA:EBA6466B31FD", "FEDORA:EC9E0604D409", "FEDORA:ED8F7604C859", "FEDORA:EFD0F6060E90", "FEDORA:EFF1B60FC97E", "FEDORA:F036720CB7", "FEDORA:F332B2138D", "FEDORA:F38FB60CBEE0", "FEDORA:F3F93606FD7F"]}, {"type": "freebsd", "idList": ["0DCCAA28-7F3C-11DD-8DE5-0030843D3802", "0FE70BCD-2CE3-46C9-A64B-4A7DA097DB07", "18CE9A90-F269-11E1-BE53-080027EF73EC", "18ED9650-A1D6-11E9-9B17-FCAA147E860E", "1D0F6852-33D8-11E6-A671-60A44CE6887B", "559F3D1B-CB1D-11E5-80A4-001999F8D30B", "8719B935-8BAE-41AD-92BA-3C826F651219", "8D5368EF-40FE-11E6-B2EC-B499BAEBFEAF", "8E5E6D42-A0FA-11E3-B09A-080027F2D077", "A449C604-A43A-11E9-B422-FCAA147E860E", "A4A809D8-25C8-11E1-B531-00215C6A37BB", "A61374FC-3A4D-11E6-A671-60A44CE6887B", "B4F8BE9E-56B2-11E1-9FB7-003067B2972C", "D74371D2-4FEE-11E9-A5CD-1DF8A848DE3D", "EC41C3E2-129C-11DD-BAB7-0016179B2DD5"]}, {"type": "gentoo", "idList": ["GLSA-200807-01", "GLSA-200807-16", "GLSA-201111-02", "GLSA-201203-02", "GLSA-201301-01", "GLSA-201401-04", "GLSA-201406-32", "GLSA-201503-10", "GLSA-201701-18", "GLSA-201805-02", "GLSA-201811-02", "GLSA-202003-26"]}, {"type": "github", "idList": ["GHSA-3JQW-CRQJ-W8QW"]}, {"type": "githubexploit", "idList": ["0C076F95-ABB2-53E1-9E25-F7D1A5A9B3A1"]}, {"type": "gitlab", "idList": ["GITLAB-F8870E91AA55D92266BA9DAF7EC7E29A"]}, {"type": "hackerone", "idList": ["H1:1178562", "H1:144782", "H1:165102", "H1:165154", "H1:412673", "H1:590020", "H1:705420"]}, {"type": "ibm", "idList": ["05B0DC8D7A3C31970B0CA0F0C0ED5B3A16233221026D8D9A370AF5E7C32B48F0", "15DA8B02C0EE18C494CE300BE00470079DE5884E7FABD33120881C0071985E51", "17ADCC3991EF6418AEE30E045384B4AA787D40524B4DDCFDED54CEFB7330CCB1", "1B0ED4A3526A4957AFA5966EC1D954AC93826AA8F95F1EF2E8A3A6657E73F691", "1D9AF86CEFE67E1C1D9A98469BBC91AB02F539FDAEA9A93B664F14D1E806D37B", "22C6665D00A9702426CEE593F4765FD3CD4EE170F8AA7F50D0505C6B2799BC21", "233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "269B504D34D7B9BDD776A87F2BEC62D1CD4CA692AD0765FE50BEF0B6FFC0283F", "2D313E61C8DDD54F55567321F7E7638E346F11C56DF4960FF32482A9F20F2D09", "2E6D778793B990B68E72041D95DBC2B227927F08D97BCA9E118EC96F940B7A01", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "303CC17CDB88F2B5C4A7C91575329C973AC7ABB20BE29027BAC6426E80C194F7", "30CDD497090F8940455238317492E01063AFC3CC537C3C8827026D302DFD0F4B", "3768EF26D10A8D3D80E9253CA1E6D15061699940ABE247E2737191D372036914", "37F93777210D3E697FEE1FFB9F1F24D00587BEB90F69BC2D11101BE949FE12E9", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "42199350A15ECD574A4263D0A6005F41F9E7F2D6CBDAFC538A9528C9803327A0", "4658C62A77F48A34C93A36AA5082184E598712E676A47847A2174B2175EB4DBB", "4BED10A9B77647D47155BEF6AEAE7754FE7B1E83A7CC5B95FC30366FA2805FDD", "4F6FB5501A3A3DEBC541BF8B696E71B1DC215ACD088489CF6E93DFD00FFE1F27", "50F054E398D9C2FEC6804DE8873031657002656851BE150871B2800BAA7C2644", "519ACEECE46E573E03F7FA0C1AF13E8FB0B460ACD56DD6FD91E7D025F5BC2CC6", "524256EABD737B6D4F976C7E7E0E79A6CF7150F4ECB0601EFAC72424AF7B1761", "58C1DFD540547AB60466B1F4F820D3217038C6F41CEA4FCA665F19DF97CB0815", "5F64F57560BFC926CBF0B18BFB5BAECC3BB3859068F69B1F7B77FD5966857C7A", "5FBC32666F838852B68EDFAE1E80838131FB36A6D514D59814F0D4F49926D8A4", "6599DC93FFCF552D50A8FC9F31B71D111EC8AFA95F2B494C03ED7610CB908101", "6A039724B7EB96AC81BB63AD7246EC39438370B1FB040E4251AB7E7DCC2A7AF5", "7720CDB160289B10896BC6C2C76860A0747166E23A66E36260253CD2B713CF52", "7B1F807414220F3532A128DB7A0F22545E6A098D1C584D2D752DB88B285DAA29", "81D5F6F41E5617EDA7FF694BBE43496FC48B7577BB4C9C238127ECCCB1D40118", "890628A575E88DA559CB7D8A6C87F7320A032F4AE381570BB13B56E6A2163D7F", "8DB1711F2A07EF0B48131799885ECE9CBB204C2E6C78D90D356163065F5A3EC1", "8ECA6222D3C238F29A31FEE8DEAFD26C737F2975DCA8D95684CFF7F79AA0F358", "9202FEEFF3A51B62352E326D8E236E2EAC4049831A1233C011A385A772D5D0DA", "92BAA2CFDFFEAB55F3ED7EBC0A3EE5A881814F275C7B91CCF17EC9995E7DF59D", "A2B4AE0CAA153F717FC9D290DE4B7A563C9B926DE7D7C6B738B1746EC64BEBCB", "A8F9E1B81DC06E155AA3018909D00AA443F0B83C885BE667CD9EB051536E7A27", "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "B5BA7A019881D4357D8DF943ED0F2EBF5D00B203B4AF8DE699E3A190780BD598", "B5D3CBC8303AFE13664597A8E9C5222B5FD7EA238E25D4C36FF86C202367E2A7", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "BDFA432EA62E6EFDD1DA5F84B4EE926C27FCF1125443F9D0EC5005B0FEE74C89", "C9488F06558746146D0C18DBB0BEB871DAFDC70B677B49F63F50BEA425EB86AF", "CC5089F9744A6B5AF776C8A1234A9BCA32E0798D396B5C631C8D215B02EA08AB", "D71F903EC9EE20A4A8C2DCFB2E21D38954D4598BFB4CF4FB467C4DD0050F0624", "DB8E4E659E64514548095D982131905FB3A6F5608C5916769B8820AA6A05133D", "DDCE3DF1C0F2F3507A59F94E81A8ADEA101DC8CB5DCFAEE3754B7E7CBB0C41CB", "E0843A66F8C9DD3021DCEAEAFFE1FDB9DC8A74785B6380C1EE79C5C495C08EEE", "EE401701BD8559FAF17E89F1BEE49FCEFEE563D836128E0FEDEE544C912CDA1A", "EF6337B3BE8850DC5B93DC33DA6E2610AE8AC00F05BFD07EB43C35AAAB391818", "F0BB6DF3DC481E0195EF4764CB88EC919315AC25F5DDE405555640DD78D1405A", "F38DFF5FEE1396671C55A703E394421016F5CD9E653A20481CDB50F7C82DB71B", "F580FF4CEB598CA3467D78787F21CBD43A41006A53D20B06562A11F31F1DFABE", "F6058A1D059DA93442DDD2C9B24DC394470C4B3938532ADD3D520881A3F22AB0"]}, {"type": "ics", "idList": ["ICSA-14-098-03", "ICSA-19-192-04", "ICSMA-18-058-02", "ICSMA-21-187-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:461A7AC5896687E62024A8D8E5A3749D"]}, {"type": "kaspersky", "idList": ["KLA10866", "KLA11144"]}, {"type": "mageia", "idList": ["MGASA-2013-0250", "MGASA-2013-0252", "MGASA-2014-0085", "MGASA-2014-0139", "MGASA-2014-0285", "MGASA-2014-0399", "MGASA-2016-0230", "MGASA-2016-0296", "MGASA-2018-0004", "MGASA-2018-0256", "MGASA-2018-0270", "MGASA-2018-0495", "MGASA-2019-0084", "MGASA-2019-0135", "MGASA-2019-0148", "MGASA-2019-0165", "MGASA-2019-0318"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY-SCANNER-SSL-SSL_VERSION-"]}, {"type": "mskb", "idList": ["KB2643584"]}, {"type": "myhack58", "idList": ["MYHACK58:62201993420"]}, {"type": "nessus", "idList": ["6019.PRM", "6039.PRM", "6041.PRM", "6105.PRM", "6303.PRM", "6482.PRM", "6583.PRM", "720302.PRM", "800845.PRM", "800858.PRM", "8981.PRM", "AL2_ALAS-2018-1132.NASL", "AL2_ALAS-2019-1169.NASL", "AL2_ALAS-2019-1204.NASL", "AL2_ALAS-2019-1230.NASL", "AL2_ALAS-2019-1247.NASL", "AL2_ALAS-2019-1258.NASL", "AL2_ALAS-2019-1259.NASL", "AL2_ALAS-2019-1291.NASL", "AL2_ALAS-2019-1368.NASL", "AL2_ALAS-2020-1432.NASL", "ALA_ALAS-2011-10.NASL", "ALA_ALAS-2012-80.NASL", "ALA_ALAS-2012-81.NASL", "ALA_ALAS-2012-98.NASL", "ALA_ALAS-2013-220.NASL", "ALA_ALAS-2013-241.NASL", "ALA_ALAS-2014-292.NASL", "ALA_ALAS-2014-293.NASL", "ALA_ALAS-2014-440.NASL", "ALA_ALAS-2015-552.NASL", "ALA_ALAS-2015-621.NASL", "ALA_ALAS-2016-724.NASL", "ALA_ALAS-2016-741.NASL", "ALA_ALAS-2018-1003.NASL", "ALA_ALAS-2018-1101.NASL", "ALA_ALAS-2018-1108.NASL", "ALA_ALAS-2018-1132.NASL", "ALA_ALAS-2018-943.NASL", "ALA_ALAS-2018-945.NASL", "ALA_ALAS-2019-1169.NASL", "ALA_ALAS-2019-1202.NASL", "ALA_ALAS-2019-1204.NASL", "ALA_ALAS-2019-1230.NASL", "ALA_ALAS-2019-1242.NASL", "ALA_ALAS-2019-1243.NASL", "ALA_ALAS-2019-1258.NASL", "ALA_ALAS-2019-1259.NASL", "ALA_ALAS-2019-1314.NASL", "ALA_ALAS-2019-1324.NASL", "ALA_ALAS-2020-1342.NASL", "ALA_ALAS-2020-1375.NASL", "ALA_ALAS-2020-1428.NASL", "ALA_ALAS-2020-1429.NASL", "ALMA_LINUX_ALSA-2020-4433.NASL", "APPLE_IOS_50_CHECK.NBIN", "ASTERISK_AST_2016_003.NASL", "CENTOS8_RHSA-2019-0981.NASL", "CENTOS8_RHSA-2019-3335.NASL", "CENTOS8_RHSA-2019-3520.NASL", "CENTOS8_RHSA-2020-1605.NASL", "CENTOS8_RHSA-2020-1764.NASL", "CENTOS8_RHSA-2020-4433.NASL", "CENTOS_RHSA-2007-1076.NASL", "CENTOS_RHSA-2009-1176.NASL", "CENTOS_RHSA-2009-1178.NASL", "CENTOS_RHSA-2011-0491.NASL", "CENTOS_RHSA-2011-0492.NASL", "CENTOS_RHSA-2011-1380.NASL", "CENTOS_RHSA-2012-0744.NASL", "CENTOS_RHSA-2012-0745.NASL", "CENTOS_RHSA-2012-1088.NASL", "CENTOS_RHSA-2012-1089.NASL", "CENTOS_RHSA-2013-1582.NASL", "CENTOS_RHSA-2015-1330.NASL", "CENTOS_RHSA-2015-2101.NASL", "CENTOS_RHSA-2016-1626.NASL", "CENTOS_RHSA-2016-2586.NASL", "CENTOS_RHSA-2018-3041.NASL", "CENTOS_RHSA-2019-0710.NASL", "CENTOS_RHSA-2019-1467.NASL", "CENTOS_RHSA-2019-1587.NASL", "CENTOS_RHSA-2019-2030.NASL", "CENTOS_RHSA-2020-1131.NASL", "CENTOS_RHSA-2020-1132.NASL", "CENTOS_RHSA-2020-3888.NASL", "CENTOS_RHSA-2020-3911.NASL", "DEBIAN_DLA-1189.NASL", "DEBIAN_DLA-1190.NASL", "DEBIAN_DLA-1519.NASL", "DEBIAN_DLA-1520.NASL", "DEBIAN_DLA-154.NASL", "DEBIAN_DLA-1663.NASL", "DEBIAN_DLA-1834.NASL", "DEBIAN_DLA-1835.NASL", "DEBIAN_DLA-1852.NASL", "DEBIAN_DLA-1889.NASL", "DEBIAN_DLA-1906.NASL", "DEBIAN_DLA-1924.NASL", "DEBIAN_DLA-1925.NASL", "DEBIAN_DLA-2280.NASL", "DEBIAN_DLA-2337.NASL", "DEBIAN_DLA-2628.NASL", "DEBIAN_DLA-400.NASL", "DEBIAN_DLA-522.NASL", "DEBIAN_DLA-871.NASL", "DEBIAN_DSA-1551.NASL", "DEBIAN_DSA-1620.NASL", "DEBIAN_DSA-1667.NASL", "DEBIAN_DSA-1977.NASL", "DEBIAN_DSA-2356.NASL", "DEBIAN_DSA-2358.NASL", "DEBIAN_DSA-2368.NASL", "DEBIAN_DSA-2398.NASL", "DEBIAN_DSA-2880.NASL", "DEBIAN_DSA-4306.NASL", "DEBIAN_DSA-4307.NASL", "EULEROS_SA-2016-1036.NASL", "EULEROS_SA-2017-1003.NASL", "EULEROS_SA-2017-1334.NASL", "EULEROS_SA-2017-1335.NASL", "EULEROS_SA-2018-1078.NASL", "EULEROS_SA-2019-1055.NASL", "EULEROS_SA-2019-1072.NASL", "EULEROS_SA-2019-1124.NASL", "EULEROS_SA-2019-1149.NASL", "EULEROS_SA-2019-1246.NASL", "EULEROS_SA-2019-1248.NASL", "EULEROS_SA-2019-1277.NASL", "EULEROS_SA-2019-1336.NASL", "EULEROS_SA-2019-1337.NASL", "EULEROS_SA-2019-1338.NASL", "EULEROS_SA-2019-1357.NASL", "EULEROS_SA-2019-1359.NASL", "EULEROS_SA-2019-1403.NASL", "EULEROS_SA-2019-1434.NASL", "EULEROS_SA-2019-1594.NASL", "EULEROS_SA-2019-1626.NASL", "EULEROS_SA-2019-1658.NASL", "EULEROS_SA-2019-1771.NASL", "EULEROS_SA-2019-1778.NASL", "EULEROS_SA-2019-1797.NASL", "EULEROS_SA-2019-1866.NASL", "EULEROS_SA-2019-1934.NASL", "EULEROS_SA-2019-2019.NASL", "EULEROS_SA-2019-2091.NASL", "EULEROS_SA-2019-2114.NASL", "EULEROS_SA-2019-2115.NASL", "EULEROS_SA-2019-2225.NASL", "EULEROS_SA-2019-2259.NASL", "EULEROS_SA-2019-2442.NASL", "EULEROS_SA-2019-2653.NASL", "EULEROS_SA-2020-1044.NASL", "EULEROS_SA-2020-1048.NASL", "EULEROS_SA-2020-1126.NASL", "EULEROS_SA-2020-1212.NASL", "EULEROS_SA-2020-1275.NASL", "EULEROS_SA-2020-1295.NASL", "EULEROS_SA-2020-1344.NASL", "EULEROS_SA-2020-1427.NASL", "EULEROS_SA-2020-1472.NASL", "EULEROS_SA-2020-1516.NASL", "EULEROS_SA-2020-1532.NASL", "EULEROS_SA-2020-1574.NASL", "EULEROS_SA-2020-1646.NASL", "EULEROS_SA-2020-1689.NASL", "F5_BIGIP_SOL28622040.NASL", "F5_BIGIP_SOL53192206.NASL", "F5_BIGIP_SOL57542514.NASL", "F5_BIGIP_SOL78825687.NASL", "FEDORA_2011-15020.NASL", "FEDORA_2011-15555.NASL", "FEDORA_2011-17399.NASL", "FEDORA_2011-17400.NASL", "FEDORA_2012-5785.NASL", "FEDORA_2012-5892.NASL", "FEDORA_2012-5916.NASL", "FEDORA_2012-5924.NASL", "FEDORA_2012-9135.NASL", "FEDORA_2013-15146.NASL", "FEDORA_2013-15254.NASL", "FEDORA_2014-11522.NASL", "FEDORA_2014-11559.NASL", "FEDORA_2014-13764.NASL", "FEDORA_2014-13777.NASL", "FEDORA_2014-14208.NASL", "FEDORA_2014-14227.NASL", "FEDORA_2014-14245.NASL", "FEDORA_2014-14257.NASL", "FEDORA_2014-14266.NASL", "FEDORA_2014-2394.NASL", "FEDORA_2014-2418.NASL", "FEDORA_2015-5938.NASL", "FEDORA_2015-6003.NASL", "FEDORA_2015-6010.NASL", "FEDORA_2016-105B80D1BE.NASL", "FEDORA_2016-13BE2EE499.NASL", "FEDORA_2016-22EAB18150.NASL", "FEDORA_2016-2869023091.NASL", "FEDORA_2016-2C324D0670.NASL", "FEDORA_2016-308F78B2F4.NASL", "FEDORA_2016-32E5A8C3A8.NASL", "FEDORA_2016-34CA5273E9.NASL", "FEDORA_2016-5C52DCFE47.NASL", "FEDORA_2016-604616DC33.NASL", "FEDORA_2016-663608C5BB.NASL", "FEDORA_2016-6C2B74BB96.NASL", "FEDORA_2016-970EDB82D4.NASL", "FEDORA_2016-9932F852C7.NASL", "FEDORA_2016-9FD814A7F2.NASL", "FEDORA_2016-A0853405EB.NASL", "FEDORA_2016-AAE6BB9433.NASL", "FEDORA_2016-B046B56518.NASL", "FEDORA_2016-C843C68C77.NASL", "FEDORA_2016-D3A529AAD6.NASL", "FEDORA_2016-D5917E939E.NASL", "FEDORA_2016-E37F15A5F4.NASL", "FEDORA_2016-E63A732C9D.NASL", "FEDORA_2016-EF784CF9F7.NASL", "FEDORA_2016-EFF21665E7.NASL", "FEDORA_2017-2D441A1D98.NASL", "FEDORA_2017-2E5A17C4CC.NASL", "FEDORA_2017-677069C484.NASL", "FEDORA_2017-6BE762EA64.NASL", "FEDORA_2017-7FE2C4BC0E.NASL", "FEDORA_2017-99D12BF610.NASL", "FEDORA_2017-A41F6A8078.NASL", "FEDORA_2017-CF8C62747A.NASL", "FEDORA_2017-E0ABE14016.NASL", "FEDORA_2018-04D49A1804.NASL", "FEDORA_2018-14526CBEBE.NASL", "FEDORA_2018-28EA2290AD.NASL", "FEDORA_2018-2BF852F063.NASL", "FEDORA_2018-33C7C17E71.NASL", "FEDORA_2018-4544E8DBC8.NASL", "FEDORA_2018-49D6E4BC3F.NASL", "FEDORA_2018-5ED8FB9EFA.NASL", "FEDORA_2018-71FD5DB181.NASL", "FEDORA_2018-7689556AB2.NASL", "FEDORA_2018-7EAE87EC86.NASL", "FEDORA_2018-875AFEBB87.NASL", "FEDORA_2018-937E8A39C4.NASL", "FEDORA_2018-9860917DB0.NASL", "FEDORA_2018-99FF4C8F80.NASL", "FEDORA_2018-A042F795B2.NASL", "FEDORA_2018-A2C1453607.NASL", "FEDORA_2018-AA8DE9D66A.NASL", "FEDORA_2018-AC14DBF3FD.NASL", "FEDORA_2018-AE70D262B0.NASL", "FEDORA_2018-B6DE5FC905.NASL", "FEDORA_2018-BBBD8CC3A6.NASL", "FEDORA_2018-C3A2174314.NASL", "FEDORA_2018-C3A5B2029A.NASL", "FEDORA_2018-D3B53D81E6.NASL", "FEDORA_2018-EE97FC9E81.NASL", "FEDORA_2019-00870E8BFC.NASL", "FEDORA_2019-0C91CE7B3C.NASL", "FEDORA_2019-0D3FCAE639.NASL", "FEDORA_2019-1FFD6B6064.NASL", "FEDORA_2019-232F092DB0.NASL", "FEDORA_2019-243442E600.NASL", "FEDORA_2019-2B1F72899A.NASL", "FEDORA_2019-4954D8773C.NASL", "FEDORA_2019-50772CF122.NASL", "FEDORA_2019-51F1E08207.NASL", "FEDORA_2019-57462FA10D.NASL", "FEDORA_2019-5DC275C9F2.NASL", "FEDORA_2019-60A1DEFCD1.NASL", "FEDORA_2019-6B02154AA0.NASL", "FEDORA_2019-6BAEB15DA3.NASL", "FEDORA_2019-6E1938A3C5.NASL", "FEDORA_2019-6FAFD84F5D.NASL", "FEDORA_2019-74BA24605E.NASL", "FEDORA_2019-758824A3FF.NASL", "FEDORA_2019-7723D4774A.NASL", "FEDORA_2019-7D9F3CF3CE.NASL", "FEDORA_2019-7DF59302E0.NASL", "FEDORA_2019-7EB6D3B8EA.NASL", "FEDORA_2019-7EC5BB5D22.NASL", "FEDORA_2019-86F32CBAB1.NASL", "FEDORA_2019-986622833F.NASL", "FEDORA_2019-9BFB4A3E4B.NASL", "FEDORA_2019-A122FE704D.NASL", "FEDORA_2019-A268BA7B23.NASL", "FEDORA_2019-ABA3CCA74A.NASL", "FEDORA_2019-B06EC6159B.NASL", "FEDORA_2019-B8FFB3768D.NASL", "FEDORA_2019-CF725DD20B.NASL", "FEDORA_2019-D11594BF0A.NASL", "FEDORA_2019-D202CDA4F8.NASL", "FEDORA_2019-D58EB75449.NASL", "FEDORA_2019-EC26883852.NASL", "FREEBSD_PKG_0DCCAA287F3C11DD8DE50030843D3802.NASL", "FREEBSD_PKG_0FE70BCD2CE346C9A64B4A7DA097DB07.NASL", "FREEBSD_PKG_18CE9A90F26911E1BE53080027EF73EC.NASL", "FREEBSD_PKG_18ED9650A1D611E99B17FCAA147E860E.NASL", "FREEBSD_PKG_1D0F685233D811E6A67160A44CE6887B.NASL", "FREEBSD_PKG_559F3D1BCB1D11E580A4001999F8D30B.NASL", "FREEBSD_PKG_8719B9358BAE41AD92BA3C826F651219.NASL", "FREEBSD_PKG_8D5368EF40FE11E6B2ECB499BAEBFEAF.NASL", "FREEBSD_PKG_8E5E6D42A0FA11E3B09A080027F2D077.NASL", "FREEBSD_PKG_A449C604A43A11E9B422FCAA147E860E.NASL", "FREEBSD_PKG_A4A809D825C811E1B53100215C6A37BB.NASL", "FREEBSD_PKG_A61374FC3A4D11E6A67160A44CE6887B.NASL", "FREEBSD_PKG_B4F8BE9E56B211E19FB7003067B2972C.NASL", "FREEBSD_PKG_D74371D24FEE11E9A5CD1DF8A848DE3D.NASL", "FREEBSD_PKG_EC41C3E2129C11DDBAB70016179B2DD5.NASL", "GENTOO_GLSA-200807-01.NASL", "GENTOO_GLSA-200807-16.NASL", "GENTOO_GLSA-201111-02.NASL", "GENTOO_GLSA-201203-02.NASL", "GENTOO_GLSA-201301-01.NASL", "GENTOO_GLSA-201401-04.NASL", "GENTOO_GLSA-201406-32.NASL", "GENTOO_GLSA-201503-10.NASL", "GENTOO_GLSA-201701-18.NASL", "GENTOO_GLSA-201805-02.NASL", "GENTOO_GLSA-201811-02.NASL", "GENTOO_GLSA-202003-26.NASL", "HPSMH_7_2_1_0.NASL", "HTTP_HTTPOXY.NASL", "KERIO_CONNECT_810.NASL", "LIBREOFFICE_420.NASL", "MACOSX_10_10_5.NASL", "MACOSX_10_7_2.NASL", "MACOSX_10_7_3.NASL", "MACOSX_10_7_4.NASL", "MACOSX_10_7_5.NASL", "MACOSX_10_9.NASL", "MACOSX_JAVA_10_6_UPDATE6.NASL", "MACOSX_JAVA_10_7_UPDATE1.NASL", "MACOSX_LIBREOFFICE_420.NASL", "MACOSX_SECUPD2009-001.NASL", "MACOSX_SECUPD2011-006.NASL", "MACOSX_SECUPD2012-001.NASL", "MACOSX_SECUPD2012-002.NASL", "MACOSX_SECUPD2012-004.NASL", "MACOSX_SECUPD2014-001.NASL", "MACOSX_XCODE_4_4.NASL", "MACOS_10_12_4.NASL", "MANDRAKE_MDKSA-2007-099.NASL", "MANDRIVA_MDVSA-2008-085.NASL", "MANDRIVA_MDVSA-2008-163.NASL", "MANDRIVA_MDVSA-2009-003.NASL", "MANDRIVA_MDVSA-2010-132.NASL", "MANDRIVA_MDVSA-2010-215.NASL", "MANDRIVA_MDVSA-2011-096.NASL", "MANDRIVA_MDVSA-2011-170.NASL", "MANDRIVA_MDVSA-2012-058.NASL", "MANDRIVA_MDVSA-2012-096.NASL", "MANDRIVA_MDVSA-2012-097.NASL", "MANDRIVA_MDVSA-2012-149.NASL", "MANDRIVA_MDVSA-2013-037.NASL", "MANDRIVA_MDVSA-2013-117.NASL", "MANDRIVA_MDVSA-2013-214.NASL", "MANDRIVA_MDVSA-2014-041.NASL", "MANDRIVA_MDVSA-2014-074.NASL", "MANDRIVA_MDVSA-2014-197.NASL", "MANDRIVA_MDVSA-2015-075.NASL", "MANDRIVA_MDVSA-2015-076.NASL", "MYSQL_CLUSTER_7_3_6.NASL", "NEWSTART_CGSL_NS-SA-2019-0008_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0061_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0160_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0163_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0166_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0174_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0187_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0229_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0260_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2020-0002_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2020-0030_PYTHON3.NASL", "NEWSTART_CGSL_NS-SA-2020-0059_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2020-0089_PYTHON3.NASL", "NEWSTART_CGSL_NS-SA-2020-0094_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2021-0029_PYTHON3.NASL", "NEWSTART_CGSL_NS-SA-2021-0059_PYTHON3.NASL", "NEWSTART_CGSL_NS-SA-2021-0147_PYTHON3.NASL", "NUTANIX_NXSA-AHV-20201105_1021.NASL", "NUTANIX_NXSA-AOS-5_10_9.NASL", "NUTANIX_NXSA-AOS-5_11_2.NASL", "NUTANIX_NXSA-AOS-5_15_3.NASL", "NUTANIX_NXSA-AOS-5_15_5.NASL", "NUTANIX_NXSA-AOS-5_16.NASL", "NUTANIX_NXSA-AOS-5_17_1.NASL", "NUTANIX_NXSA-AOS-5_18.NASL", "NUTANIX_NXSA-AOS-5_19_0_5.NASL", "NUTANIX_NXSA-AOS-5_19_1.NASL", "OPENSUSE-2011-100.NASL", "OPENSUSE-2012-302.NASL", "OPENSUSE-2012-76.NASL", "OPENSUSE-2013-694.NASL", "OPENSUSE-2013-695.NASL", "OPENSUSE-2013-696.NASL", "OPENSUSE-2013-697.NASL", "OPENSUSE-2014-213.NASL", "OPENSUSE-2014-278.NASL", "OPENSUSE-2014-289.NASL", "OPENSUSE-2014-333.NASL", "OPENSUSE-2014-504.NASL", "OPENSUSE-2014-505.NASL", "OPENSUSE-2014-506.NASL", "OPENSUSE-2014-517.NASL", "OPENSUSE-2014-588.NASL", "OPENSUSE-2016-906.NASL", "OPENSUSE-2016-997.NASL", "OPENSUSE-2018-1001.NASL", "OPENSUSE-2018-1128.NASL", "OPENSUSE-2018-1363.NASL", "OPENSUSE-2018-372.NASL", "OPENSUSE-2018-511.NASL", "OPENSUSE-2018-779.NASL", "OPENSUSE-2019-1273.NASL", "OPENSUSE-2019-1282.NASL", "OPENSUSE-2019-1371.NASL", "OPENSUSE-2019-155.NASL", "OPENSUSE-2019-1580.NASL", "OPENSUSE-2019-184.NASL", "OPENSUSE-2019-1906.NASL", "OPENSUSE-2019-1988.NASL", "OPENSUSE-2019-1989.NASL", "OPENSUSE-2019-2389.NASL", "OPENSUSE-2019-2393.NASL", "OPENSUSE-2019-2438.NASL", "OPENSUSE-2019-2453.NASL", "OPENSUSE-2019-292.NASL", "OPENSUSE-2019-765.NASL", "OPENSUSE-2020-2332.NASL", "OPENSUSE-2020-2333.NASL", "OPENSUSE-2020-86.NASL", "OPERA_1151.NASL", "OPERA_1160.NASL", "ORACLELINUX_ELSA-2007-1076.NASL", "ORACLELINUX_ELSA-2009-1176.NASL", "ORACLELINUX_ELSA-2009-1177.NASL", "ORACLELINUX_ELSA-2009-1178.NASL", "ORACLELINUX_ELSA-2011-0491.NASL", "ORACLELINUX_ELSA-2011-0492.NASL", "ORACLELINUX_ELSA-2011-1380.NASL", "ORACLELINUX_ELSA-2012-0744.NASL", "ORACLELINUX_ELSA-2012-0745.NASL", "ORACLELINUX_ELSA-2012-1088.NASL", "ORACLELINUX_ELSA-2012-1089.NASL", "ORACLELINUX_ELSA-2013-1582.NASL", "ORACLELINUX_ELSA-2015-1330.NASL", "ORACLELINUX_ELSA-2015-2101.NASL", "ORACLELINUX_ELSA-2016-1626.NASL", "ORACLELINUX_ELSA-2016-2586.NASL", "ORACLELINUX_ELSA-2018-3041.NASL", "ORACLELINUX_ELSA-2019-0710.NASL", "ORACLELINUX_ELSA-2019-0981.NASL", "ORACLELINUX_ELSA-2019-0997.NASL", "ORACLELINUX_ELSA-2019-1467.NASL", "ORACLELINUX_ELSA-2019-1587.NASL", "ORACLELINUX_ELSA-2020-3888.NASL", "ORACLELINUX_ELSA-2020-3911.NASL", "ORACLELINUX_ELSA-2020-4433.NASL", "ORACLEVM_OVMSA-2015-0098.NASL", "ORACLEVM_OVMSA-2016-0099.NASL", "ORACLEVM_OVMSA-2020-0036.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2015_LDAP.NASL", "ORACLE_JAVA_CPU_OCT_2011.NASL", "ORACLE_JAVA_CPU_OCT_2011_UNIX.NASL", "ORACLE_RDBMS_CPU_OCT_2013.NASL", "PHOTONOS_PHSA-2017-0051.NASL", "PHOTONOS_PHSA-2017-0051_PYTHON2.NASL", "PHOTONOS_PHSA-2017-0052.NASL", "PHOTONOS_PHSA-2018-1_0-0125.NASL", "PHOTONOS_PHSA-2018-1_0-0125_PYTHON2.NASL", "PHOTONOS_PHSA-2018-1_0-0126.NASL", "PHOTONOS_PHSA-2018-1_0-0126_PYTHON3.NASL", "PHOTONOS_PHSA-2018-1_0-0178.NASL", "PHOTONOS_PHSA-2018-1_0-0178_PYTHON2.NASL", "PHOTONOS_PHSA-2018-1_0-0178_PYTHON3.NASL", "PHOTONOS_PHSA-2018-2_0-0037.NASL", "PHOTONOS_PHSA-2018-2_0-0086.NASL", "PHOTONOS_PHSA-2018-2_0-0086_PYTHON2.NASL", "PHOTONOS_PHSA-2018-2_0-0086_STRONGSWAN.NASL", "PHOTONOS_PHSA-2019-1_0-0203_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0220_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0236_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0237_PYTHON3.NASL", "PHOTONOS_PHSA-2019-1_0-0240_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0240_PYTHON3.NASL", "PHOTONOS_PHSA-2019-1_0-0246_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0246_PYTHON3.NASL", "PHOTONOS_PHSA-2019-1_0-0251_PYTHON3.NASL", "PHOTONOS_PHSA-2019-1_0-0252_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0255_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0257_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0118_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0165_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0165_PYTHON3.NASL", "PHOTONOS_PHSA-2019-2_0-0171_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0171_PYTHON3.NASL", "PHOTONOS_PHSA-2019-2_0-0176_PYTHON3.NASL", "PHOTONOS_PHSA-2019-2_0-0177_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0182_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0182_PYTHON3.NASL", "PHOTONOS_PHSA-2019-2_0-0190_PYTHON2.NASL", "PHOTONOS_PHSA-2019-3_0-0009_PYTHON2.NASL", "PHOTONOS_PHSA-2019-3_0-0024_PYTHON2.NASL", "PHOTONOS_PHSA-2019-3_0-0030_PYTHON3.NASL", "PHOTONOS_PHSA-2019-3_0-0031_PYTHON2.NASL", "PHOTONOS_PHSA-2019-3_0-0035_PYTHON2.NASL", "PHP_5_4_0.NASL", "REDHAT-RHSA-2007-1076.NASL", "REDHAT-RHSA-2007-1077.NASL", "REDHAT-RHSA-2008-0264.NASL", "REDHAT-RHSA-2008-0525.NASL", "REDHAT-RHSA-2008-0629.NASL", "REDHAT-RHSA-2009-1176.NASL", "REDHAT-RHSA-2009-1177.NASL", "REDHAT-RHSA-2009-1178.NASL", "REDHAT-RHSA-2011-0491.NASL", "REDHAT-RHSA-2011-0492.NASL", "REDHAT-RHSA-2011-0554.NASL", "REDHAT-RHSA-2011-1380.NASL", "REDHAT-RHSA-2011-1384.NASL", "REDHAT-RHSA-2012-0006.NASL", "REDHAT-RHSA-2012-0034.NASL", "REDHAT-RHSA-2012-0508.NASL", "REDHAT-RHSA-2012-0744.NASL", "REDHAT-RHSA-2012-0745.NASL", "REDHAT-RHSA-2012-1088.NASL", "REDHAT-RHSA-2012-1089.NASL", "REDHAT-RHSA-2013-1455.NASL", "REDHAT-RHSA-2013-1527.NASL", "REDHAT-RHSA-2013-1582.NASL", "REDHAT-RHSA-2015-1330.NASL", "REDHAT-RHSA-2015-2101.NASL", "REDHAT-RHSA-2016-1626.NASL", "REDHAT-RHSA-2016-2586.NASL", "REDHAT-RHSA-2018-3041.NASL", "REDHAT-RHSA-2019-0710.NASL", "REDHAT-RHSA-2019-0981.NASL", "REDHAT-RHSA-2019-0997.NASL", "REDHAT-RHSA-2019-1467.NASL", "REDHAT-RHSA-2019-1587.NASL", "REDHAT-RHSA-2019-2030.NASL", "REDHAT-RHSA-2019-2437.NASL", "REDHAT-RHSA-2019-2980.NASL", "REDHAT-RHSA-2019-3170.NASL", "REDHAT-RHSA-2019-3335.NASL", "REDHAT-RHSA-2019-3520.NASL", "REDHAT-RHSA-2020-1131.NASL", "REDHAT-RHSA-2020-1132.NASL", "REDHAT-RHSA-2020-1268.NASL", "REDHAT-RHSA-2020-1346.NASL", "REDHAT-RHSA-2020-1462.NASL", "REDHAT-RHSA-2020-1605.NASL", "REDHAT-RHSA-2020-1764.NASL", "REDHAT-RHSA-2020-2520.NASL", "REDHAT-RHSA-2020-3888.NASL", "REDHAT-RHSA-2020-3911.NASL", "REDHAT-RHSA-2020-4433.NASL", "SLACKWARE_SSA_2008-217-01.NASL", "SLACKWARE_SSA_2016-363-01.NASL", "SLACKWARE_SSA_2018-124-01.NASL", "SLACKWARE_SSA_2019-062-01.NASL", "SLACKWARE_SSA_2019-293-01.NASL", "SL_20071210_PYTHON_ON_SL4_X.NASL", "SL_20090727_PYTHON_FOR_SL5_X.NASL", "SL_20090728_PYTHON_FOR_SL_3_0_X.NASL", "SL_20090728_PYTHON_FOR_SL_4_X.NASL", "SL_20110505_PYTHON_ON_SL4_X.NASL", "SL_20110519_PYTHON_ON_SL6_X.NASL", "SL_20111018_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20111019_JAVA_1_6_0_SUN_ON_SL5_X.NASL", "SL_20120618_PYTHON_ON_SL5_X.NASL", "SL_20120618_PYTHON_ON_SL6_X.NASL", "SL_20120717_FIREFOX_ON_SL5_X.NASL", "SL_20120717_THUNDERBIRD_ON_SL5_X.NASL", "SL_20131121_PYTHON_ON_SL6_X.NASL", "SL_20150722_PYTHON_ON_SL6_X.NASL", "SL_20151119_PYTHON_ON_SL7_X.NASL", "SL_20160818_PYTHON_ON_SL6_X.NASL", "SL_20161103_PYTHON_ON_SL7_X.NASL", "SL_20181030_PYTHON_ON_SL7_X.NASL", "SL_20190408_PYTHON_ON_SL7_X.NASL", "SL_20190613_PYTHON_ON_SL6_X.NASL", "SL_20190620_PYTHON_ON_SL7_X.NASL", "SL_20190806_PYTHON_ON_SL7_X.NASL", "SL_20200407_PYTHON3_ON_SL7_X.NASL", "SL_20200407_PYTHON_ON_SL7_X.NASL", "SL_20201001_PYTHON3_ON_SL7_X.NASL", "SL_20201001_PYTHON_ON_SL7_X.NASL", "SMB_KB2588513.NASL", "SMB_NT_MS12-006.NASL", "SOLARIS10_119213-27.NASL", "SOLARIS10_125358-15.NASL", "SOLARIS10_X86_119214-27.NASL", "SOLARIS10_X86_125359-15.NASL", "SOLARIS11_FETCHMAIL_20121016.NASL", "SOLARIS11_PYTHON_20130313.NASL", "SOLARIS11_PYTHON_20130410.NASL", "SOLARIS11_PYTHON_20141120.NASL", "SPLUNK_650.NASL", "SSL3_TLS1_IV_IMPL_INFO_DISCLOSURE.NASL", "SUSE9_12215.NASL", "SUSE_11_0_PYTHON-080801.NASL", "SUSE_11_2_LIBPYTHON2_6-1_0-110506.NASL", "SUSE_11_3_JAVA-1_6_0-OPENJDK-111025.NASL", "SUSE_11_3_JAVA-1_6_0-SUN-111024.NASL", "SUSE_11_3_LIBPYTHON2_6-1_0-110506.NASL", "SUSE_11_3_NSS-201112-111220.NASL", "SUSE_11_3_OPERA-110906.NASL", "SUSE_11_4_CURL-120124.NASL", "SUSE_11_4_JAVA-1_6_0-OPENJDK-111025.NASL", "SUSE_11_4_JAVA-1_6_0-SUN-111024.NASL", "SUSE_11_4_LIBPYTHON2_6-1_0-110506.NASL", "SUSE_11_4_NSS-201112-111220.NASL", "SUSE_11_4_OPERA-110906.NASL", "SUSE_11_APACHE2-MOD_PYTHON-120503.NASL", "SUSE_11_JAVA-1_4_2-IBM-120105.NASL", "SUSE_11_JAVA-1_6_0-IBM-120223.NASL", "SUSE_11_LIBPYTHON2_6-1_0-110506.NASL", "SUSE_11_PYTHON-201310-130927.NASL", "SUSE_11_PYTHON-2014-11-19-141119.NASL", "SUSE_11_PYTHON-201402-140224.NASL", "SUSE_11_PYTHON-201403-140331.NASL", "SUSE_11_PYTHON-201408-140728.NASL", "SUSE_11_PYTHON-RANDOMISATION-UPDATE-120516.NASL", "SUSE_11_PYTHON-RANDOMISATION-UPDATE-120517.NASL", "SUSE_APACHE2-MOD_PYTHON-8127.NASL", "SUSE_JAVA-1_4_2-IBM-7908.NASL", "SUSE_JAVA-1_6_0-IBM-7926.NASL", "SUSE_LIBCURL4-8618.NASL", "SUSE_MOZILLA-NSS-7842.NASL", "SUSE_PYTHON-3478.NASL", "SUSE_PYTHON-3749.NASL", "SUSE_PYTHON-3750.NASL", "SUSE_PYTHON-5490.NASL", "SUSE_PYTHON-5491.NASL", "SUSE_PYTHON-7506.NASL", "SUSE_PYTHON-7509.NASL", "SUSE_PYTHON-8080.NASL", "SUSE_SU-2014-1511-1.NASL", "SUSE_SU-2015-1344-1.NASL", "SUSE_SU-2016-2106-1.NASL", "SUSE_SU-2016-2270-1.NASL", "SUSE_SU-2016-2653-1.NASL", "SUSE_SU-2016-2859-1.NASL", "SUSE_SU-2018-0768-1.NASL", "SUSE_SU-2018-0934-1.NASL", "SUSE_SU-2018-1372-1.NASL", "SUSE_SU-2018-1786-1.NASL", "SUSE_SU-2018-2040-1.NASL", "SUSE_SU-2018-2408-1.NASL", "SUSE_SU-2018-2696-1.NASL", "SUSE_SU-2018-3002-1.NASL", "SUSE_SU-2018-3156-1.NASL", "SUSE_SU-2018-3554-1.NASL", "SUSE_SU-2018-3554-2.NASL", "SUSE_SU-2019-0215-1.NASL", "SUSE_SU-2019-0223-1.NASL", "SUSE_SU-2019-0243-1.NASL", "SUSE_SU-2019-0271-1.NASL", "SUSE_SU-2019-0482-1.NASL", "SUSE_SU-2019-0961-1.NASL", "SUSE_SU-2019-0971-1.NASL", "SUSE_SU-2019-0972-1.NASL", "SUSE_SU-2019-1352-1.NASL", "SUSE_SU-2019-1352-2.NASL", "SUSE_SU-2019-14018-1.NASL", "SUSE_SU-2019-14142-1.NASL", "SUSE_SU-2019-1439-1.NASL", "SUSE_SU-2019-2050-1.NASL", "SUSE_SU-2019-2053-1.NASL", "SUSE_SU-2019-2053-2.NASL", "SUSE_SU-2019-2064-1.NASL", "SUSE_SU-2019-2091-1.NASL", "SUSE_SU-2019-2114-1.NASL", "SUSE_SU-2019-2743-1.NASL", "SUSE_SU-2019-2748-1.NASL", "SUSE_SU-2019-2748-2.NASL", "SUSE_SU-2019-2798-1.NASL", "SUSE_SU-2019-2802-1.NASL", "SUSE_SU-2020-0114-1.NASL", "SUSE_SU-2020-0302-1.NASL", "SUSE_SU-2020-0497-1.NASL", "SUSE_SU-2020-2699-1.NASL", "SUSE_SU-2020-3563-1.NASL", "SUSE_SU-2020-3930-1.NASL", "SUSE_SU-2021-14198-1.NASL", "SUSE_SU-2022-4281-1.NASL", "UBUNTU_USN-1263-1.NASL", "UBUNTU_USN-1263-2.NASL", "UBUNTU_USN-1314-1.NASL", "UBUNTU_USN-1592-1.NASL", "UBUNTU_USN-1596-1.NASL", "UBUNTU_USN-1613-1.NASL", "UBUNTU_USN-1613-2.NASL", "UBUNTU_USN-1615-1.NASL", "UBUNTU_USN-1616-1.NASL", "UBUNTU_USN-1982-1.NASL", "UBUNTU_USN-1983-1.NASL", "UBUNTU_USN-1984-1.NASL", "UBUNTU_USN-1985-1.NASL", "UBUNTU_USN-2125-1.NASL", "UBUNTU_USN-2653-1.NASL", "UBUNTU_USN-3134-1.NASL", "UBUNTU_USN-3496-1.NASL", "UBUNTU_USN-3496-3.NASL", "UBUNTU_USN-3817-1.NASL", "UBUNTU_USN-4127-1.NASL", "UBUNTU_USN-4151-1.NASL", "UBUNTU_USN-585-1.NASL", "UBUNTU_USN-632-1.NASL", "UBUNTU_USN-806-1.NASL", "VIRTUOZZO_VZLSA-2019-1467.NASL", "VMWARE_ESXI_5_0_BUILD_608089_REMOTE.NASL", "VMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL", "VMWARE_ESXI_6_0_BUILD_5485776_REMOTE.NASL", "VMWARE_VMSA-2008-0003.NASL", "VMWARE_VMSA-2009-0016.NASL", "VMWARE_VMSA-2009-0016_REMOTE.NASL", "VMWARE_VMSA-2012-0001.NASL", "VMWARE_VMSA-2012-0001_REMOTE.NASL", "VMWARE_VMSA-2012-0003.NASL", "VMWARE_VMSA-2012-0005.NASL", "VMWARE_VMSA-2012-0005_REMOTE.NASL", "VMWARE_VMSA-2012-0016.NASL", "VMWARE_VMSA-2012-0016_REMOTE.NASL", "VMWARE_VMSA-2014-0012.NASL", "VMWARE_VMSA-2014-0012_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:102026", "OPENVAS:103448", "OPENVAS:103609", "OPENVAS:1361412562310102026", "OPENVAS:1361412562310103448", "OPENVAS:1361412562310103609", "OPENVAS:1361412562310105133", "OPENVAS:1361412562310105134", "OPENVAS:1361412562310105135", "OPENVAS:1361412562310106399", "OPENVAS:1361412562310106471", "OPENVAS:1361412562310106539", "OPENVAS:1361412562310106540", "OPENVAS:1361412562310113561", "OPENVAS:1361412562310113562", "OPENVAS:1361412562310113563", "OPENVAS:1361412562310120035", "OPENVAS:1361412562310120120", "OPENVAS:1361412562310120125", "OPENVAS:1361412562310120126", "OPENVAS:1361412562310120153", "OPENVAS:1361412562310120154", "OPENVAS:1361412562310120305", "OPENVAS:1361412562310120380", "OPENVAS:1361412562310120425", "OPENVAS:1361412562310120500", "OPENVAS:1361412562310120611", "OPENVAS:1361412562310120713", "OPENVAS:1361412562310120730", "OPENVAS:1361412562310121000", "OPENVAS:1361412562310121101", "OPENVAS:1361412562310121235", "OPENVAS:1361412562310121364", "OPENVAS:1361412562310122071", "OPENVAS:1361412562310122171", "OPENVAS:1361412562310122181", "OPENVAS:1361412562310122463", "OPENVAS:1361412562310122760", "OPENVAS:1361412562310122870", "OPENVAS:1361412562310123066", "OPENVAS:1361412562310123515", "OPENVAS:1361412562310123901", "OPENVAS:1361412562310123902", "OPENVAS:136141256231061467", "OPENVAS:136141256231063136", "OPENVAS:136141256231063373", "OPENVAS:136141256231064453", "OPENVAS:136141256231064454", "OPENVAS:136141256231064455", "OPENVAS:136141256231064493", "OPENVAS:136141256231064583", "OPENVAS:136141256231065027", "OPENVAS:136141256231065615", "OPENVAS:136141256231065883", "OPENVAS:1361412562310702880", "OPENVAS:1361412562310704306", "OPENVAS:1361412562310704307", "OPENVAS:136141256231070570", "OPENVAS:136141256231070571", "OPENVAS:136141256231070592", "OPENVAS:136141256231070687", "OPENVAS:136141256231070715", "OPENVAS:136141256231070791", "OPENVAS:136141256231071172", "OPENVAS:136141256231071186", "OPENVAS:136141256231071249", "OPENVAS:136141256231071832", "OPENVAS:1361412562310801797", "OPENVAS:1361412562310802332", "OPENVAS:1361412562310802333", "OPENVAS:1361412562310802336", "OPENVAS:1361412562310802392", "OPENVAS:1361412562310802794", "OPENVAS:1361412562310802830", "OPENVAS:1361412562310802968", "OPENVAS:1361412562310804322", "OPENVAS:1361412562310804851", "OPENVAS:1361412562310804939", "OPENVAS:1361412562310804940", "OPENVAS:1361412562310808437", "OPENVAS:1361412562310808441", "OPENVAS:1361412562310808452", "OPENVAS:1361412562310808453", "OPENVAS:1361412562310808481", "OPENVAS:1361412562310808489", "OPENVAS:1361412562310808528", "OPENVAS:1361412562310808544", "OPENVAS:1361412562310808553", "OPENVAS:1361412562310808567", "OPENVAS:1361412562310808570", "OPENVAS:1361412562310808715", "OPENVAS:1361412562310808717", "OPENVAS:1361412562310808801", "OPENVAS:1361412562310808852", "OPENVAS:1361412562310808856", "OPENVAS:1361412562310808883", "OPENVAS:1361412562310808903", "OPENVAS:1361412562310808966", "OPENVAS:1361412562310809106", "OPENVAS:1361412562310809109", "OPENVAS:1361412562310809126", "OPENVAS:1361412562310809175", "OPENVAS:1361412562310809216", "OPENVAS:1361412562310809217", "OPENVAS:1361412562310809218", "OPENVAS:1361412562310809219", "OPENVAS:1361412562310810728", "OPENVAS:1361412562310813546", "OPENVAS:1361412562310813547", "OPENVAS:1361412562310813919", "OPENVAS:1361412562310813920", "OPENVAS:1361412562310814304", "OPENVAS:1361412562310814307", "OPENVAS:1361412562310830058", "OPENVAS:1361412562310830590", "OPENVAS:1361412562310830740", "OPENVAS:1361412562310831110", "OPENVAS:1361412562310831224", "OPENVAS:1361412562310831403", "OPENVAS:1361412562310831493", "OPENVAS:1361412562310831573", "OPENVAS:1361412562310831685", "OPENVAS:1361412562310831686", "OPENVAS:1361412562310831731", "OPENVAS:1361412562310840805", "OPENVAS:1361412562310840852", "OPENVAS:1361412562310840872", "OPENVAS:1361412562310841173", "OPENVAS:1361412562310841178", "OPENVAS:1361412562310841194", "OPENVAS:1361412562310841195", "OPENVAS:1361412562310841197", "OPENVAS:1361412562310841199", "OPENVAS:1361412562310841571", "OPENVAS:1361412562310841573", "OPENVAS:1361412562310841576", "OPENVAS:1361412562310841589", "OPENVAS:1361412562310841733", "OPENVAS:1361412562310842261", "OPENVAS:1361412562310842957", "OPENVAS:1361412562310843674", "OPENVAS:1361412562310843677", "OPENVAS:1361412562310843817", "OPENVAS:1361412562310844168", "OPENVAS:1361412562310844197", "OPENVAS:1361412562310851754", "OPENVAS:1361412562310851827", "OPENVAS:1361412562310851890", "OPENVAS:1361412562310852005", "OPENVAS:1361412562310852114", "OPENVAS:1361412562310852277", "OPENVAS:1361412562310852293", "OPENVAS:1361412562310852330", "OPENVAS:1361412562310852452", "OPENVAS:1361412562310852457", "OPENVAS:1361412562310852490", "OPENVAS:1361412562310852563", "OPENVAS:1361412562310852650", "OPENVAS:1361412562310852677", "OPENVAS:1361412562310852752", "OPENVAS:1361412562310852761", "OPENVAS:1361412562310852807", "OPENVAS:1361412562310852905", "OPENVAS:1361412562310852941", "OPENVAS:1361412562310853008", "OPENVAS:1361412562310863588", "OPENVAS:1361412562310863593", "OPENVAS:1361412562310863690", "OPENVAS:1361412562310863691", "OPENVAS:1361412562310863692", "OPENVAS:1361412562310863693", "OPENVAS:1361412562310863694", "OPENVAS:1361412562310863695", "OPENVAS:1361412562310863696", "OPENVAS:1361412562310863697", "OPENVAS:1361412562310863698", "OPENVAS:1361412562310863699", "OPENVAS:1361412562310863748", "OPENVAS:1361412562310863798", "OPENVAS:1361412562310863804", "OPENVAS:1361412562310863904", "OPENVAS:1361412562310863916", "OPENVAS:1361412562310863955", "OPENVAS:1361412562310863960", "OPENVAS:1361412562310863977", "OPENVAS:1361412562310864037", "OPENVAS:1361412562310864068", "OPENVAS:1361412562310864070", "OPENVAS:1361412562310864088", "OPENVAS:1361412562310864199", "OPENVAS:1361412562310864218", "OPENVAS:1361412562310864223", "OPENVAS:1361412562310864317", "OPENVAS:1361412562310864384", "OPENVAS:1361412562310864392", "OPENVAS:1361412562310864457", "OPENVAS:1361412562310864471", "OPENVAS:1361412562310864472", "OPENVAS:1361412562310864477", "OPENVAS:1361412562310864684", "OPENVAS:1361412562310864710", "OPENVAS:1361412562310864791", "OPENVAS:1361412562310864793", "OPENVAS:1361412562310865053", "OPENVAS:1361412562310865325", "OPENVAS:1361412562310865329", "OPENVAS:1361412562310865336", "OPENVAS:1361412562310866844", "OPENVAS:1361412562310866855", "OPENVAS:1361412562310867086", "OPENVAS:1361412562310867090", "OPENVAS:1361412562310867505", "OPENVAS:1361412562310867510", "OPENVAS:1361412562310867978", "OPENVAS:1361412562310867987", "OPENVAS:1361412562310868354", "OPENVAS:1361412562310868430", "OPENVAS:1361412562310868456", "OPENVAS:1361412562310868463", "OPENVAS:1361412562310868464", "OPENVAS:1361412562310868477", "OPENVAS:1361412562310868482", "OPENVAS:1361412562310868512", "OPENVAS:1361412562310868568", "OPENVAS:1361412562310869241", "OPENVAS:1361412562310869288", "OPENVAS:1361412562310869578", "OPENVAS:1361412562310869593", "OPENVAS:1361412562310869697", "OPENVAS:1361412562310870180", "OPENVAS:1361412562310870189", "OPENVAS:1361412562310870428", "OPENVAS:1361412562310870430", "OPENVAS:1361412562310870501", "OPENVAS:1361412562310870597", "OPENVAS:1361412562310870756", "OPENVAS:1361412562310870757", "OPENVAS:1361412562310870790", "OPENVAS:1361412562310870792", "OPENVAS:1361412562310871077", "OPENVAS:1361412562310871404", "OPENVAS:1361412562310871501", "OPENVAS:1361412562310871653", "OPENVAS:1361412562310871711", "OPENVAS:1361412562310872046", "OPENVAS:1361412562310872078", "OPENVAS:1361412562310873858", "OPENVAS:1361412562310873923", "OPENVAS:1361412562310873927", "OPENVAS:1361412562310873932", "OPENVAS:1361412562310873936", "OPENVAS:1361412562310873939", "OPENVAS:1361412562310873943", "OPENVAS:1361412562310873970", "OPENVAS:1361412562310873972", "OPENVAS:1361412562310874347", "OPENVAS:1361412562310874351", "OPENVAS:1361412562310874352", "OPENVAS:1361412562310874353", "OPENVAS:1361412562310874354", "OPENVAS:1361412562310874355", "OPENVAS:1361412562310874954", "OPENVAS:1361412562310874957", "OPENVAS:1361412562310874961", "OPENVAS:1361412562310874969", "OPENVAS:1361412562310875112", "OPENVAS:1361412562310875122", "OPENVAS:1361412562310875211", "OPENVAS:1361412562310875214", "OPENVAS:1361412562310875225", "OPENVAS:1361412562310875226", "OPENVAS:1361412562310875227", "OPENVAS:1361412562310875228", "OPENVAS:1361412562310875261", "OPENVAS:1361412562310875263", "OPENVAS:1361412562310875264", "OPENVAS:1361412562310875296", "OPENVAS:1361412562310875432", "OPENVAS:1361412562310875444", "OPENVAS:1361412562310875537", "OPENVAS:1361412562310875540", "OPENVAS:1361412562310875545", "OPENVAS:1361412562310875641", "OPENVAS:1361412562310875650", "OPENVAS:1361412562310875727", "OPENVAS:1361412562310875821", "OPENVAS:1361412562310875841", "OPENVAS:1361412562310875887", "OPENVAS:1361412562310875931", "OPENVAS:1361412562310875966", "OPENVAS:1361412562310876039", "OPENVAS:1361412562310876043", "OPENVAS:1361412562310876063", "OPENVAS:1361412562310876229", "OPENVAS:1361412562310876371", "OPENVAS:1361412562310876424", "OPENVAS:1361412562310876569", "OPENVAS:1361412562310876576", "OPENVAS:1361412562310876616", "OPENVAS:1361412562310876619", "OPENVAS:1361412562310876633", "OPENVAS:1361412562310876635", "OPENVAS:1361412562310876787", "OPENVAS:1361412562310876789", "OPENVAS:1361412562310876817", "OPENVAS:1361412562310876820", "OPENVAS:1361412562310876955", "OPENVAS:1361412562310876969", "OPENVAS:1361412562310876971", "OPENVAS:1361412562310876973", "OPENVAS:1361412562310876974", "OPENVAS:1361412562310876975", "OPENVAS:1361412562310876976", "OPENVAS:1361412562310876978", "OPENVAS:1361412562310877114", "OPENVAS:1361412562310877123", "OPENVAS:1361412562310877216", "OPENVAS:1361412562310877256", "OPENVAS:1361412562310877282", "OPENVAS:1361412562310877303", "OPENVAS:1361412562310877343", "OPENVAS:1361412562310877346", "OPENVAS:1361412562310880314", "OPENVAS:1361412562310880319", "OPENVAS:1361412562310880338", "OPENVAS:1361412562310880500", "OPENVAS:1361412562310880556", "OPENVAS:1361412562310880715", "OPENVAS:1361412562310880881", "OPENVAS:1361412562310881023", "OPENVAS:1361412562310881085", "OPENVAS:1361412562310881128", "OPENVAS:1361412562310881160", "OPENVAS:1361412562310881168", "OPENVAS:1361412562310881187", "OPENVAS:1361412562310881201", "OPENVAS:1361412562310881282", "OPENVAS:1361412562310881427", "OPENVAS:1361412562310881447", "OPENVAS:1361412562310882544", "OPENVAS:1361412562310882545", "OPENVAS:1361412562310883035", "OPENVAS:1361412562310883068", "OPENVAS:1361412562310883071", "OPENVAS:1361412562310890871", "OPENVAS:1361412562310891519", "OPENVAS:1361412562310891520", "OPENVAS:1361412562310891663", "OPENVAS:1361412562310891834", "OPENVAS:1361412562310891835", "OPENVAS:1361412562310891852", "OPENVAS:1361412562310891889", "OPENVAS:1361412562310891906", "OPENVAS:1361412562310891924", "OPENVAS:1361412562310891925", "OPENVAS:1361412562310892280", "OPENVAS:1361412562310900105", "OPENVAS:1361412562310900106", "OPENVAS:1361412562310902630", "OPENVAS:1361412562310902900", "OPENVAS:1361412562311220161036", "OPENVAS:1361412562311220171003", "OPENVAS:1361412562311220171334", "OPENVAS:1361412562311220171335", "OPENVAS:1361412562311220181078", "OPENVAS:1361412562311220191055", "OPENVAS:1361412562311220191072", "OPENVAS:1361412562311220191124", "OPENVAS:1361412562311220191149", "OPENVAS:1361412562311220191246", "OPENVAS:1361412562311220191248", "OPENVAS:1361412562311220191277", "OPENVAS:1361412562311220191336", "OPENVAS:1361412562311220191337", "OPENVAS:1361412562311220191338", "OPENVAS:1361412562311220191357", "OPENVAS:1361412562311220191359", "OPENVAS:1361412562311220191403", "OPENVAS:1361412562311220191434", "OPENVAS:1361412562311220191594", "OPENVAS:1361412562311220191626", "OPENVAS:1361412562311220191658", "OPENVAS:1361412562311220191771", "OPENVAS:1361412562311220191778", "OPENVAS:1361412562311220191797", "OPENVAS:1361412562311220191866", "OPENVAS:1361412562311220191934", "OPENVAS:1361412562311220192019", "OPENVAS:1361412562311220192091", "OPENVAS:1361412562311220192114", "OPENVAS:1361412562311220192115", "OPENVAS:1361412562311220192225", "OPENVAS:1361412562311220192259", "OPENVAS:1361412562311220192442", "OPENVAS:1361412562311220192653", "OPENVAS:1361412562311220201044", "OPENVAS:1361412562311220201048", "OPENVAS:1361412562311220201126", "OPENVAS:1361412562311220201212", "OPENVAS:1361412562311220201275", "OPENVAS:1361412562311220201295", "OPENVAS:1361412562311220201344", "OPENVAS:1361412562311220201427", "OPENVAS:1361412562311220201472", "OPENVAS:1361412562311220201516", "OPENVAS:1361412562311220201532", "OPENVAS:1361412562311220201574", "OPENVAS:1361412562311220201646", "OPENVAS:1361412562311220201689", "OPENVAS:60798", "OPENVAS:60890", "OPENVAS:61216", "OPENVAS:61372", "OPENVAS:61391", "OPENVAS:61467", "OPENVAS:61617", "OPENVAS:61905", "OPENVAS:63136", "OPENVAS:63373", "OPENVAS:64453", "OPENVAS:64454", "OPENVAS:64455", "OPENVAS:64493", "OPENVAS:64583", "OPENVAS:65027", "OPENVAS:65615", "OPENVAS:65883", "OPENVAS:702880", "OPENVAS:70570", "OPENVAS:70571", "OPENVAS:70592", "OPENVAS:70687", "OPENVAS:70715", "OPENVAS:70791", "OPENVAS:71172", "OPENVAS:71186", "OPENVAS:71249", "OPENVAS:71832", "OPENVAS:801797", "OPENVAS:802332", "OPENVAS:802333", "OPENVAS:802336", "OPENVAS:802392", "OPENVAS:802794", "OPENVAS:802830", "OPENVAS:802968", "OPENVAS:830058", "OPENVAS:830590", "OPENVAS:830740", "OPENVAS:831110", "OPENVAS:831224", "OPENVAS:831403", "OPENVAS:831493", "OPENVAS:831573", "OPENVAS:831685", "OPENVAS:831686", "OPENVAS:831731", "OPENVAS:840265", "OPENVAS:840343", "OPENVAS:840805", "OPENVAS:840852", "OPENVAS:840872", "OPENVAS:841173", "OPENVAS:841178", "OPENVAS:841194", "OPENVAS:841195", "OPENVAS:841197", "OPENVAS:841199", "OPENVAS:841571", "OPENVAS:841573", "OPENVAS:841576", "OPENVAS:841589", "OPENVAS:841733", "OPENVAS:863588", "OPENVAS:863593", "OPENVAS:863690", "OPENVAS:863691", "OPENVAS:863692", "OPENVAS:863693", "OPENVAS:863694", "OPENVAS:863695", "OPENVAS:863696", "OPENVAS:863697", "OPENVAS:863698", "OPENVAS:863699", "OPENVAS:863748", "OPENVAS:863798", "OPENVAS:863804", "OPENVAS:863904", "OPENVAS:863916", "OPENVAS:863955", "OPENVAS:863960", "OPENVAS:863977", "OPENVAS:864037", "OPENVAS:864068", "OPENVAS:864070", "OPENVAS:864088", "OPENVAS:864199", "OPENVAS:864218", "OPENVAS:864223", "OPENVAS:864317", "OPENVAS:864384", "OPENVAS:864392", "OPENVAS:864457", "OPENVAS:864471", "OPENVAS:864472", "OPENVAS:864477", "OPENVAS:864684", "OPENVAS:864710", "OPENVAS:864791", "OPENVAS:864793", "OPENVAS:865053", "OPENVAS:865325", "OPENVAS:865329", "OPENVAS:865336", "OPENVAS:866844", "OPENVAS:866855", "OPENVAS:867086", "OPENVAS:867090", "OPENVAS:867505", "OPENVAS:867510", "OPENVAS:870180", "OPENVAS:870189", "OPENVAS:870428", "OPENVAS:870430", "OPENVAS:870501", "OPENVAS:870597", "OPENVAS:870756", "OPENVAS:870757", "OPENVAS:870790", "OPENVAS:870792", "OPENVAS:871077", "OPENVAS:880314", "OPENVAS:880319", "OPENVAS:880338", "OPENVAS:880500", "OPENVAS:880556", "OPENVAS:880715", "OPENVAS:880881", "OPENVAS:881023", "OPENVAS:881085", "OPENVAS:881128", "OPENVAS:881160", "OPENVAS:881168", "OPENVAS:881187", "OPENVAS:881201", "OPENVAS:881282", "OPENVAS:881427", "OPENVAS:881447", "OPENVAS:900105", "OPENVAS:900106", "OPENVAS:902630", "OPENVAS:902900"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUJAN2015", "ORACLE:CPUJAN2020", "ORACLE:CPUJUL2015", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2013-1899837"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1076", "ELSA-2009-1176", "ELSA-2009-1177", "ELSA-2009-1178", "ELSA-2011-0027", "ELSA-2011-0491", "ELSA-2011-0492", "ELSA-2011-0554", "ELSA-2011-1380", "ELSA-2012-0744", "ELSA-2012-0745", "ELSA-2013-1582", "ELSA-2015-1064", "ELSA-2015-1330", "ELSA-2015-2101", "ELSA-2016-1626", "ELSA-2016-2586", "ELSA-2017-1868", "ELSA-2018-3041", "ELSA-2019-0710", "ELSA-2019-0981", "ELSA-2019-0997", "ELSA-2019-1467", "ELSA-2019-1587", "ELSA-2019-2030", "ELSA-2019-3335", "ELSA-2019-3520", "ELSA-2019-4876", "ELSA-2019-4877", "ELSA-2019-4884", "ELSA-2020-1131", "ELSA-2020-1132", "ELSA-2020-1605", "ELSA-2020-1764", "ELSA-2020-3888", "ELSA-2020-3911", "ELSA-2020-4433"]}, {"type": "osv", "idList": ["OSV:DLA-1189-1", "OSV:DLA-1190-1", "OSV:DLA-1519-1", "OSV:DLA-1520-1", "OSV:DLA-154-1", "OSV:DLA-1663-1", "OSV:DLA-1834-1", "OSV:DLA-1835-1", "OSV:DLA-1835-2", "OSV:DLA-1852-1", "OSV:DLA-1889-1", "OSV:DLA-1906-1", "OSV:DLA-1924-1", "OSV:DLA-1925-1", "OSV:DLA-2280-1", "OSV:DLA-2337-1", "OSV:DLA-25-1", "OSV:DLA-25-2", "OSV:DLA-25-3", "OSV:DLA-2628-1", "OSV:DLA-400-1", "OSV:DLA-522-1", "OSV:DLA-871-1", "OSV:DSA-1551-1", "OSV:DSA-1620-1", "OSV:DSA-1667-1", "OSV:DSA-1977-1", "OSV:DSA-2356-1", "OSV:DSA-2358-1", "OSV:DSA-2368-1", "OSV:DSA-2398-1", "OSV:DSA-2880-1", "OSV:DSA-4306-1", "OSV:DSA-4307-1", "OSV:GHSA-3JQW-CRQJ-W8QW", "OSV:PYSEC-2011-2"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127241", "PACKETSTORM:137651"]}, {"type": "photon", "idList": ["PHSA-2017-0005", "PHSA-2017-0091", "PHSA-2018-0037", "PHSA-2018-0086", "PHSA-2018-0125", "PHSA-2018-0126", "PHSA-2018-0178", "PHSA-2018-1.0-0125", "PHSA-2018-1.0-0126", "PHSA-2018-1.0-0178", "PHSA-2018-2.0-0037", "PHSA-2018-2.0-0086", "PHSA-2019-0006", "PHSA-2019-0009", "PHSA-2019-0016", "PHSA-2019-0021", "PHSA-2019-0024", "PHSA-2019-0030", "PHSA-2019-0031", "PHSA-2019-0035", "PHSA-2019-0036", "PHSA-2019-0118", "PHSA-2019-0120", "PHSA-2019-0140", "PHSA-2019-0141", "PHSA-2019-0161", "PHSA-2019-0165", "PHSA-2019-0171", "PHSA-2019-0176", "PHSA-2019-0177", "PHSA-2019-0182", "PHSA-2019-0190", "PHSA-2019-0203", "PHSA-2019-0205", "PHSA-2019-0216", "PHSA-2019-0220", "PHSA-2019-0236", "PHSA-2019-0237", "PHSA-2019-0240", "PHSA-2019-0246", "PHSA-2019-0251", "PHSA-2019-0252", "PHSA-2019-0255", "PHSA-2019-0257", "PHSA-2019-1.0-0203", "PHSA-2019-1.0-0216", "PHSA-2019-1.0-0220", "PHSA-2019-1.0-0236", "PHSA-2019-1.0-0237", "PHSA-2019-1.0-0240", "PHSA-2019-1.0-0246", "PHSA-2019-1.0-0251", "PHSA-2019-1.0-0252", "PHSA-2019-1.0-0255", "PHSA-2019-1.0-0257", "PHSA-2019-2.0-0118", "PHSA-2019-2.0-0120", "PHSA-2019-2.0-0140", "PHSA-2019-2.0-0141", "PHSA-2019-2.0-0146", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0165", "PHSA-2019-2.0-0171", "PHSA-2019-2.0-0176", "PHSA-2019-2.0-0177", "PHSA-2019-2.0-0182", "PHSA-2019-2.0-0190", "PHSA-2019-3.0-0005", "PHSA-2019-3.0-0009", "PHSA-2019-3.0-0016", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0024", "PHSA-2019-3.0-0030", "PHSA-2019-3.0-0031", "PHSA-2019-3.0-0035", "PHSA-2019-3.0-0036", "PHSA-2022-0492"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2007:1076", "RHSA-2007:1077", "RHSA-2008:0264", "RHSA-2008:0525", "RHSA-2008:0629", "RHSA-2009:1176", "RHSA-2009:1177", "RHSA-2009:1178", "RHSA-2011:0491", "RHSA-2011:0492", "RHSA-2011:0554", "RHSA-2011:1380", "RHSA-2011:1384", "RHSA-2012:0006", "RHSA-2012:0034", "RHSA-2012:0343", "RHSA-2012:0508", "RHSA-2012:0744", "RHSA-2012:0745", "RHSA-2012:1088", "RHSA-2012:1089", "RHSA-2013:1455", "RHSA-2013:1527", "RHSA-2013:1582", "RHSA-2015:1064", "RHSA-2015:1330", "RHSA-2015:2101", "RHSA-2016:1626", "RHSA-2016:1627", "RHSA-2016:1628", "RHSA-2016:1629", "RHSA-2016:1630", "RHSA-2016:2586", "RHSA-2018:3041", "RHSA-2018:3505", "RHSA-2019:0710", "RHSA-2019:0765", "RHSA-2019:0806", "RHSA-2019:0902", "RHSA-2019:0981", "RHSA-2019:0997", "RHSA-2019:1260", "RHSA-2019:1467", "RHSA-2019:1587", "RHSA-2019:1700", "RHSA-2019:2030", "RHSA-2019:2437", "RHSA-2019:2980", "RHSA-2019:3170", "RHSA-2019:3335", "RHSA-2019:3520", "RHSA-2019:3725", "RHSA-2019:3948", "RHSA-2020:1131", "RHSA-2020:1132", "RHSA-2020:1268", "RHSA-2020:1346", "RHSA-2020:1462", "RHSA-2020:1605", "RHSA-2020:1764", "RHSA-2020:2520", "RHSA-2020:3194", "RHSA-2020:3888", "RHSA-2020:3911", "RHSA-2020:4254", "RHSA-2020:4255", "RHSA-2020:4264", "RHSA-2020:4285", "RHSA-2020:4298", "RHSA-2020:4433", "RHSA-2020:5149", "RHSA-2020:5364", "RHSA-2020:5605", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0050", "RHSA-2021:0190", "RHSA-2021:0436", "RHSA-2021:0799", "RHSA-2021:2021"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-0772", "RH:CVE-2016-1000110", "RH:CVE-2017-1000158", "RH:CVE-2018-1000030", "RH:CVE-2018-1000802", "RH:CVE-2018-1060", "RH:CVE-2018-1061", "RH:CVE-2018-14647", "RH:CVE-2018-20852", "RH:CVE-2019-10160", "RH:CVE-2019-16056", "RH:CVE-2019-16935", "RH:CVE-2019-5010", "RH:CVE-2019-9636", "RH:CVE-2019-9947", "RH:CVE-2019-9948", "RH:CVE-2020-11078"]}, {"type": "rocky", "idList": ["RLSA-2020:1605"]}, {"type": "rubygems", "idList": ["RUBY:RUBY-2011-3389-74829"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20272", "SECURITYVULNS:DOC:24260", "SECURITYVULNS:DOC:26401", "SECURITYVULNS:DOC:27151", "SECURITYVULNS:DOC:27154", "SECURITYVULNS:DOC:27155", "SECURITYVULNS:DOC:27283", "SECURITYVULNS:DOC:27485", "SECURITYVULNS:DOC:27600", "SECURITYVULNS:DOC:28232", "SECURITYVULNS:DOC:28577", "SECURITYVULNS:DOC:28706", "SECURITYVULNS:DOC:28707", "SECURITYVULNS:DOC:29602", "SECURITYVULNS:DOC:29623", "SECURITYVULNS:DOC:29856", "SECURITYVULNS:DOC:30335", "SECURITYVULNS:DOC:30347", "SECURITYVULNS:DOC:30412", "SECURITYVULNS:DOC:30448", "SECURITYVULNS:DOC:30449", "SECURITYVULNS:DOC:30611", "SECURITYVULNS:DOC:31253", "SECURITYVULNS:DOC:31316", "SECURITYVULNS:DOC:31491", "SECURITYVULNS:DOC:31682", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:VULN:11688", "SECURITYVULNS:VULN:11971", "SECURITYVULNS:VULN:11972", "SECURITYVULNS:VULN:11973", "SECURITYVULNS:VULN:11988", "SECURITYVULNS:VULN:12116", "SECURITYVULNS:VULN:12137", "SECURITYVULNS:VULN:12164", "SECURITYVULNS:VULN:12454", "SECURITYVULNS:VULN:12518", "SECURITYVULNS:VULN:12679", "SECURITYVULNS:VULN:13186", "SECURITYVULNS:VULN:13198", "SECURITYVULNS:VULN:13303", "SECURITYVULNS:VULN:13310", "SECURITYVULNS:VULN:13423", "SECURITYVULNS:VULN:13583", "SECURITYVULNS:VULN:13594", "SECURITYVULNS:VULN:13647", "SECURITYVULNS:VULN:13663", "SECURITYVULNS:VULN:13730", "SECURITYVULNS:VULN:13867", "SECURITYVULNS:VULN:14061", "SECURITYVULNS:VULN:14233", "SECURITYVULNS:VULN:14630", "SECURITYVULNS:VULN:7604", "SECURITYVULNS:VULN:8889", "SECURITYVULNS:VULN:9190"]}, {"type": "seebug", "idList": ["SSV:20957", "SSV:30124", "SSV:3195", "SSV:3787", "SSV:3800", "SSV:60008", "SSV:60220", "SSV:60296", "SSV:60424", "SSV:61235", "SSV:61560", "SSV:85189"]}, {"type": "slackware", "idList": ["SSA-2008-217-01", "SSA-2016-363-01", "SSA-2018-124-01", "SSA-2019-062-01", "SSA-2019-293-01"]}, {"type": "sonarsource", "idList": ["SONARSOURCE:975650E98377379A199A2570C63A856D"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1415-1", "OPENSUSE-SU-2018:2126-1", "OPENSUSE-SU-2018:2712-1", "OPENSUSE-SU-2018:3052-1", "OPENSUSE-SU-2018:3703-1", "OPENSUSE-SU-2019:0155-1", "OPENSUSE-SU-2019:0184-1", "OPENSUSE-SU-2019:0292-1", "OPENSUSE-SU-2019:1273-1", "OPENSUSE-SU-2019:1282-1", "OPENSUSE-SU-2019:1371-1", "OPENSUSE-SU-2019:1580-1", "OPENSUSE-SU-2019:1906-1", "OPENSUSE-SU-2019:1988-1", "OPENSUSE-SU-2019:1989-1", "OPENSUSE-SU-2019:2389-1", "OPENSUSE-SU-2019:2393-1", "OPENSUSE-SU-2019:2438-1", "OPENSUSE-SU-2019:2453-1", "OPENSUSE-SU-2020:0086-1", "OPENSUSE-SU-2020:2332-1", "OPENSUSE-SU-2020:2333-1", "SUSE-SU-2011:1256-2", "SUSE-SU-2012:0114-1", "SUSE-SU-2012:0114-2", "SUSE-SU-2012:0122-1", "SUSE-SU-2012:0122-2", "SUSE-SU-2012:0602-1"]}, {"type": "symantec", "idList": ["SMNTC-107400", "SMNTC-110026", "SMNTC-110222"]}, {"type": "talos", "idList": ["TALOS-2019-0758"]}, {"type": "talosblog", "idList": ["TALOSBLOG:769D76B3F852B1909E158D5428E1DEF9"]}, {"type": "threatpost", "idList": ["THREATPOST:0B3F568CF532B4D11A2D561F09E1490F", "THREATPOST:163A6E502D29C451AA1A20E62CA10C1C", "THREATPOST:29907254311441DFE8331A9706EE7EFA"]}, {"type": "ubuntu", "idList": ["USN-1263-1", "USN-1263-2", "USN-1314-1", "USN-1592-1", "USN-1596-1", "USN-1613-1", "USN-1613-2", "USN-1615-1", "USN-1616-1", "USN-1982-1", "USN-1983-1", "USN-1984-1", "USN-1985-1", "USN-2125-1", "USN-2653-1", "USN-3134-1", "USN-3496-1", "USN-3496-2", "USN-3496-3", "USN-3817-1", "USN-3817-2", "USN-4127-1", "USN-4127-2", "USN-4151-1", "USN-4151-2", "USN-585-1", "USN-632-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-2052", "UB:CVE-2008-1721", "UB:CVE-2008-2315", "UB:CVE-2008-2316", "UB:CVE-2008-3142", "UB:CVE-2008-3143", "UB:CVE-2008-3144", "UB:CVE-2008-5031", "UB:CVE-2010-1449", "UB:CVE-2010-1634", "UB:CVE-2011-1521", "UB:CVE-2011-3389", "UB:CVE-2011-4137", "UB:CVE-2011-4944", "UB:CVE-2012-0845", "UB:CVE-2012-1150", "UB:CVE-2013-1753", "UB:CVE-2013-4238", "UB:CVE-2013-7040", "UB:CVE-2014-1912", "UB:CVE-2014-4650", "UB:CVE-2014-7185", "UB:CVE-2016-0772", "UB:CVE-2016-1000110", "UB:CVE-2016-5636", "UB:CVE-2016-5699", "UB:CVE-2017-1000158", "UB:CVE-2017-18207", "UB:CVE-2018-1000030", "UB:CVE-2018-1000802", "UB:CVE-2018-1060", "UB:CVE-2018-1061", "UB:CVE-2018-14647", "UB:CVE-2018-20852", "UB:CVE-2019-10160", "UB:CVE-2019-11236", "UB:CVE-2019-16056", "UB:CVE-2019-16935", "UB:CVE-2019-18348", "UB:CVE-2019-5010", "UB:CVE-2019-9636", "UB:CVE-2019-9947", "UB:CVE-2019-9948"]}, {"type": "veracode", "idList": ["VERACODE:21036", "VERACODE:21918", "VERACODE:23738", "VERACODE:23740", "VERACODE:23742", "VERACODE:23743", "VERACODE:23744", "VERACODE:23745", "VERACODE:24489", "VERACODE:25268", "VERACODE:25287", "VERACODE:25292", "VERACODE:26176", "VERACODE:26996"]}, {"type": "vmware", "idList": ["VMSA-2008-0003", "VMSA-2008-0003.1", "VMSA-2009-0016", "VMSA-2009-0016.6", "VMSA-2012-0001", "VMSA-2012-0001.2", "VMSA-2012-0016", "VMSA-2014-0012", "VMSA-2014-0012.1"]}, {"type": "zdt", "idList": ["1337DAY-ID-21938", "1337DAY-ID-29438"]}]}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2019:3335", "ALSA-2020:1605", "ALSA-2020:4433"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2019-5010"]}, {"type": "amazon", "idList": ["ALAS-2014-293", "ALAS-2016-741", "ALAS-2018-1003", "ALAS-2018-943", "ALAS-2018-945", "ALAS-2019-1169"]}, {"type": "archlinux", "idList": ["ASA-201906-17", "ASA-201911-4"]}, {"type": "centos", "idList": ["CESA-2018:3041"]}, {"type": "cert", "idList": ["VU:797896"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2019-1561"]}, {"type": "checkpoint_security", "idList": ["CPS:SK86440"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:00A5222591F42E54CF0AA3142F2C10BC", "CFOUNDRY:96AA06BA747CBCB841534EC96B876550"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1616001357"]}, {"type": "cve", "idList": ["CVE-2007-2052", "CVE-2016-0772", "CVE-2019-9636", "CVE-2019-9947", "CVE-2019-9948"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1189-1:6BC2A", "DEBIAN:DLA-1190-1:84E6F", "DEBIAN:DLA-1519-1:1A158", "DEBIAN:DLA-1520-1:70B85", "DEBIAN:DSA-1551-1:41B8A", "DEBIAN:DSA-1620-1:7CA52", "DEBIAN:DSA-4306-1:95510", "DEBIAN:DSA-4307-1:C7B50"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2011-3389"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8E7AE717DB9D8AE0105415BFDE08CC6D"]}, {"type": "f5", "idList": ["F5:K01955184", "F5:K28622040", "F5:K37332121", "F5:K78825687", "SOL13400", "SOL15638"]}, {"type": "fedora", "idList": ["FEDORA:094916547A7E", "FEDORA:0FD96602C182", "FEDORA:109F760E86F6", "FEDORA:132956044E67", "FEDORA:1ED6B601DA54", "FEDORA:27E2C635B8E4", "FEDORA:2B464605DA54", "FEDORA:39BC8648F027", "FEDORA:3B9866076974", "FEDORA:3C93C6049718", "FEDORA:3CB7960A4420", "FEDORA:3EBBA608B7E0", "FEDORA:3F23C623C260", "FEDORA:41B6B6005555", "FEDORA:45707604CD90", "FEDORA:4867220AB1", "FEDORA:4FA016419F1F", "FEDORA:5015E613FFC0", "FEDORA:543086075EF0", "FEDORA:586F0625A750", "FEDORA:5A55A6051CF5", "FEDORA:5A77C60200D2", "FEDORA:5B059609AE6F", "FEDORA:5C1B660A291E", "FEDORA:607306060C60", "FEDORA:66C72604D404", "FEDORA:74DE463D8BDD", "FEDORA:7617922E25", "FEDORA:7A86F6087662", "FEDORA:849DD6547A63", "FEDORA:853AD608EC23", "FEDORA:86A6A60BF244", "FEDORA:9301E6076020", "FEDORA:980D160648E9", "FEDORA:996DF604E834", "FEDORA:9B4EA605CC38", "FEDORA:9C4D36076D01", "FEDORA:A120E60BDFFD", "FEDORA:A47F0601CAC6", "FEDORA:AE27360D4BD6", "FEDORA:B1957605F08E", "FEDORA:B61A36076D27", "FEDORA:B94AE607798F", "FEDORA:C57FE60A2910", "FEDORA:C730C64C5090", "FEDORA:CF8B162C3B99", "FEDORA:D187060603E3", "FEDORA:D37956047C92", "FEDORA:D432B602F037", "FEDORA:DD0FD6512E62", "FEDORA:DD3CA6513109", "FEDORA:DFCF964B861F", "FEDORA:E452E6021791", "FEDORA:E608564C614C", "FEDORA:E627160A4090", "FEDORA:EBA6466B31FD", "FEDORA:EC9E0604D409"]}, {"type": "freebsd", "idList": ["0DCCAA28-7F3C-11DD-8DE5-0030843D3802", "18CE9A90-F269-11E1-BE53-080027EF73EC", "1D0F6852-33D8-11E6-A671-60A44CE6887B", "8D5368EF-40FE-11E6-B2EC-B499BAEBFEAF", "A4A809D8-25C8-11E1-B531-00215C6A37BB", "A61374FC-3A4D-11E6-A671-60A44CE6887B", "B4F8BE9E-56B2-11E1-9FB7-003067B2972C", "D74371D2-4FEE-11E9-A5CD-1DF8A848DE3D", "EC41C3E2-129C-11DD-BAB7-0016179B2DD5"]}, {"type": "gentoo", "idList": ["GLSA-201805-02"]}, {"type": "githubexploit", "idList": ["0C076F95-ABB2-53E1-9E25-F7D1A5A9B3A1"]}, {"type": "hackerone", "idList": ["H1:412673", "H1:705420"]}, {"type": "ibm", "idList": ["15DA8B02C0EE18C494CE300BE00470079DE5884E7FABD33120881C0071985E51", "22C6665D00A9702426CEE593F4765FD3CD4EE170F8AA7F50D0505C6B2799BC21", "2D313E61C8DDD54F55567321F7E7638E346F11C56DF4960FF32482A9F20F2D09", "303CC17CDB88F2B5C4A7C91575329C973AC7ABB20BE29027BAC6426E80C194F7", "37F93777210D3E697FEE1FFB9F1F24D00587BEB90F69BC2D11101BE949FE12E9", "42199350A15ECD574A4263D0A6005F41F9E7F2D6CBDAFC538A9528C9803327A0", "6A039724B7EB96AC81BB63AD7246EC39438370B1FB040E4251AB7E7DCC2A7AF5", "81D5F6F41E5617EDA7FF694BBE43496FC48B7577BB4C9C238127ECCCB1D40118", "8DB1711F2A07EF0B48131799885ECE9CBB204C2E6C78D90D356163065F5A3EC1", "B5D3CBC8303AFE13664597A8E9C5222B5FD7EA238E25D4C36FF86C202367E2A7", "C9488F06558746146D0C18DBB0BEB871DAFDC70B677B49F63F50BEA425EB86AF", "E0843A66F8C9DD3021DCEAEAFFE1FDB9DC8A74785B6380C1EE79C5C495C08EEE"]}, {"type": "ics", "idList": ["ICSA-19-192-04"]}, {"type": "kaspersky", "idList": ["KLA11144"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2018-20852/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-20852/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2019-16056/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2018-20852/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2018-20852/", "MSF:ILITIES/ORACLE-SOLARIS-CVE-2018-20852/", "MSF:ILITIES/REDHAT_LINUX-CVE-2018-20852/", "MSF:ILITIES/UBUNTU-CVE-2018-20852/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201993420"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1169.NASL", "AL2_ALAS-2019-1204.NASL", "AL2_ALAS-2019-1230.NASL", "AL2_ALAS-2019-1247.NASL", "AL2_ALAS-2019-1258.NASL", "AL2_ALAS-2019-1259.NASL", "AL2_ALAS-2019-1291.NASL", "ALA_ALAS-2018-1003.NASL", "ALA_ALAS-2019-1169.NASL", "ALA_ALAS-2019-1202.NASL", "ALA_ALAS-2019-1204.NASL", "ALA_ALAS-2019-1230.NASL", "ALA_ALAS-2019-1242.NASL", "ALA_ALAS-2019-1243.NASL", "ALA_ALAS-2019-1258.NASL", "ALA_ALAS-2019-1259.NASL", "CENTOS_RHSA-2019-0710.NASL", "CENTOS_RHSA-2019-1467.NASL", "CENTOS_RHSA-2019-1587.NASL", "CENTOS_RHSA-2019-2030.NASL", "DEBIAN_DLA-1189.NASL", "DEBIAN_DLA-1190.NASL", "DEBIAN_DLA-1519.NASL", "DEBIAN_DLA-1520.NASL", "DEBIAN_DLA-1834.NASL", "DEBIAN_DLA-1835.NASL", "DEBIAN_DLA-1852.NASL", "DEBIAN_DLA-1889.NASL", "DEBIAN_DLA-1906.NASL", "DEBIAN_DLA-1924.NASL", "DEBIAN_DLA-1925.NASL", "DEBIAN_DLA-522.NASL", "DEBIAN_DSA-2358.NASL", "DEBIAN_DSA-4306.NASL", "DEBIAN_DSA-4307.NASL", "EULEROS_SA-2017-1334.NASL", "EULEROS_SA-2017-1335.NASL", "EULEROS_SA-2018-1078.NASL", "EULEROS_SA-2019-1055.NASL", "EULEROS_SA-2019-1072.NASL", "EULEROS_SA-2019-1124.NASL", "EULEROS_SA-2019-1149.NASL", "EULEROS_SA-2019-1246.NASL", "EULEROS_SA-2019-1248.NASL", "EULEROS_SA-2019-1277.NASL", "EULEROS_SA-2019-1336.NASL", "EULEROS_SA-2019-1337.NASL", "EULEROS_SA-2019-1338.NASL", "EULEROS_SA-2019-1357.NASL", "EULEROS_SA-2019-1359.NASL", "EULEROS_SA-2019-1594.NASL", "EULEROS_SA-2019-1626.NASL", "EULEROS_SA-2019-1658.NASL", "EULEROS_SA-2019-1771.NASL", "EULEROS_SA-2019-1778.NASL", "EULEROS_SA-2019-1797.NASL", "EULEROS_SA-2019-1866.NASL", "EULEROS_SA-2019-1934.NASL", "EULEROS_SA-2019-2019.NASL", "EULEROS_SA-2019-2091.NASL", "F5_BIGIP_SOL28622040.NASL", "FEDORA_2014-14266.NASL", "FEDORA_2016-105B80D1BE.NASL", "FEDORA_2016-13BE2EE499.NASL", "FEDORA_2016-22EAB18150.NASL", "FEDORA_2016-2869023091.NASL", "FEDORA_2016-308F78B2F4.NASL", "FEDORA_2016-32E5A8C3A8.NASL", "FEDORA_2016-34CA5273E9.NASL", "FEDORA_2016-5C52DCFE47.NASL", "FEDORA_2016-6C2B74BB96.NASL", "FEDORA_2016-9932F852C7.NASL", "FEDORA_2016-A0853405EB.NASL", "FEDORA_2016-AAE6BB9433.NASL", "FEDORA_2016-B046B56518.NASL", "FEDORA_2016-D3A529AAD6.NASL", "FEDORA_2016-D5917E939E.NASL", "FEDORA_2016-E37F15A5F4.NASL", "FEDORA_2016-E63A732C9D.NASL", "FEDORA_2016-EF784CF9F7.NASL", "FEDORA_2016-EFF21665E7.NASL", "FEDORA_2017-2D441A1D98.NASL", "FEDORA_2017-6BE762EA64.NASL", "FEDORA_2017-CF8C62747A.NASL", "FEDORA_2017-E0ABE14016.NASL", "FEDORA_2018-C3A5B2029A.NASL", "FEDORA_2019-00870E8BFC.NASL", "FEDORA_2019-1FFD6B6064.NASL", "FEDORA_2019-243442E600.NASL", "FEDORA_2019-2B1F72899A.NASL", "FEDORA_2019-4954D8773C.NASL", "FEDORA_2019-50772CF122.NASL", "FEDORA_2019-51F1E08207.NASL", "FEDORA_2019-5DC275C9F2.NASL", "FEDORA_2019-60A1DEFCD1.NASL", "FEDORA_2019-6B02154AA0.NASL", "FEDORA_2019-6BAEB15DA3.NASL", "FEDORA_2019-6E1938A3C5.NASL", "FEDORA_2019-6FAFD84F5D.NASL", "FEDORA_2019-7723D4774A.NASL", "FEDORA_2019-7D9F3CF3CE.NASL", "FEDORA_2019-7DF59302E0.NASL", "FEDORA_2019-7EB6D3B8EA.NASL", "FEDORA_2019-86F32CBAB1.NASL", "FEDORA_2019-9BFB4A3E4B.NASL", "FEDORA_2019-A122FE704D.NASL", "FEDORA_2019-B8FFB3768D.NASL", "FEDORA_2019-CF725DD20B.NASL", "FEDORA_2019-D11594BF0A.NASL", "FEDORA_2019-D58EB75449.NASL", "FEDORA_2019-EC26883852.NASL", "FREEBSD_PKG_18ED9650A1D611E99B17FCAA147E860E.NASL", "FREEBSD_PKG_1D0F685233D811E6A67160A44CE6887B.NASL", "FREEBSD_PKG_8D5368EF40FE11E6B2ECB499BAEBFEAF.NASL", "FREEBSD_PKG_A449C604A43A11E9B422FCAA147E860E.NASL", "FREEBSD_PKG_A61374FC3A4D11E6A67160A44CE6887B.NASL", "FREEBSD_PKG_D74371D24FEE11E9A5CD1DF8A848DE3D.NASL", "GENTOO_GLSA-201111-02.NASL", "GENTOO_GLSA-201805-02.NASL", "MACOSX_10_7_3.NASL", "MANDRIVA_MDVSA-2008-085.NASL", "MANDRIVA_MDVSA-2012-096.NASL", "MANDRIVA_MDVSA-2013-214.NASL", "MANDRIVA_MDVSA-2014-197.NASL", "NEWSTART_CGSL_NS-SA-2019-0061_PYTHON.NASL", "OPENSUSE-2014-506.NASL", "OPENSUSE-2018-1128.NASL", "OPENSUSE-2018-372.NASL", "OPENSUSE-2018-511.NASL", "OPENSUSE-2019-155.NASL", "OPENSUSE-2019-184.NASL", "ORACLELINUX_ELSA-2009-1176.NASL", "ORACLELINUX_ELSA-2011-0492.NASL", "ORACLELINUX_ELSA-2015-1330.NASL", "PHOTONOS_PHSA-2017-0051_PYTHON2.NASL", "PHOTONOS_PHSA-2018-1_0-0125_PYTHON2.NASL", "PHOTONOS_PHSA-2018-1_0-0126_PYTHON3.NASL", "PHOTONOS_PHSA-2018-1_0-0178_PYTHON2.NASL", "PHOTONOS_PHSA-2018-1_0-0178_PYTHON3.NASL", "PHOTONOS_PHSA-2018-2_0-0086_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0203_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0220_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0236_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0237_PYTHON3.NASL", "PHOTONOS_PHSA-2019-1_0-0240_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0240_PYTHON3.NASL", "PHOTONOS_PHSA-2019-1_0-0246_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0246_PYTHON3.NASL", "PHOTONOS_PHSA-2019-1_0-0251_PYTHON3.NASL", "PHOTONOS_PHSA-2019-1_0-0252_PYTHON2.NASL", "PHOTONOS_PHSA-2019-1_0-0255_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0118_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0165_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0165_PYTHON3.NASL", "PHOTONOS_PHSA-2019-2_0-0171_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0171_PYTHON3.NASL", "PHOTONOS_PHSA-2019-2_0-0176_PYTHON3.NASL", "PHOTONOS_PHSA-2019-2_0-0177_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0182_PYTHON2.NASL", "PHOTONOS_PHSA-2019-2_0-0182_PYTHON3.NASL", "PHOTONOS_PHSA-2019-3_0-0009_PYTHON2.NASL", "PHOTONOS_PHSA-2019-3_0-0024_PYTHON2.NASL", "PHOTONOS_PHSA-2019-3_0-0030_PYTHON3.NASL", "PHOTONOS_PHSA-2019-3_0-0031_PYTHON2.NASL", "PHOTONOS_PHSA-2019-3_0-0035_PYTHON2.NASL", "REDHAT-RHSA-2012-0508.NASL", "REDHAT-RHSA-2018-3041.NASL", "SLACKWARE_SSA_2019-293-01.NASL", "SUSE_11_0_PYTHON-080801.NASL", "SUSE_11_PYTHON-201408-140728.NASL", "SUSE_PYTHON-3749.NASL", "SUSE_SU-2018-1372-1.NASL", "SUSE_SU-2018-3156-1.NASL", "SUSE_SU-2018-3554-1.NASL", "SUSE_SU-2019-0215-1.NASL", "SUSE_SU-2019-0223-1.NASL", "SUSE_SU-2019-0243-1.NASL", "SUSE_SU-2019-0271-1.NASL", "SUSE_SU-2019-14142-1.NASL", "SUSE_SU-2021-14198-1.NASL", "UBUNTU_USN-3496-1.NASL", "UBUNTU_USN-3496-3.NASL", "VMWARE_VMSA-2012-0005_REMOTE.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121364", "OPENVAS:1361412562310704306", "OPENVAS:1361412562310704307", "OPENVAS:1361412562310814304", "OPENVAS:1361412562310814307", "OPENVAS:1361412562310830058", "OPENVAS:1361412562310851754", "OPENVAS:1361412562310852005", "OPENVAS:1361412562310852277", "OPENVAS:1361412562310852293", "OPENVAS:1361412562310852330", "OPENVAS:1361412562310864037", "OPENVAS:1361412562310873858", "OPENVAS:1361412562310873923", "OPENVAS:1361412562310873927", "OPENVAS:1361412562310873970", "OPENVAS:1361412562310873972", "OPENVAS:1361412562310874347", "OPENVAS:1361412562310874351", "OPENVAS:1361412562310874352", "OPENVAS:1361412562310874353", "OPENVAS:1361412562310874354", "OPENVAS:1361412562310874355", "OPENVAS:1361412562310875112", "OPENVAS:1361412562310875122", "OPENVAS:1361412562310875225", "OPENVAS:1361412562310875226", "OPENVAS:1361412562310875227", "OPENVAS:1361412562310875228", "OPENVAS:1361412562310875432", "OPENVAS:1361412562310875444", "OPENVAS:1361412562310875537", "OPENVAS:1361412562310875540", "OPENVAS:1361412562310891519", "OPENVAS:1361412562310891520", "OPENVAS:830058", "OPENVAS:863691", "OPENVAS:864710", "OPENVAS:881128", "OPENVAS:881168", "OPENVAS:881201"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2015-2367936"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1076"]}, {"type": "photon", "idList": ["PHSA-2017-0005", "PHSA-2018-1.0-0125", "PHSA-2018-1.0-0126", "PHSA-2018-1.0-0178", "PHSA-2018-2.0-0037", "PHSA-2018-2.0-0086", "PHSA-2019-1.0-0203", "PHSA-2019-1.0-0216", "PHSA-2019-1.0-0220", "PHSA-2019-1.0-0236", "PHSA-2019-1.0-0237", "PHSA-2019-1.0-0240", "PHSA-2019-1.0-0246", "PHSA-2019-1.0-0251", "PHSA-2019-1.0-0257", "PHSA-2019-2.0-0118", "PHSA-2019-2.0-0120", "PHSA-2019-2.0-0140", "PHSA-2019-2.0-0141", "PHSA-2019-2.0-0146", "PHSA-2019-2.0-0161", "PHSA-2019-2.0-0165", "PHSA-2019-2.0-0171", "PHSA-2019-2.0-0176", "PHSA-2019-2.0-0177", "PHSA-2019-2.0-0182", "PHSA-2019-2.0-0190", "PHSA-2019-3.0-0005", "PHSA-2019-3.0-0009", "PHSA-2019-3.0-0016", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0024", "PHSA-2019-3.0-0030", "PHSA-2019-3.0-0031", "PHSA-2019-3.0-0035", "PHSA-2019-3.0-0036"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2009:1178", "RHSA-2011:0554", "RHSA-2012:0508", "RHSA-2012:0745", "RHSA-2019:0997"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000158", "RH:CVE-2018-1000030", "RH:CVE-2018-1000802", "RH:CVE-2018-1061", "RH:CVE-2019-10160", "RH:CVE-2019-16056", "RH:CVE-2020-11078"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24260", "SECURITYVULNS:DOC:27154", "SECURITYVULNS:VULN:13594"]}, {"type": "seebug", "idList": ["SSV:60424"]}, {"type": "slackware", "idList": ["SSA-2019-293-01"]}, {"type": "sonarsource", "idList": ["SONARSOURCE:975650E98377379A199A2570C63A856D"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1415-1", "OPENSUSE-SU-2018:3052-1", "OPENSUSE-SU-2019:0155-1", "OPENSUSE-SU-2019:0184-1", "OPENSUSE-SU-2019:0292-1", "OPENSUSE-SU-2019:2389-1", "OPENSUSE-SU-2019:2393-1"]}, {"type": "symantec", "idList": ["SMNTC-110222"]}, {"type": "talos", "idList": ["TALOS-2019-0758"]}, {"type": "talosblog", "idList": ["TALOSBLOG:769D76B3F852B1909E158D5428E1DEF9"]}, {"type": "threatpost", "idList": ["THREATPOST:0B3F568CF532B4D11A2D561F09E1490F"]}, {"type": "ubuntu", "idList": ["USN-1982-1", "USN-1983-1", "USN-1984-1", "USN-1985-1", "USN-3496-1", "USN-3496-2", "USN-3496-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-1150", "UB:CVE-2019-16056", "UB:CVE-2019-16935"]}, {"type": "vmware", "idList": ["VMSA-2012-0001"]}, {"type": "zdt", "idList": ["1337DAY-ID-21938"]}]}, "exploitation": null, "vulnersScore": 0.1}, "_state": {"dependencies": 1673453919, "score": 1673455684}, "_internal": {"score_hash": "fccacae3eee5021494d15fcca3240add"}, "pluginID": "133259", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0234-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133259);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\n \"CVE-2007-2052\",\n \"CVE-2008-1721\",\n \"CVE-2008-2315\",\n \"CVE-2008-2316\",\n \"CVE-2008-3142\",\n \"CVE-2008-3143\",\n \"CVE-2008-3144\",\n \"CVE-2011-1521\",\n \"CVE-2011-3389\",\n \"CVE-2011-4944\",\n \"CVE-2012-0845\",\n \"CVE-2012-1150\",\n \"CVE-2013-1752\",\n \"CVE-2013-1753\",\n \"CVE-2013-4238\",\n \"CVE-2014-1912\",\n \"CVE-2014-4650\",\n \"CVE-2014-7185\",\n \"CVE-2016-0772\",\n \"CVE-2016-1000110\",\n \"CVE-2016-5636\",\n \"CVE-2016-5699\",\n \"CVE-2017-1000158\",\n \"CVE-2017-18207\",\n \"CVE-2018-1000030\",\n \"CVE-2018-1000802\",\n \"CVE-2018-1060\",\n \"CVE-2018-1061\",\n \"CVE-2018-14647\",\n \"CVE-2018-20852\",\n \"CVE-2019-10160\",\n \"CVE-2019-16056\",\n \"CVE-2019-16935\",\n \"CVE-2019-5010\",\n \"CVE-2019-9636\",\n \"CVE-2019-9947\",\n \"CVE-2019-9948\"\n );\n script_bugtraq_id(\n 28715,\n 30491,\n 47024,\n 49388,\n 49778,\n 51239,\n 52732,\n 61738,\n 63804,\n 65379,\n 66958,\n 68147,\n 70089\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for python fixes the following issues :\n\nUpdated to version 2.7.17 to unify packages among openSUSE:Factory and\nSLE versions (bsc#1159035).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073269\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=214983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=298378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=346490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=367853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=379534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=380942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=399190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=406051\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=425138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=426563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=430761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=432677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=436966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=437293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=441088\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=462375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=525295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=534721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=551715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=572673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=577032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=581765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=603255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=617751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=637176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=638233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=658604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=673071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=682554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=697251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=707667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=718009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=747125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=747794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=751718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=754447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=766778\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=794139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=804978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=827982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=831442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=834601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=836739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=856835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=856836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=857470\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=863741\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=885882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=898572\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=901715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=935856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=945401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=964182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=984751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=985177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=985348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=989523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=997436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2007-2052/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2008-1721/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2008-2315/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2008-2316/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2008-3142/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2008-3143/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2008-3144/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2011-1521/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2011-3389/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2011-4944/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2012-0845/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2012-1150/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2013-1752/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2013-1753/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2013-4238/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2014-1912/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2014-4650/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2014-7185/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-0772/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-1000110/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-5636/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-5699/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-1000158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18207/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1000030/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1000802/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1060/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1061/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20852/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10160/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16056/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16935/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-5010/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9636/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9947/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9948/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200234-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a7e022df\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-234=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-234=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-234=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Desktop-Applications-15-SP1-2020-234=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15 :\n\nzypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2020-234=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-234=1\n\nSUSE Linux Enterprise Module for Basesystem 15 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-234=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-32bit-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-32bit-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-32bit-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-32bit-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libpython2_7-1_0-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libpython2_7-1_0-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-base-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-base-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-base-debugsource-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-curses-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-curses-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-debugsource-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-demo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-devel-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-gdbm-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-gdbm-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-idle-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-tk-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-tk-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-xml-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-xml-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libpython2_7-1_0-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-base-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-base-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-base-debugsource-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-curses-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-curses-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-debugsource-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-demo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-devel-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-gdbm-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-gdbm-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-idle-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-tk-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-tk-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-xml-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-xml-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-32bit-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-32bit-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-32bit-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-32bit-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libpython2_7-1_0-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libpython2_7-1_0-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-base-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-base-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-base-debugsource-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-curses-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-curses-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-debugsource-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-demo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-devel-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-gdbm-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-gdbm-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-idle-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-tk-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-tk-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-xml-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-xml-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libpython2_7-1_0-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-base-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-base-debuginfo-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-base-debugsource-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-curses-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-curses-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-debugsource-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-demo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-devel-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-gdbm-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-gdbm-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-idle-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-tk-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-tk-debuginfo-2.7.17-7.32.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-xml-2.7.17-7.32.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-xml-debuginfo-2.7.17-7.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:libpython2_7", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python", "p-cpe:/a:novell:suse_linux:python-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:python-base", "p-cpe:/a:novell:suse_linux:python-base-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:python-base-debuginfo", "p-cpe:/a:novell:suse_linux:python-base-debugsource", "p-cpe:/a:novell:suse_linux:python-curses", "p-cpe:/a:novell:suse_linux:python-curses-debuginfo", "p-cpe:/a:novell:suse_linux:python-debuginfo", "p-cpe:/a:novell:suse_linux:python-debugsource", "p-cpe:/a:novell:suse_linux:python-demo", "p-cpe:/a:novell:suse_linux:python-devel", "p-cpe:/a:novell:suse_linux:python-gdbm", "p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo", "p-cpe:/a:novell:suse_linux:python-idle", "p-cpe:/a:novell:suse_linux:python-tk", "p-cpe:/a:novell:suse_linux:python-tk-debuginfo", "p-cpe:/a:novell:suse_linux:python-xml", "p-cpe:/a:novell:suse_linux:python-xml-debuginfo", "cpe:/o:novell:suse_linux:15"], "solution": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-234=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-234=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools 15 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-234=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-234=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15 :\n\nzypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2020-234=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-234=1\n\nSUSE Linux Enterprise Module for Basesystem 15 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-234=1", "nessusSeverity": "Critical", "cvssScoreSource": "", "vendor_cvss2": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2020-01-24T00:00:00", "vulnerabilityPublicationDate": "2007-04-16T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-01-11T15:04:57", "description": "This update for python3 to version 3.6.10 fixes the following issues :\n\nCVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).\n\nCVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955).\n\nCVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-17T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150", "CVE-2013-1752", "CVE-2013-4238", "CVE-2014-2667", "CVE-2014-4650", "CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699", "CVE-2017-18207", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647", "CVE-2018-20406", "CVE-2018-20852", "CVE-2019-10160", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16935", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9947"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpython3_6m1_0", "p-cpe:/a:novell:suse_linux:libpython3_6m1_0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python3", "p-cpe:/a:novell:suse_linux:python3-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:python3-base", "p-cpe:/a:novell:suse_linux:python3-base-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:python3-base-debuginfo", "p-cpe:/a:novell:suse_linux:python3-base-debugsource", "p-cpe:/a:novell:suse_linux:python3-curses", "p-cpe:/a:novell:suse_linux:python3-curses-debuginfo", "p-cpe:/a:novell:suse_linux:python3-dbm", "p-cpe:/a:novell:suse_linux:python3-dbm-debuginfo", "p-cpe:/a:novell:suse_linux:python3-debuginfo", "p-cpe:/a:novell:suse_linux:python3-debugsource", "p-cpe:/a:novell:suse_linux:python3-devel", "p-cpe:/a:novell:suse_linux:python3-devel-debuginfo", "p-cpe:/a:novell:suse_linux:python3-idle", "p-cpe:/a:novell:suse_linux:python3-testsuite", "p-cpe:/a:novell:suse_linux:python3-testsuite-debuginfo", "p-cpe:/a:novell:suse_linux:python3-tk", "p-cpe:/a:novell:suse_linux:python3-tk-debuginfo", "p-cpe:/a:novell:suse_linux:python3-tools", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-0114-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133036", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0114-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133036);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2011-3389\",\n \"CVE-2011-4944\",\n \"CVE-2012-0845\",\n \"CVE-2012-1150\",\n \"CVE-2013-1752\",\n \"CVE-2013-4238\",\n \"CVE-2014-2667\",\n \"CVE-2014-4650\",\n \"CVE-2016-0772\",\n \"CVE-2016-1000110\",\n \"CVE-2016-5636\",\n \"CVE-2016-5699\",\n \"CVE-2017-18207\",\n \"CVE-2018-1000802\",\n \"CVE-2018-1060\",\n \"CVE-2018-1061\",\n \"CVE-2018-14647\",\n \"CVE-2018-20406\",\n \"CVE-2018-20852\",\n \"CVE-2019-10160\",\n \"CVE-2019-15903\",\n \"CVE-2019-16056\",\n \"CVE-2019-16935\",\n \"CVE-2019-5010\",\n \"CVE-2019-9636\",\n \"CVE-2019-9947\"\n );\n script_bugtraq_id(\n 49388,\n 49778,\n 51239,\n 52732,\n 61738,\n 63804,\n 66521,\n 68147\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for python3 to version 3.6.10 fixes the following issues :\n\nCVE-2017-18207: Fixed a denial of service in\nWave_read._read_fmt_chunk() (bsc#1083507).\n\nCVE-2019-16056: Fixed an issue where email parsing could fail for\nmultiple @ (bsc#1149955).\n\nCVE-2019-15903: Fixed a heap-based buffer over-read in libexpat\n(bsc#1149429).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=637176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=658604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=673071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=709442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=743787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=747125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=751718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=754447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=754677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=787526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=809831\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=831629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=834601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=871152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=885662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=885882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=917607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=942751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=951166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=983582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=984751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=985177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=985348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=989523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2011-3389/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2011-4944/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2012-0845/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2012-1150/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2013-1752/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2013-4238/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2014-2667/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2014-4650/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-0772/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-1000110/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-5636/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-5699/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18207/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1000802/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1060/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1061/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-14647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20406/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20852/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10160/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15903/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16056/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16935/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-5010/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9636/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9947/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200114-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4a736fc2\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-114=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-114=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-114=1\n\nSUSE Linux Enterprise Module for Development Tools 15 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-2020-114=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-114=1\n\nSUSE Linux Enterprise Module for Basesystem 15 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-114=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_6m1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_6m1_0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-dbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-dbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-testsuite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython3_6m1_0-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython3_6m1_0-32bit-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-32bit-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-base-32bit-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libpython3_6m1_0-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libpython3_6m1_0-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-base-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-base-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-base-debugsource-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-curses-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-curses-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-dbm-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-dbm-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-debugsource-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-devel-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-devel-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-idle-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-testsuite-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-testsuite-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-tk-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-tk-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python3-tools-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython3_6m1_0-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"python3-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libpython3_6m1_0-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libpython3_6m1_0-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-base-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-base-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-base-debugsource-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-curses-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-curses-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-dbm-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-dbm-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-debugsource-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-devel-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-devel-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-idle-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-testsuite-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-testsuite-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-tk-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-tk-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-tools-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython3_6m1_0-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython3_6m1_0-32bit-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-32bit-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-base-32bit-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libpython3_6m1_0-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libpython3_6m1_0-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-base-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-base-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-base-debugsource-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-curses-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-curses-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-dbm-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-dbm-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-debugsource-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-devel-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-devel-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-idle-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-testsuite-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-testsuite-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-tk-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-tk-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python3-tools-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython3_6m1_0-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"python3-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libpython3_6m1_0-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libpython3_6m1_0-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-base-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-base-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-base-debugsource-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-curses-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-curses-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-dbm-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-dbm-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-debugsource-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-devel-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-devel-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-idle-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-testsuite-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-testsuite-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-tk-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-tk-debuginfo-3.6.10-3.42.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-tools-3.6.10-3.42.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:04:54", "description": "This update for python3 to version 3.6.10 fixes the following issues :\n\n - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).\n\n - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955).\n\n - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150", "CVE-2013-1752", "CVE-2013-4238", "CVE-2014-2667", "CVE-2014-4650", "CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699", "CVE-2017-18207", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647", "CVE-2018-20406", "CVE-2018-20852", "CVE-2019-10160", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16935", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9947"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpython3_6m1_0", "p-cpe:/a:novell:opensuse:libpython3_6m1_0-32bit", "p-cpe:/a:novell:opensuse:libpython3_6m1_0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libpython3_6m1_0-debuginfo", "p-cpe:/a:novell:opensuse:python3", "p-cpe:/a:novell:opensuse:python3-32bit", "p-cpe:/a:novell:opensuse:python3-32bit-debuginfo", "p-cpe:/a:novell:opensuse:python3-base", "p-cpe:/a:novell:opensuse:python3-base-32bit", "p-cpe:/a:novell:opensuse:python3-base-32bit-debuginfo", "p-cpe:/a:novell:opensuse:python3-base-debuginfo", "p-cpe:/a:novell:opensuse:python3-base-debugsource", "p-cpe:/a:novell:opensuse:python3-curses", "p-cpe:/a:novell:opensuse:python3-curses-debuginfo", "p-cpe:/a:novell:opensuse:python3-dbm", "p-cpe:/a:novell:opensuse:python3-dbm-debuginfo", "p-cpe:/a:novell:opensuse:python3-debuginfo", "p-cpe:/a:novell:opensuse:python3-debugsource", "p-cpe:/a:novell:opensuse:python3-devel", "p-cpe:/a:novell:opensuse:python3-devel-debuginfo", "p-cpe:/a:novell:opensuse:python3-idle", "p-cpe:/a:novell:opensuse:python3-testsuite", "p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo", "p-cpe:/a:novell:opensuse:python3-tk", "p-cpe:/a:novell:opensuse:python3-tk-debuginfo", "p-cpe:/a:novell:opensuse:python3-tools", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-86.NASL", "href": "https://www.tenable.com/plugins/nessus/133172", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-86.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133172);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2011-3389\",\n \"CVE-2011-4944\",\n \"CVE-2012-0845\",\n \"CVE-2012-1150\",\n \"CVE-2013-1752\",\n \"CVE-2013-4238\",\n \"CVE-2014-2667\",\n \"CVE-2014-4650\",\n \"CVE-2016-0772\",\n \"CVE-2016-1000110\",\n \"CVE-2016-5636\",\n \"CVE-2016-5699\",\n \"CVE-2017-18207\",\n \"CVE-2018-1000802\",\n \"CVE-2018-1060\",\n \"CVE-2018-1061\",\n \"CVE-2018-14647\",\n \"CVE-2018-20406\",\n \"CVE-2018-20852\",\n \"CVE-2019-10160\",\n \"CVE-2019-15903\",\n \"CVE-2019-16056\",\n \"CVE-2019-16935\",\n \"CVE-2019-5010\",\n \"CVE-2019-9636\",\n \"CVE-2019-9947\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for python3 to version 3.6.10 fixes the following issues :\n\n - CVE-2017-18207: Fixed a denial of service in\n Wave_read._read_fmt_chunk() (bsc#1083507).\n\n - CVE-2019-16056: Fixed an issue where email parsing could\n fail for multiple @ (bsc#1149955).\n\n - CVE-2019-15903: Fixed a heap-based buffer over-read in\n libexpat (bsc#1149429).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040164\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088004\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088573\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=637176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=658604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=673071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=709442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=743787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=747125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=751718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=754447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=754677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=787526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=809831\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=831629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=834601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=871152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=885662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=885882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989523\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_6m1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_6m1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_6m1_0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_6m1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-dbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-dbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpython3_6m1_0-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpython3_6m1_0-debuginfo-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-base-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-base-debuginfo-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-base-debugsource-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-curses-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-curses-debuginfo-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-dbm-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-dbm-debuginfo-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-debuginfo-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-debugsource-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-devel-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-devel-debuginfo-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-idle-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-testsuite-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-testsuite-debuginfo-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-tk-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-tk-debuginfo-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-tools-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libpython3_6m1_0-32bit-debuginfo-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"python3-32bit-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"python3-32bit-debuginfo-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.6.10-lp151.6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"python3-base-32bit-debuginfo-3.6.10-lp151.6.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpython3_6m1_0 / libpython3_6m1_0-debuginfo / python3-base / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:22:33", "description": "According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer.(CVE-2016-0772)\n\n - A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution.(CVE-2016-5636)\n\n - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite.(CVE-2016-2183)\n\n - The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers.\n A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data.(CVE-2014-9365)\n\n - An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash.(CVE-2014-7185)\n\n - A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service.(CVE-2018-1060)\n\n - The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\\\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.(CVE-2013-4238)\n\n - It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values.(CVE-2016-5699)\n\n - CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)(CVE-2017-1000158)\n\n - A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.(CVE-2018-1061)\n\n - It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory.(CVE-2013-1752)\n\n - A flaw was found in the way the json module handled negative index argument passed to certain functions (such as raw_decode()). An attacker able to control index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory.(CVE-2014-4616)\n\n - urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.(CVE-2019-9948)\n\n - Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.(CVE-2018-14647)\n\n - A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities.(CVE-2019-5010)\n\n - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization.\n The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.(CVE-2019-9636)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-1752", "CVE-2013-4238", "CVE-2014-4616", "CVE-2014-7185", "CVE-2014-9365", "CVE-2016-0772", "CVE-2016-2183", "CVE-2016-5636", "CVE-2016-5699", "CVE-2017-1000158", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9948"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python", "p-cpe:/a:huawei:euleros:python-devel", "p-cpe:/a:huawei:euleros:python-libs", "p-cpe:/a:huawei:euleros:python-tools", "p-cpe:/a:huawei:euleros:tkinter", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1434.NASL", "href": "https://www.tenable.com/plugins/nessus/124937", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124937);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-1752\",\n \"CVE-2013-4238\",\n \"CVE-2014-4616\",\n \"CVE-2014-7185\",\n \"CVE-2014-9365\",\n \"CVE-2016-0772\",\n \"CVE-2016-2183\",\n \"CVE-2016-5636\",\n \"CVE-2016-5699\",\n \"CVE-2017-1000158\",\n \"CVE-2018-1060\",\n \"CVE-2018-1061\",\n \"CVE-2018-14647\",\n \"CVE-2019-5010\",\n \"CVE-2019-9636\",\n \"CVE-2019-9948\"\n );\n script_bugtraq_id(\n 61738,\n 63804,\n 68119,\n 70089,\n 71639\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - It was found that Python's smtplib library did not\n return an exception when StartTLS failed to be\n established in the SMTP.starttls() function. A man in\n the middle attacker could strip out the STARTTLS\n command without generating an exception on the Python\n SMTP client application, preventing the establishment\n of the TLS layer.(CVE-2016-0772)\n\n - A vulnerability was discovered in Python, in the\n built-in zipimporter. A specially crafted zip file\n placed in a module path such that it would be loaded by\n a later 'import' statement could cause a heap overflow,\n leading to arbitrary code execution.(CVE-2016-5636)\n\n - A flaw was found in the way the DES/3DES cipher was\n used as part of the TLS/SSL protocol. A\n man-in-the-middle attacker could use this flaw to\n recover some plaintext data by capturing large amounts\n of encrypted traffic between TLS/SSL server and client\n if the communication used a DES/3DES based\n ciphersuite.(CVE-2016-2183)\n\n - The Python standard library HTTP client modules (such\n as httplib or urllib) did not perform verification of\n TLS/SSL certificates when connecting to HTTPS servers.\n A man-in-the-middle attacker could use this flaw to\n hijack connections and eavesdrop or modify transferred\n data.(CVE-2014-9365)\n\n - An integer overflow flaw was found in the way the\n buffer() function handled its offset and size\n arguments. An attacker able to control those arguments\n could use this flaw to disclose portions of the\n application memory or cause it to crash.(CVE-2014-7185)\n\n - A flaw was found in the way catastrophic backtracking\n was implemented in python's pop3lib's apop() method. An\n attacker could use this flaw to cause denial of\n service.(CVE-2018-1060)\n\n - The ssl.match_hostname function in the SSL module in\n Python 2.6 through 3.4 does not properly handle a '\\\\0'\n character in a domain name in the Subject Alternative\n Name field of an X.509 certificate, which allows\n man-in-the-middle attackers to spoof arbitrary SSL\n servers via a crafted certificate issued by a\n legitimate Certification Authority, a related issue to\n CVE-2009-2408.(CVE-2013-4238)\n\n - It was found that the Python's httplib library (used by\n urllib, urllib2 and others) did not properly check\n HTTPConnection.putheader() function arguments. An\n attacker could use this flaw to inject additional\n headers in a Python application that allowed user\n provided header names or values.(CVE-2016-5699)\n\n - CPython (aka Python) up to 2.7.13 is vulnerable to an\n integer overflow in the PyString_DecodeEscape function\n in stringobject.c, resulting in heap-based buffer\n overflow (and possible arbitrary code\n execution)(CVE-2017-1000158)\n\n - A flaw was found in the way catastrophic backtracking\n was implemented in python's difflib.IS_LINE_JUNK\n method. An attacker could use this flaw to cause denial\n of service.(CVE-2018-1061)\n\n - It was discovered that multiple Python standard library\n modules implementing network protocols (such as httplib\n or smtplib) failed to restrict sizes of server\n responses. A malicious server could cause a client\n using one of the affected modules to consume an\n excessive amount of memory.(CVE-2013-1752)\n\n - A flaw was found in the way the json module handled\n negative index argument passed to certain functions\n (such as raw_decode()). An attacker able to control\n index value passed to one of the affected functions\n could possibly use this flaw to disclose portions of\n the application memory.(CVE-2014-4616)\n\n - urllib in Python 2.x through 2.7.16 supports the\n local_file: scheme, which makes it easier for remote\n attackers to bypass protection mechanisms that\n blacklist file: URIs, as demonstrated by triggering a\n urllib.urlopen('local_file:///etc/passwd')\n call.(CVE-2019-9948)\n\n - Python's elementtree C accelerator failed to initialise\n Expat's hash salt during initialization. This could\n make it easy to conduct denial of service attacks\n against Expat by contructing an XML document that would\n cause pathological hash collisions in Expat's internal\n data structures, consuming large amounts CPU and\n RAM.(CVE-2018-14647)\n\n - A null pointer dereference vulnerability was found in\n the certificate parsing code in Python. This causes a\n denial of service to applications when parsing\n specially crafted certificates. This vulnerability is\n unlikely to be triggered if application enables SSL/TLS\n certificate validation and accepts certificates only\n from trusted root certificate\n authorities.(CVE-2019-5010)\n\n - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is\n affected by: Improper Handling of Unicode Encoding\n (with an incorrect netloc) during NFKC normalization.\n The impact is: Information disclosure (credentials,\n cookies, etc. that are cached against a given\n hostname). The components are: urllib.parse.urlsplit,\n urllib.parse.urlparse. The attack vector is: A\n specially crafted URL could be incorrectly parsed to\n locate cookies or authentication data and send that\n information to a different host than when parsed\n correctly.(CVE-2019-9636)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1434\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?776f9511\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-2.7.5-69.h19\",\n \"python-devel-2.7.5-69.h19\",\n \"python-libs-2.7.5-69.h19\",\n \"python-tools-2.7.5-69.h19\",\n \"tkinter-2.7.5-69.h19\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:06:16", "description": "This update for python36 to version 3.6.10 fixes the following issues :\n\nCVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507).\n\nCVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ signs (bsc#1149955).\n\nCVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18207", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-20852", "CVE-2019-10160", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9947"], "modified": "2020-02-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpython3_6m1_0", "p-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python36", "p-cpe:/a:novell:suse_linux:python36-base", "p-cpe:/a:novell:suse_linux:python36-base-debuginfo", "p-cpe:/a:novell:suse_linux:python36-base-debugsource", "p-cpe:/a:novell:suse_linux:python36-debuginfo", "p-cpe:/a:novell:suse_linux:python36-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-0302-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133448", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0302-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133448);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/06\");\n\n script_cve_id(\"CVE-2017-18207\", \"CVE-2018-1000802\", \"CVE-2018-1060\", \"CVE-2018-20852\", \"CVE-2019-10160\", \"CVE-2019-15903\", \"CVE-2019-16056\", \"CVE-2019-5010\", \"CVE-2019-9636\", \"CVE-2019-9947\");\n\n script_name(english:\"SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for python36 to version 3.6.10 fixes the following \nissues :\n\nCVE-2017-18207: Fixed a denial of service in\nWave_read._read_fmt_chunk() (bsc#1083507).\n\nCVE-2019-16056: Fixed an issue where email parsing could fail for\nmultiple @ signs (bsc#1149955).\n\nCVE-2019-15903: Fixed a heap-based buffer over-read in libexpat\n(bsc#1149429).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088009\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094814\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151490\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159035\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159622\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=709442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000802/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1060/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20852/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10160/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15903/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16056/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5010/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9947/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200302-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68a41617\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-302=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_6m1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python36-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python36-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python36-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python36-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python36-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpython3_6m1_0-3.6.10-4.3.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpython3_6m1_0-debuginfo-3.6.10-4.3.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python36-3.6.10-4.3.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python36-base-3.6.10-4.3.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python36-base-debuginfo-3.6.10-4.3.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python36-base-debugsource-3.6.10-4.3.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python36-debuginfo-3.6.10-4.3.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python36-debugsource-3.6.10-4.3.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python36\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:38:31", "description": "The remote host is affected by the vulnerability described in GLSA-200807-16 (Python: Multiple vulnerabilities)\n\n Multiple vulnerabilities were discovered in Python:\n David Remahl of Apple Product Security reported several integer overflows in core modules such as stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule (CVE-2008-2315).\n David Remahl of Apple Product Security also reported an integer overflow in the hashlib module, leading to unreliable cryptographic digest results (CVE-2008-2316).\n Justin Ferguson reported multiple buffer overflows in unicode string processing that only affect 32bit systems (CVE-2008-3142).\n The Google Security Team reported multiple integer overflows (CVE-2008-3143).\n Justin Ferguson reported multiple integer underflows and overflows in the PyOS_vsnprintf() function, and an off-by-one error when passing zero-length strings, leading to memory corruption (CVE-2008-3144).\n Impact :\n\n A remote attacker could exploit these vulnerabilities in Python applications or daemons that pass user-controlled input to vulnerable functions. Exploitation might lead to the execution of arbitrary code or a Denial of Service. Vulnerabilities within the hashlib might lead to weakened cryptographic protection of data integrity or authenticity.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2008-08-01T00:00:00", "type": "nessus", "title": "GLSA-200807-16 : Python: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:python", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200807-16.NASL", "href": "https://www.tenable.com/plugins/nessus/33782", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200807-16.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33782);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_xref(name:\"GLSA\", value:\"200807-16\");\n\n script_name(english:\"GLSA-200807-16 : Python: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200807-16\n(Python: Multiple vulnerabilities)\n\n Multiple vulnerabilities were discovered in Python:\n David Remahl of Apple Product Security reported several integer\n overflows in core modules such as stringobject, unicodeobject,\n bufferobject, longobject, tupleobject, stropmodule, gcmodule,\n mmapmodule (CVE-2008-2315).\n David Remahl of Apple Product Security also reported an integer\n overflow in the hashlib module, leading to unreliable cryptographic\n digest results (CVE-2008-2316).\n Justin Ferguson reported multiple buffer overflows in unicode string\n processing that only affect 32bit systems (CVE-2008-3142).\n The Google Security Team reported multiple integer overflows\n (CVE-2008-3143).\n Justin Ferguson reported multiple integer underflows and overflows in\n the PyOS_vsnprintf() function, and an off-by-one error when passing\n zero-length strings, leading to memory corruption (CVE-2008-3144).\n \nImpact :\n\n A remote attacker could exploit these vulnerabilities in Python\n applications or daemons that pass user-controlled input to vulnerable\n functions. Exploitation might lead to the execution of arbitrary code\n or a Denial of Service. Vulnerabilities within the hashlib might lead\n to weakened cryptographic protection of data integrity or authenticity.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200807-16\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Python 2.4 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.4.4-r14'\n All Python 2.5 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.5.2-r6'\n Please note that Python 2.3 is masked since June 24, and we will not be\n releasing updates to it. It will be removed from the tree in the near\n future.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/python\", unaffected:make_list(\"rge 2.4.4-r14\", \"ge 2.5.2-r6\", \"rge 2.4.6\"), vulnerable:make_list(\"lt 2.5.2-r6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Python\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-17T14:23:21", "description": "This update for python3 fixes the following issues :\n\n - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header (fixes boo#989523, CVE-2016-1000110)\n\n - update to 3.4.5 check:\n https://docs.python.org/3.4/whatsnew/changelog.html (fixes boo#984751, CVE-2016-0772) (fixes boo#985177, CVE-2016-5636) (fixes boo#985348, CVE-2016-5699)\n\n - Bump DH parameters to 2048 bit to fix logjam security issue. boo#935856\n\n - apply fix for CVE-2016-1000110 - CGIHandler: sets environmental variable based on user-supplied Proxy request header: (fixes boo#989523, CVE-2016-1000110)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-08-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python3 (openSUSE-2016-997) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4650", "CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpython3_4m1_0", "p-cpe:/a:novell:opensuse:libpython3_4m1_0-32bit", "p-cpe:/a:novell:opensuse:libpython3_4m1_0-debuginfo", "p-cpe:/a:novell:opensuse:libpython3_4m1_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python3", "p-cpe:/a:novell:opensuse:python3-32bit", "p-cpe:/a:novell:opensuse:python3-base", "p-cpe:/a:novell:opensuse:python3-base-32bit", "p-cpe:/a:novell:opensuse:python3-base-debuginfo", "p-cpe:/a:novell:opensuse:python3-base-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python3-base-debugsource", "p-cpe:/a:novell:opensuse:python3-curses", "p-cpe:/a:novell:opensuse:python3-curses-debuginfo", "p-cpe:/a:novell:opensuse:python3-dbm", "p-cpe:/a:novell:opensuse:python3-dbm-debuginfo", "p-cpe:/a:novell:opensuse:python3-debuginfo", "p-cpe:/a:novell:opensuse:python3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python3-debugsource", "p-cpe:/a:novell:opensuse:python3-devel", "p-cpe:/a:novell:opensuse:python3-devel-debuginfo", "p-cpe:/a:novell:opensuse:python3-doc-pdf", "p-cpe:/a:novell:opensuse:python3-idle", "p-cpe:/a:novell:opensuse:python3-testsuite", "p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo", "p-cpe:/a:novell:opensuse:python3-tk", "p-cpe:/a:novell:opensuse:python3-tk-debuginfo", "p-cpe:/a:novell:opensuse:python3-tools", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-997.NASL", "href": "https://www.tenable.com/plugins/nessus/93069", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-997.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93069);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-4650\", \"CVE-2016-0772\", \"CVE-2016-1000110\", \"CVE-2016-5636\", \"CVE-2016-5699\");\n\n script_name(english:\"openSUSE Security Update : python3 (openSUSE-2016-997) (httpoxy)\");\n script_summary(english:\"Check for the openSUSE-2016-997 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for python3 fixes the following issues :\n\n - apply fix for CVE-2016-1000110 - CGIHandler: sets\n environmental variable based on user-supplied Proxy\n request header (fixes boo#989523, CVE-2016-1000110)\n\n - update to 3.4.5 check:\n https://docs.python.org/3.4/whatsnew/changelog.html\n (fixes boo#984751, CVE-2016-0772) (fixes boo#985177,\n CVE-2016-5636) (fixes boo#985348, CVE-2016-5699)\n\n - Bump DH parameters to 2048 bit to fix logjam security\n issue. boo#935856\n\n - apply fix for CVE-2016-1000110 - CGIHandler: sets\n environmental variable based on user-supplied Proxy\n request header: (fixes boo#989523, CVE-2016-1000110)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.python.org/3.4/whatsnew/changelog.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_4m1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_4m1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_4m1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_4m1_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-dbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-dbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpython3_4m1_0-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libpython3_4m1_0-debuginfo-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-base-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-base-debuginfo-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-base-debugsource-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-curses-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-curses-debuginfo-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-dbm-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-dbm-debuginfo-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-debuginfo-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-debugsource-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-devel-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-devel-debuginfo-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-doc-pdf-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-idle-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-testsuite-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-testsuite-debuginfo-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-tk-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-tk-debuginfo-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python3-tools-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-32bit-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-debuginfo-32bit-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"python3-32bit-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-32bit-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"python3-debuginfo-32bit-3.4.5-4.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpython3_4m1_0-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libpython3_4m1_0-debuginfo-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-base-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-base-debuginfo-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-base-debugsource-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-curses-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-curses-debuginfo-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-dbm-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-dbm-debuginfo-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-debuginfo-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-debugsource-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-devel-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-devel-debuginfo-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-doc-pdf-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-idle-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-testsuite-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-testsuite-debuginfo-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-tk-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-tk-debuginfo-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"python3-tools-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-32bit-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-debuginfo-32bit-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"python3-32bit-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-32bit-3.4.5-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"python3-debuginfo-32bit-3.4.5-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpython3_4m1_0 / libpython3_4m1_0-32bit / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:49:00", "description": "This update for python fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751)\n\nCVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177)\n\nCVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348)\n\nCVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523)\n\nCVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-04T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699", "CVE-2019-5010"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpython2_7", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python", "p-cpe:/a:novell:suse_linux:python-base", "p-cpe:/a:novell:suse_linux:python-base-debuginfo", "p-cpe:/a:novell:suse_linux:python-base-debugsource", "p-cpe:/a:novell:suse_linux:python-curses", "p-cpe:/a:novell:suse_linux:python-curses-debuginfo", "p-cpe:/a:novell:suse_linux:python-debuginfo", "p-cpe:/a:novell:suse_linux:python-debugsource", "p-cpe:/a:novell:suse_linux:python-demo", "p-cpe:/a:novell:suse_linux:python-gdbm", "p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo", "p-cpe:/a:novell:suse_linux:python-idle", "p-cpe:/a:novell:suse_linux:python-tk", "p-cpe:/a:novell:suse_linux:python-tk-debuginfo", "p-cpe:/a:novell:suse_linux:python-xml", "p-cpe:/a:novell:suse_linux:python-xml-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0223-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121570", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0223-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121570);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2016-0772\", \"CVE-2016-1000110\", \"CVE-2016-5636\", \"CVE-2016-5699\", \"CVE-2019-5010\");\n\n script_name(english:\"SUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for python fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2016-0772: smtplib vulnerability opens startTLS stripping attack\n(bsc#984751)\n\nCVE-2016-5636: heap overflow when importing malformed zip files\n(bsc#985177)\n\nCVE-2016-5699: incorrect validation of HTTP headers allow header\ninjection (bsc#985348)\n\nCVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by\ndisregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523)\n\nCVE-2019-5010: Fixed a denial-of-service vulnerability in the X509\ncertificate parser (bsc#1122191)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0772/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1000110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5699/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5010/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190223-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d0a457ba\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-223=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-2.7.9-16.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-32bit-2.7.9-16.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-2.7.9-16.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.9-16.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-32bit-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-2.7.9-16.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-32bit-2.7.9-16.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debuginfo-2.7.9-16.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debuginfo-32bit-2.7.9-16.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debugsource-2.7.9-16.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-curses-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-curses-debuginfo-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debuginfo-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debuginfo-32bit-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debugsource-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-demo-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-gdbm-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-gdbm-debuginfo-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-idle-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-tk-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-tk-debuginfo-2.7.9-16.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-xml-2.7.9-16.7.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-xml-debuginfo-2.7.9-16.7.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-13T14:44:57", "description": "It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2018-1000030)\n\nIt was discovered that Python incorrectly handled running external commands in the shutil module. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000802)\n\nIt was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060, CVE-2018-1061)\n\nIt was discovered that Python failed to initialize Expat's hash salt.\nA remote attacker could possibly use this issue to cause hash collisions, leading to a denial of service. (CVE-2018-14647).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-14T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Python vulnerabilities (USN-3817-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000030", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python2.7", "p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.4", "p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.5", "p-cpe:/a:canonical:ubuntu_linux:python3.5-minimal", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3817-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118954", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3817-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118954);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-1000030\", \"CVE-2018-1000802\", \"CVE-2018-1060\", \"CVE-2018-1061\", \"CVE-2018-14647\");\n script_xref(name:\"USN\", value:\"3817-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Python vulnerabilities (USN-3817-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Python incorrectly handled large amounts of\ndata. A remote attacker could use this issue to cause Python to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.\n(CVE-2018-1000030)\n\nIt was discovered that Python incorrectly handled running external\ncommands in the shutil module. A remote attacker could use this issue\nto cause Python to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2018-1000802)\n\nIt was discovered that Python incorrectly used regular expressions\nvulnerable to catastrophic backtracking. A remote attacker could\npossibly use this issue to cause a denial of service. This issue only\naffected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060,\nCVE-2018-1061)\n\nIt was discovered that Python failed to initialize Expat's hash salt.\nA remote attacker could possibly use this issue to cause hash\ncollisions, leading to a denial of service. (CVE-2018-14647).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3817-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7\", pkgver:\"2.7.6-8ubuntu0.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.6-8ubuntu0.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4\", pkgver:\"3.4.3-1ubuntu1~14.04.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4-minimal\", pkgver:\"3.4.3-1ubuntu1~14.04.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python2.7\", pkgver:\"2.7.12-1ubuntu0~16.04.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.12-1ubuntu0~16.04.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python3.5\", pkgver:\"3.5.2-2ubuntu0~16.04.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python3.5-minimal\", pkgver:\"3.5.2-2ubuntu0~16.04.5\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"python2.7\", pkgver:\"2.7.15~rc1-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.15~rc1-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2.7 / python2.7-minimal / python3.4 / python3.4-minimal / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:27:17", "description": "According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed.\n The result of an attack may vary based on the application.(CVE-2019-10160)urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.(CVE-2019-9948)Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.(CVE-2018-14647)python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free.\n Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow.\n As for the Use-After-Free, Thread3-i1/4zMalloc-i1/4zThread1-i1/4zFree's-i1/4zThread2-Re-us es-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.(CVE-2018-1000030)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : python (EulerOS-SA-2019-2019)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000030", "CVE-2018-14647", "CVE-2019-10160", "CVE-2019-9636", "CVE-2019-9948"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python", "p-cpe:/a:huawei:euleros:python-devel", "p-cpe:/a:huawei:euleros:python-libs", "p-cpe:/a:huawei:euleros:tkinter", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2019.NASL", "href": "https://www.tenable.com/plugins/nessus/129212", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129212);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2018-14647\",\n \"CVE-2018-1000030\",\n \"CVE-2019-9948\",\n \"CVE-2019-10160\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : python (EulerOS-SA-2019-2019)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Python is an interpreted, interactive, object-oriented\n programming language, which includes modules, classes,\n exceptions, very high level dynamic data types and\n dynamic typing. Python supports interfaces to many\n system calls and libraries, as well as to various\n windowing systems.Security Fix(es):A security\n regression of CVE-2019-9636 was discovered in python,\n since commit d537ab0ff9767ef024f26246899728f0116b1ec3,\n which still allows an attacker to exploit CVE-2019-9636\n by abusing the user and password parts of a URL. When\n an application parses user-supplied URLs to store\n cookies, authentication credentials, or other kind of\n information, it is possible for an attacker to provide\n specially crafted URLs to make the application locate\n host-related information (e.g. cookies, authentication\n data) and send them to a different host than where it\n should, unlike if the URLs had been correctly parsed.\n The result of an attack may vary based on the\n application.(CVE-2019-10160)urllib in Python 2.x\n through 2.7.16 supports the local_file: scheme, which\n makes it easier for remote attackers to bypass\n protection mechanisms that blacklist file: URIs, as\n demonstrated by triggering a\n urllib.urlopen('local_file:///etc/passwd')\n call.(CVE-2019-9948)Python's elementtree C accelerator\n failed to initialise Expat's hash salt during\n initialization. This could make it easy to conduct\n denial of service attacks against Expat by constructing\n an XML document that would cause pathological hash\n collisions in Expat's internal data structures,\n consuming large amounts CPU and\n RAM.(CVE-2018-14647)python 2.7.14 is vulnerable to a\n Heap-Buffer-Overflow as well as a Heap-Use-After-Free.\n Python versions prior to 2.7.14 may also be vulnerable\n and it appears that Python 2.7.17 and prior may also be\n vulnerable however this has not been confirmed. The\n vulnerability lies when multiply threads are handling\n large amounts of data. In both cases there is\n essentially a race condition that occurs. For the\n Heap-Buffer-Overflow, Thread 2 is creating the size for\n a buffer, but Thread1 is already writing to the buffer\n without knowing how much to write. So when a large\n amount of data is being processed, it is very easy to\n cause memory corruption using a Heap-Buffer-Overflow.\n As for the Use-After-Free,\n Thread3-i1/4zMalloc-i1/4zThread1-i1/4zFree's-i1/4zThread2-Re-us\n es-Free'd Memory. The PSRT has stated that this is not\n a security vulnerability due to the fact that the\n attacker must be able to run code, however in some\n situations, such as function as a service, this\n vulnerability can potentially be used by an attacker to\n violate a trust boundary, as such the DWF feels this\n issue deserves a CVE.(CVE-2018-1000030)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2019\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?927445bd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9948\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-10160\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-2.7.5-58.h18\",\n \"python-devel-2.7.5-58.h18\",\n \"python-libs-2.7.5-58.h18\",\n \"tkinter-2.7.5-58.h18\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:41:25", "description": "Secunia reports :\n\nSome vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.\n\nVarious integer overflow errors exist in core modules e.g.\nstringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule.\n\nAn integer overflow in the hashlib module can lead to an unreliable cryptographic digest results.\n\nInteger overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems.\n\nAn integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a 'vsnprintf()' function.\n\nAn integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption.", "cvss3": {}, "published": "2008-09-11T00:00:00", "type": "nessus", "title": "FreeBSD : python -- multiple vulnerabilities (0dccaa28-7f3c-11dd-8de5-0030843d3802)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3144"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:python23", "p-cpe:/a:freebsd:freebsd:python24", "p-cpe:/a:freebsd:freebsd:python25", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0DCCAA287F3C11DD8DE50030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/34164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34164);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3144\");\n script_xref(name:\"Secunia\", value:\"31305\");\n\n script_name(english:\"FreeBSD : python -- multiple vulnerabilities (0dccaa28-7f3c-11dd-8de5-0030843d3802)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nSome vulnerabilities have been reported in Python, where some have\nunknown impact and others can potentially be exploited by malicious\npeople to cause a DoS (Denial of Service) or to compromise a\nvulnerable system.\n\nVarious integer overflow errors exist in core modules e.g.\nstringobject, unicodeobject, bufferobject, longobject, tupleobject,\nstropmodule, gcmodule, mmapmodule.\n\nAn integer overflow in the hashlib module can lead to an unreliable\ncryptographic digest results.\n\nInteger overflow errors in the processing of unicode strings can be\nexploited to cause buffer overflows on 32-bit systems.\n\nAn integer overflow exists in the PyOS_vsnprintf() function on\narchitectures that do not have a 'vsnprintf()' function.\n\nAn integer underflow error in the PyOS_vsnprintf() function when\npassing zero-length strings can lead to memory corruption.\"\n );\n # http://bugs.python.org/issue2620\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.python.org/issue2620\"\n );\n # http://bugs.python.org/issue2588\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.python.org/issue2588\"\n );\n # http://bugs.python.org/issue2589\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.python.org/issue2589\"\n );\n # http://mail.python.org/pipermail/python-checkins/2008-July/072276.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1441e508\"\n );\n # http://mail.python.org/pipermail/python-checkins/2008-July/072174.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1afed817\"\n );\n # http://mail.python.org/pipermail/python-checkins/2008-June/070481.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ccf8890\"\n );\n # https://vuxml.freebsd.org/freebsd/0dccaa28-7f3c-11dd-8de5-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5cff4b0e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:python25\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/08/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"python24<2.4.5_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python25<2.5.2_3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"python23>0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:18:05", "description": "Multiple vulnerabilities were discovered in Python, an interactive high-level object-oriented language, including \n\nCVE-2018-14647\n\nPython's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM.\n\nCVE-2019-5010\n\nNULL pointer dereference using a specially crafted X509 certificate.\n\nCVE-2019-9636\n\nImproper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization resulting in information disclosure (credentials, cookies, etc. that are cached against a given hostname).\nA specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.\n\nCVE-2019-9740\n\nAn issue was discovered in urllib2 where CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.\n\nCVE-2019-9947\n\nAn issue was discovered in urllib2 where CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.\n\nCVE-2019-9948\n\nurllib supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file:\nURIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.\n\nCVE-2019-10160\n\nA security regression of CVE-2019-9636 was discovered which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed.\nThe result of an attack may vary based on the application.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2.7.9-2+deb8u3.\n\nWe recommend that you upgrade your python2.7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-25T00:00:00", "type": "nessus", "title": "Debian DLA-1834-1 : python2.7 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-14647", "CVE-2019-10160", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-9948"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:idle-python2.7", "p-cpe:/a:debian:debian_linux:libpython2.7", "p-cpe:/a:debian:debian_linux:libpython2.7-dbg", "p-cpe:/a:debian:debian_linux:libpython2.7-dev", "p-cpe:/a:debian:debian_linux:libpython2.7-minimal", "p-cpe:/a:debian:debian_linux:libpython2.7-stdlib", "p-cpe:/a:debian:debian_linux:libpython2.7-testsuite", "p-cpe:/a:debian:debian_linux:python2.7", "p-cpe:/a:debian:debian_linux:python2.7-dbg", "p-cpe:/a:debian:debian_linux:python2.7-dev", "p-cpe:/a:debian:debian_linux:python2.7-doc", "p-cpe:/a:debian:debian_linux:python2.7-examples", "p-cpe:/a:debian:debian_linux:python2.7-minimal", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1834.NASL", "href": "https://www.tenable.com/plugins/nessus/126222", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1834-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126222);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-14647\", \"CVE-2019-10160\", \"CVE-2019-5010\", \"CVE-2019-9636\", \"CVE-2019-9740\", \"CVE-2019-9947\", \"CVE-2019-9948\");\n\n script_name(english:\"Debian DLA-1834-1 : python2.7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in Python, an interactive\nhigh-level object-oriented language, including \n\nCVE-2018-14647\n\nPython's elementtree C accelerator failed to initialise Expat's hash\nsalt during initialization. This could make it easy to conduct denial\nof service attacks against Expat by constructing an XML document that\nwould cause pathological hash collisions in Expat's internal data\nstructures, consuming large amounts CPU and RAM.\n\nCVE-2019-5010\n\nNULL pointer dereference using a specially crafted X509 certificate.\n\nCVE-2019-9636\n\nImproper Handling of Unicode Encoding (with an incorrect netloc)\nduring NFKC normalization resulting in information disclosure\n(credentials, cookies, etc. that are cached against a given hostname).\nA specially crafted URL could be incorrectly parsed to locate cookies\nor authentication data and send that information to a different host\nthan when parsed correctly.\n\nCVE-2019-9740\n\nAn issue was discovered in urllib2 where CRLF injection is possible if\nthe attacker controls a url parameter, as demonstrated by the first\nargument to urllib.request.urlopen with \\r\\n (specifically in the\nquery string after a ? character) followed by an HTTP header or a\nRedis command.\n\nCVE-2019-9947\n\nAn issue was discovered in urllib2 where CRLF injection is possible if\nthe attacker controls a url parameter, as demonstrated by the first\nargument to urllib.request.urlopen with \\r\\n (specifically in the path\ncomponent of a URL that lacks a ? character) followed by an HTTP\nheader or a Redis command. This is similar to the CVE-2019-9740 query\nstring issue.\n\nCVE-2019-9948\n\nurllib supports the local_file: scheme, which makes it easier for\nremote attackers to bypass protection mechanisms that blacklist file:\nURIs, as demonstrated by triggering a\nurllib.urlopen('local_file:///etc/passwd') call.\n\nCVE-2019-10160\n\nA security regression of CVE-2019-9636 was discovered which still\nallows an attacker to exploit CVE-2019-9636 by abusing the user and\npassword parts of a URL. When an application parses user-supplied URLs\nto store cookies, authentication credentials, or other kind of\ninformation, it is possible for an attacker to provide specially\ncrafted URLs to make the application locate host-related information\n(e.g. cookies, authentication data) and send them to a different host\nthan where it should, unlike if the URLs had been correctly parsed.\nThe result of an attack may vary based on the application.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.7.9-2+deb8u3.\n\nWe recommend that you upgrade your python2.7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/python2.7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9948\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:idle-python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"idle-python2.7\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7-dbg\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7-dev\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7-minimal\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7-stdlib\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7-testsuite\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7-dbg\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7-dev\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7-doc\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7-examples\", reference:\"2.7.9-2+deb8u3\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7-minimal\", reference:\"2.7.9-2+deb8u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:40:48", "description": "New python packages are available for Slackware 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix security issues.", "cvss3": {}, "published": "2008-08-05T00:00:00", "type": "nessus", "title": "Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3144"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:python", "p-cpe:/a:slackware:slackware_linux:python-demo", "p-cpe:/a:slackware:slackware_linux:python-tools", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.1", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:12.1"], "id": "SLACKWARE_SSA_2008-217-01.NASL", "href": "https://www.tenable.com/plugins/nessus/33824", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-217-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33824);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3144\");\n script_bugtraq_id(28715, 30491);\n script_xref(name:\"SSA\", value:\"2008-217-01\");\n\n script_name(english:\"Slackware 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : python (SSA:2008-217-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New python packages are available for Slackware 10.1, 10.2, 11.0,\n12.0, 12.1, and -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?41912d97\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected python, python-demo and / or python-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/04/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"10.1\", pkgname:\"python\", pkgver:\"2.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\nif (slackware_check(osver:\"10.1\", pkgname:\"python-demo\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.1\")) flag++;\nif (slackware_check(osver:\"10.1\", pkgname:\"python-tools\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"python\", pkgver:\"2.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\nif (slackware_check(osver:\"10.2\", pkgname:\"python-demo\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.2\")) flag++;\nif (slackware_check(osver:\"10.2\", pkgname:\"python-tools\", pkgver:\"2.4.5\", pkgarch:\"noarch\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"python\", pkgver:\"2.4.5\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"python\", pkgver:\"2.5.2\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"python\", pkgver:\"2.5.2\", pkgarch:\"i486\", pkgnum:\"2_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"python\", pkgver:\"2.5.2\", pkgarch:\"i486\", pkgnum:\"2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:00:25", "description": "This update to python 2.7.9 fixes the following issues :\n\n - python-2.7-libffi-aarch64.patch: Fix argument passing in libffi for aarch64\n\nFrom the version update to 2.7.9 :\n\n - contains full backport of ssl module from Python 3.4 (PEP466)\n\n - HTTPS certificate validation enabled by default (PEP476)\n\n - SSLv3 disabled by default (bnc#901715)\n\n - backported ensurepip module (PEP477)\n\n - fixes several missing CVEs from last release:\n CVE-2013-1752, CVE-2013-1753\n\n - dropped upstreamed patches: python-2.7.6-poplib.patch, smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch\n\n - dropped patch python-2.7.3-ssl_ca_path.patch because we don't need it with ssl module from Python 3\n\n - libffi was upgraded upstream, seems to contain our changes, so dropping libffi-ppc64le.diff as well\n\n - python-2.7-urllib2-localnet-ssl.patch - properly remove unconditional 'import ssl' from test_urllib2_localnet that caused it to fail without ssl\n\n - skip test_thread in qemu_linux_user mode\n\nFrom the version update to 2.7.8 :\n\n - fixes CVE-2014-4650 directory traversal in CGIHTTPServer\n\n - fixes CVE-2014-7185 (bnc#898572) potential buffer overflow in buffer()\n\nAlso the DH parameters were increased to 2048 bit to fix logjam security issue (bsc#935856)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-08-06T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4650", "CVE-2014-7185"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpython2_7", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python", "p-cpe:/a:novell:suse_linux:python-base", "p-cpe:/a:novell:suse_linux:python-base-debuginfo", "p-cpe:/a:novell:suse_linux:python-base-debugsource", "p-cpe:/a:novell:suse_linux:python-curses", "p-cpe:/a:novell:suse_linux:python-curses-debuginfo", "p-cpe:/a:novell:suse_linux:python-debuginfo", "p-cpe:/a:novell:suse_linux:python-debugsource", "p-cpe:/a:novell:suse_linux:python-demo", "p-cpe:/a:novell:suse_linux:python-devel", "p-cpe:/a:novell:suse_linux:python-gdbm", "p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo", "p-cpe:/a:novell:suse_linux:python-idle", "p-cpe:/a:novell:suse_linux:python-tk", "p-cpe:/a:novell:suse_linux:python-tk-debuginfo", "p-cpe:/a:novell:suse_linux:python-xml", "p-cpe:/a:novell:suse_linux:python-xml-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1344-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85250", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1344-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85250);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 66958, 68147, 70089);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2015:1344-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to python 2.7.9 fixes the following issues :\n\n - python-2.7-libffi-aarch64.patch: Fix argument passing in\n libffi for aarch64\n\nFrom the version update to 2.7.9 :\n\n - contains full backport of ssl module from Python 3.4\n (PEP466)\n\n - HTTPS certificate validation enabled by default (PEP476)\n\n - SSLv3 disabled by default (bnc#901715)\n\n - backported ensurepip module (PEP477)\n\n - fixes several missing CVEs from last release:\n CVE-2013-1752, CVE-2013-1753\n\n - dropped upstreamed patches: python-2.7.6-poplib.patch,\n smtplib_maxline-2.7.patch, xmlrpc_gzip_27.patch\n\n - dropped patch python-2.7.3-ssl_ca_path.patch because we\n don't need it with ssl module from Python 3\n\n - libffi was upgraded upstream, seems to contain our\n changes, so dropping libffi-ppc64le.diff as well\n\n - python-2.7-urllib2-localnet-ssl.patch - properly remove\n unconditional 'import ssl' from test_urllib2_localnet\n that caused it to fail without ssl\n\n - skip test_thread in qemu_linux_user mode\n\nFrom the version update to 2.7.8 :\n\n - fixes CVE-2014-4650 directory traversal in CGIHTTPServer\n\n - fixes CVE-2014-7185 (bnc#898572) potential buffer\n overflow in buffer()\n\nAlso the DH parameters were increased to 2048 bit to fix logjam\nsecurity issue (bsc#935856)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-1752/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-1753/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4650/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-7185/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151344-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b2cb590\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-367=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-367=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-367=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-367=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-curses-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-curses-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-demo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-gdbm-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-gdbm-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-idle-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-tk-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-tk-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-xml-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-xml-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-base-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-debuginfo-32bit-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-base-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-curses-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-curses-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-debugsource-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-devel-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-tk-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-tk-debuginfo-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-xml-2.7.9-14.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"python-xml-debuginfo-2.7.9-14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:00:49", "description": "It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-08-04T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : python on SL6.x i386/x86_64 (20150722)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2014-1912", "CVE-2014-4650", "CVE-2014-7185"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:python", "p-cpe:/a:fermilab:scientific_linux:python-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-devel", "p-cpe:/a:fermilab:scientific_linux:python-libs", "p-cpe:/a:fermilab:scientific_linux:python-test", "p-cpe:/a:fermilab:scientific_linux:python-tools", "p-cpe:/a:fermilab:scientific_linux:tkinter", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150722_PYTHON_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85206", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85206);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n\n script_name(english:\"Scientific Linux Security Update : python on SL6.x i386/x86_64 (20150722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=3564\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?15a4252d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"python-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-debuginfo-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-devel-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-libs-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-test-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debuginfo / python-devel / python-libs / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:57:56", "description": "From Red Hat Security Advisory 2015:1330 :\n\nUpdated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-30T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : python (ELSA-2015-1330)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2014-1912", "CVE-2014-4650", "CVE-2014-7185"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:python", "p-cpe:/a:oracle:linux:python-devel", "p-cpe:/a:oracle:linux:python-libs", "p-cpe:/a:oracle:linux:python-test", "p-cpe:/a:oracle:linux:python-tools", "p-cpe:/a:oracle:linux:tkinter", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2015-1330.NASL", "href": "https://www.tenable.com/plugins/nessus/85099", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1330 and \n# Oracle Linux Security Advisory ELSA-2015-1330 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85099);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 65379, 68147, 70089);\n script_xref(name:\"RHSA\", value:\"2015:1330\");\n\n script_name(english:\"Oracle Linux 6 : python (ELSA-2015-1330)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1330 :\n\nUpdated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005228.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"python-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-devel-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-libs-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-test-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-tools-2.6.6-64.0.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"tkinter-2.6.6-64.0.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-libs / python-test / python-tools / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:59:32", "description": "Updated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-23T00:00:00", "type": "nessus", "title": "RHEL 6 : python (RHSA-2015:1330)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2014-1912", "CVE-2014-4650", "CVE-2014-7185"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-devel", "p-cpe:/a:redhat:enterprise_linux:python-libs", "p-cpe:/a:redhat:enterprise_linux:python-test", "p-cpe:/a:redhat:enterprise_linux:python-tools", "p-cpe:/a:redhat:enterprise_linux:tkinter", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1330.NASL", "href": "https://www.tenable.com/plugins/nessus/84938", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1330. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84938);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 65379, 68147, 70089);\n script_xref(name:\"RHSA\", value:\"2015:1330\");\n\n script_name(english:\"RHEL 6 : python (RHSA-2015:1330)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/1495363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-7185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-1752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-1912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-4650\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1330\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-debuginfo-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-devel-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-libs-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-test-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-test-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-test-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debuginfo / python-devel / python-libs / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:58:49", "description": "Updated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-07-28T00:00:00", "type": "nessus", "title": "CentOS 6 : python (CESA-2015:1330)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2014-1912", "CVE-2014-4650", "CVE-2014-7185"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:python", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python-libs", "p-cpe:/a:centos:centos:python-test", "p-cpe:/a:centos:centos:python-tools", "p-cpe:/a:centos:centos:tkinter", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2015-1330.NASL", "href": "https://www.tenable.com/plugins/nessus/85012", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1330 and \n# CentOS Errata and Security Advisory 2015:1330 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85012);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2014-1912\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 65379, 68147, 70089);\n script_xref(name:\"RHSA\", value:\"2015:1330\");\n\n script_name(english:\"CentOS 6 : python (CESA-2015:1330)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues, several\nbugs and add one enhancement are now available for Red Hat Enterprise\nLinux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage often compared to Tcl, Perl, Scheme, or Java. Python includes\nmodules, classes, exceptions, very high level dynamic data types and\ndynamic typing. Python supports interfaces to many system calls and\nlibraries, as well as to various windowing systems (X11, Motif, Tk,\nMac and MFC).\n\nIt was discovered that the socket.recvfrom_into() function failed to\ncheck the size of the supplied buffer. This could lead to a buffer\noverflow when the function was called with an insufficiently sized\nbuffer. (CVE-2014-1912)\n\nIt was discovered that multiple Python standard library modules\nimplementing network protocols (such as httplib or smtplib) failed to\nrestrict the sizes of server responses. A malicious server could cause\na client using one of the affected modules to consume an excessive\namount of memory. (CVE-2013-1752)\n\nIt was discovered that the CGIHTTPServer module incorrectly handled\nURL encoded paths. A remote attacker could use this flaw to execute\nscripts outside of the cgi-bin directory, or disclose the source code\nof the scripts in the cgi-bin directory. (CVE-2014-4650)\n\nAn integer overflow flaw was found in the way the buffer() function\nhandled its offset and size arguments. An attacker able to control\nthese arguments could use this flaw to disclose portions of the\napplication memory or cause it to crash. (CVE-2014-7185)\n\nThese updated python packages also include numerous bug fixes and\nenhancements. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes,\nusers are directed to the following article on the Red Hat Customer\nPortal :\n\nhttps://access.redhat.com/articles/1495363\n\nAll python users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2015-July/001906.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?215fca08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n# Temp disable\nexit(0, 'Temporarily disabled.');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-devel-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-libs-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-test-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-tools-2.6.6-64.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"tkinter-2.6.6-64.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:35", "description": "This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed :\n\n - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523)\n\n - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751)\n\n - CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177)\n\n - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348) The update also includes the following non-security fixes :\n\n - Don't force 3rd party C extensions to be built with\n\n -Werror=declaration-after-statement. (bsc#951166)\n\n - Make urllib proxy var handling behave as usual on POSIX.\n (bsc#983582) For a comprehensive list of changes please refer to the upstream change log:\n https://docs.python.org/3.4/whatsnew/changelog.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-27T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2653-1) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpython3_4m1_0", "p-cpe:/a:novell:suse_linux:libpython3_4m1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python3", "p-cpe:/a:novell:suse_linux:python3-base", "p-cpe:/a:novell:suse_linux:python3-base-debuginfo", "p-cpe:/a:novell:suse_linux:python3-base-debugsource", "p-cpe:/a:novell:suse_linux:python3-debuginfo", "p-cpe:/a:novell:suse_linux:python3-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2653-1.NASL", "href": "https://www.tenable.com/plugins/nessus/94321", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2653-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94321);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-0772\", \"CVE-2016-1000110\", \"CVE-2016-5636\", \"CVE-2016-5699\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2653-1) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update provides Python 3.4.5, which brings many fixes and\nenhancements. The following security issues have been fixed :\n\n - CVE-2016-1000110: CGIHandler could have allowed setting\n of HTTP_PROXY environment variable based on\n user-supplied Proxy request header. (bsc#989523)\n\n - CVE-2016-0772: A vulnerability in smtplib could have\n allowed a MITM attacker to perform a startTLS stripping\n attack. (bsc#984751)\n\n - CVE-2016-5636: A heap overflow in Python's zipimport\n module. (bsc#985177)\n\n - CVE-2016-5699: A header injection flaw in\n urrlib2/urllib/httplib/http.client. (bsc#985348) The\n update also includes the following non-security fixes :\n\n - Don't force 3rd party C extensions to be built with\n\n -Werror=declaration-after-statement. (bsc#951166)\n\n - Make urllib proxy var handling behave as usual on POSIX.\n (bsc#983582) For a comprehensive list of changes please\n refer to the upstream change log:\n https://docs.python.org/3.4/whatsnew/changelog.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.python.org/3.4/whatsnew/changelog.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0772/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1000110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5699/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162653-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7015bb76\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1558=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1558=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2016-1558=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1558=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_4m1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_4m1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/27\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpython3_4m1_0-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpython3_4m1_0-debuginfo-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-base-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-base-debuginfo-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-base-debugsource-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-debuginfo-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-debugsource-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython3_4m1_0-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython3_4m1_0-debuginfo-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-base-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-base-debuginfo-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-base-debugsource-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-debuginfo-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-debugsource-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-debuginfo-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-base-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-base-debugsource-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-debuginfo-3.4.5-17.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python3-debugsource-3.4.5-17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:42", "description": "It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. (CVE-2016-0772)\n\nRemi Rampin discovered that Python would not protect CGI applications from contents of the HTTP_PROXY environment variable when based on the contents of the Proxy header from HTTP requests. A remote attacker could possibly use this to cause a CGI application to redirect outgoing HTTP requests. (CVE-2016-1000110)\n\nInsu Yun discovered an integer overflow in the zipimporter module in Python that could lead to a heap-based overflow. An attacker could use this to craft a special zip file that when read by Python could possibly execute arbitrary code. (CVE-2016-5636)\n\nGuido Vranken discovered that the urllib modules in Python did not properly handle carriage return line feed (CRLF) in headers. A remote attacker could use this to craft URLs that inject arbitrary HTTP headers. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2016-5699).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-23T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : python2.7, python3.2, python3.4, python3.5 vulnerabilities (USN-3134-1) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libpython2.7", "p-cpe:/a:canonical:ubuntu_linux:libpython2.7-minimal", "p-cpe:/a:canonical:ubuntu_linux:libpython2.7-stdlib", "p-cpe:/a:canonical:ubuntu_linux:libpython3.2", "p-cpe:/a:canonical:ubuntu_linux:libpython3.4", "p-cpe:/a:canonical:ubuntu_linux:libpython3.4-minimal", "p-cpe:/a:canonical:ubuntu_linux:libpython3.4-stdlib", "p-cpe:/a:canonical:ubuntu_linux:libpython3.5", "p-cpe:/a:canonical:ubuntu_linux:libpython3.5-minimal", "p-cpe:/a:canonical:ubuntu_linux:libpython3.5-stdlib", "p-cpe:/a:canonical:ubuntu_linux:python2.7", "p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.2", "p-cpe:/a:canonical:ubuntu_linux:python3.2-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.4", "p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.5", "p-cpe:/a:canonical:ubuntu_linux:python3.5-minimal", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3134-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95284", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3134-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95284);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-0772\", \"CVE-2016-1000110\", \"CVE-2016-5636\", \"CVE-2016-5699\");\n script_xref(name:\"USN\", value:\"3134-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : python2.7, python3.2, python3.4, python3.5 vulnerabilities (USN-3134-1) (httpoxy)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the smtplib library in Python did not return an\nerror when StartTLS fails. A remote attacker could possibly use this\nto expose sensitive information. (CVE-2016-0772)\n\nRemi Rampin discovered that Python would not protect CGI applications\nfrom contents of the HTTP_PROXY environment variable when based on the\ncontents of the Proxy header from HTTP requests. A remote attacker\ncould possibly use this to cause a CGI application to redirect\noutgoing HTTP requests. (CVE-2016-1000110)\n\nInsu Yun discovered an integer overflow in the zipimporter module in\nPython that could lead to a heap-based overflow. An attacker could use\nthis to craft a special zip file that when read by Python could\npossibly execute arbitrary code. (CVE-2016-5636)\n\nGuido Vranken discovered that the urllib modules in Python did not\nproperly handle carriage return line feed (CRLF) in headers. A remote\nattacker could use this to craft URLs that inject arbitrary HTTP\nheaders. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04\nLTS. (CVE-2016-5699).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3134-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpython2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpython2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpython2.7-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpython3.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpython3.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpython3.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpython3.4-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpython3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpython3.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpython3.5-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.2-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libpython2.7\", pkgver:\"2.7.3-0ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libpython3.2\", pkgver:\"3.2.3-0ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python2.7\", pkgver:\"2.7.3-0ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.3-0ubuntu3.9\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python3.2\", pkgver:\"3.2.3-0ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python3.2-minimal\", pkgver:\"3.2.3-0ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libpython2.7\", pkgver:\"2.7.6-8ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libpython2.7-minimal\", pkgver:\"2.7.6-8ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libpython2.7-stdlib\", pkgver:\"2.7.6-8ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libpython3.4\", pkgver:\"3.4.3-1ubuntu1~14.04.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libpython3.4-minimal\", pkgver:\"3.4.3-1ubuntu1~14.04.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libpython3.4-stdlib\", pkgver:\"3.4.3-1ubuntu1~14.04.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7\", pkgver:\"2.7.6-8ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.6-8ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4\", pkgver:\"3.4.3-1ubuntu1~14.04.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4-minimal\", pkgver:\"3.4.3-1ubuntu1~14.04.5\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libpython2.7\", pkgver:\"2.7.12-1ubuntu0~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libpython2.7-minimal\", pkgver:\"2.7.12-1ubuntu0~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libpython2.7-stdlib\", pkgver:\"2.7.12-1ubuntu0~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libpython3.5\", pkgver:\"3.5.2-2ubuntu0~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libpython3.5-minimal\", pkgver:\"3.5.2-2ubuntu0~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libpython3.5-stdlib\", pkgver:\"3.5.2-2ubuntu0~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python2.7\", pkgver:\"2.7.12-1ubuntu0~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.12-1ubuntu0~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python3.5\", pkgver:\"3.5.2-2ubuntu0~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python3.5-minimal\", pkgver:\"3.5.2-2ubuntu0~16.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpython2.7 / libpython2.7-minimal / libpython2.7-stdlib / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:51", "description": "This update provides Python 3.4.5, which brings many fixes and enhancements. The following security issues have been fixed :\n\n - CVE-2016-1000110: CGIHandler could have allowed setting of HTTP_PROXY environment variable based on user-supplied Proxy request header. (bsc#989523)\n\n - CVE-2016-0772: A vulnerability in smtplib could have allowed a MITM attacker to perform a startTLS stripping attack. (bsc#984751)\n\n - CVE-2016-5636: A heap overflow in Python's zipimport module. (bsc#985177)\n\n - CVE-2016-5699: A header injection flaw in urrlib2/urllib/httplib/http.client. (bsc#985348) The update also includes the following non-security fixes :\n\n - Don't force 3rd party C extensions to be built with\n\n -Werror=declaration-after-statement. (bsc#951166)\n\n - Make urllib proxy var handling behave as usual on POSIX.\n (bsc#983582) For a comprehensive list of changes please refer to the upstream change log:\n https://docs.python.org/3.4/whatsnew/changelog.html\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-18T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2859-1) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpython3_4m1_0", "p-cpe:/a:novell:suse_linux:libpython3_4m1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python3", "p-cpe:/a:novell:suse_linux:python3-base", "p-cpe:/a:novell:suse_linux:python3-base-debuginfo", "p-cpe:/a:novell:suse_linux:python3-base-debugsource", "p-cpe:/a:novell:suse_linux:python3-curses", "p-cpe:/a:novell:suse_linux:python3-curses-debuginfo", "p-cpe:/a:novell:suse_linux:python3-debuginfo", "p-cpe:/a:novell:suse_linux:python3-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2859-1.NASL", "href": "https://www.tenable.com/plugins/nessus/94969", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2859-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94969);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-0772\", \"CVE-2016-1000110\", \"CVE-2016-5636\", \"CVE-2016-5699\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2016:2859-1) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update provides Python 3.4.5, which brings many fixes and\nenhancements. The following security issues have been fixed :\n\n - CVE-2016-1000110: CGIHandler could have allowed setting\n of HTTP_PROXY environment variable based on\n user-supplied Proxy request header. (bsc#989523)\n\n - CVE-2016-0772: A vulnerability in smtplib could have\n allowed a MITM attacker to perform a startTLS stripping\n attack. (bsc#984751)\n\n - CVE-2016-5636: A heap overflow in Python's zipimport\n module. (bsc#985177)\n\n - CVE-2016-5699: A header injection flaw in\n urrlib2/urllib/httplib/http.client. (bsc#985348) The\n update also includes the following non-security fixes :\n\n - Don't force 3rd party C extensions to be built with\n\n -Werror=declaration-after-statement. (bsc#951166)\n\n - Make urllib proxy var handling behave as usual on POSIX.\n (bsc#983582) For a comprehensive list of changes please\n refer to the upstream change log:\n https://docs.python.org/3.4/whatsnew/changelog.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://docs.python.org/3.4/whatsnew/changelog.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0772/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1000110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5699/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162859-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5bdfbf40\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2016-1676=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1676=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1676=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1676=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_4m1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_4m1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-debuginfo-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-base-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-base-debugsource-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-curses-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-curses-debuginfo-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-debuginfo-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-debugsource-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-debuginfo-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-base-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-base-debugsource-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-curses-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-curses-debuginfo-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-debuginfo-3.4.5-19.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"python3-debugsource-3.4.5-19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:40:33", "description": "This update for python fixes the following issues :\n\n - CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751)\n\n - CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177)\n\n - CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348)\n\n - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2016:2106-1) (httpoxy)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpython2_7", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python", "p-cpe:/a:novell:suse_linux:python-base", "p-cpe:/a:novell:suse_linux:python-base-debuginfo", "p-cpe:/a:novell:suse_linux:python-base-debugsource", "p-cpe:/a:novell:suse_linux:python-curses", "p-cpe:/a:novell:suse_linux:python-curses-debuginfo", "p-cpe:/a:novell:suse_linux:python-debuginfo", "p-cpe:/a:novell:suse_linux:python-debugsource", "p-cpe:/a:novell:suse_linux:python-demo", "p-cpe:/a:novell:suse_linux:python-devel", "p-cpe:/a:novell:suse_linux:python-gdbm", "p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo", "p-cpe:/a:novell:suse_linux:python-idle", "p-cpe:/a:novell:suse_linux:python-tk", "p-cpe:/a:novell:suse_linux:python-tk-debuginfo", "p-cpe:/a:novell:suse_linux:python-xml", "p-cpe:/a:novell:suse_linux:python-xml-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2106-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93300", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2106-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93300);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-0772\", \"CVE-2016-1000110\", \"CVE-2016-5636\", \"CVE-2016-5699\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2016:2106-1) (httpoxy)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for python fixes the following issues :\n\n - CVE-2016-0772: smtplib vulnerability opens startTLS\n stripping attack (bsc#984751)\n\n - CVE-2016-5636: heap overflow when importing malformed\n zip files (bsc#985177)\n\n - CVE-2016-5699: incorrect validation of HTTP headers\n allow header injection (bsc#985348)\n\n - CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed\n by disregarding HTTP_PROXY when REQUEST_METHOD is also\n set (bsc#989523)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0772/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1000110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5699/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162106-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44046e19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1245=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1245=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1245=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1245=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpython2_7-1_0-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpython2_7-1_0-debuginfo-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-base-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-base-debuginfo-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-base-debugsource-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-curses-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-curses-debuginfo-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-debuginfo-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-debugsource-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-demo-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-gdbm-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-gdbm-debuginfo-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-idle-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-tk-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-tk-debuginfo-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-xml-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-xml-debuginfo-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpython2_7-1_0-32bit-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-32bit-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-base-32bit-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-base-debuginfo-32bit-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python-debuginfo-32bit-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-debuginfo-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-debuginfo-32bit-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-debugsource-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-curses-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-curses-debuginfo-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-debuginfo-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-debugsource-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-devel-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-tk-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-tk-debuginfo-2.7.9-24.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-xml-2.7.9-24.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"python-xml-debuginfo-2.7.9-24.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-18T14:34:21", "description": "Python was updated to 2.7.6 to fix bugs and security issues :\n\n - bugfix-only release\n\n - SSL-related fixes\n\n - upstream fix for CVE-2013-4238\n\n - upstream fixes for CVE-2013-1752\n\n - added patches for CVE-2013-1752 (bnc#856836) issues that are missing in 2.7.6: python-2.7.6-imaplib.patch python-2.7.6-poplib.patch smtplib_maxline-2.7.patch\n\n - CVE-2013-1753 (bnc#856835) gzip decompression bomb in xmlrpc client: xmlrpc_gzip_27.patch\n\n - python-2.7.6-bdist-rpm.patch: fix broken 'setup.py bdist_rpm' command (bnc#857470, issue18045)\n\n - multilib patch: add '~/.local/lib64' paths to search path (bnc#637176)\n\n - CVE-2014-1912-recvfrom_into.patch: fix potential buffer overflow in socket.recvfrom_into (CVE-2014-1912, bnc#863741)\n\n - Add Obsoletes/Provides for python-ctypes.\n\n - reintroduce audioop.so as the problems with it seem to be fixed (bnc#831442)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python (openSUSE-SU-2014:0380-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2013-4238", "CVE-2014-1912"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpython2_7-1_0", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python", "p-cpe:/a:novell:opensuse:python-32bit", "p-cpe:/a:novell:opensuse:python-base", "p-cpe:/a:novell:opensuse:python-base-32bit", "p-cpe:/a:novell:opensuse:python-base-debuginfo", "p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python-base-debugsource", "p-cpe:/a:novell:opensuse:python-curses", "p-cpe:/a:novell:opensuse:python-curses-debuginfo", "p-cpe:/a:novell:opensuse:python-debuginfo", "p-cpe:/a:novell:opensuse:python-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python-debugsource", "p-cpe:/a:novell:opensuse:python-demo", "p-cpe:/a:novell:opensuse:python-devel", "p-cpe:/a:novell:opensuse:python-doc-pdf", "p-cpe:/a:novell:opensuse:python-gdbm", "p-cpe:/a:novell:opensuse:python-gdbm-debuginfo", "p-cpe:/a:novell:opensuse:python-idle", "p-cpe:/a:novell:opensuse:python-tk", "p-cpe:/a:novell:opensuse:python-tk-debuginfo", "p-cpe:/a:novell:opensuse:python-xml", "p-cpe:/a:novell:opensuse:python-xml-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-213.NASL", "href": "https://www.tenable.com/plugins/nessus/75294", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-213.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75294);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2013-4238\", \"CVE-2014-1912\");\n\n script_name(english:\"openSUSE Security Update : python (openSUSE-SU-2014:0380-1)\");\n script_summary(english:\"Check for the openSUSE-2014-213 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Python was updated to 2.7.6 to fix bugs and security issues :\n\n - bugfix-only release\n\n - SSL-related fixes\n\n - upstream fix for CVE-2013-4238\n\n - upstream fixes for CVE-2013-1752\n\n - added patches for CVE-2013-1752 (bnc#856836) issues that\n are missing in 2.7.6: python-2.7.6-imaplib.patch\n python-2.7.6-poplib.patch smtplib_maxline-2.7.patch\n\n - CVE-2013-1753 (bnc#856835) gzip decompression bomb in\n xmlrpc client: xmlrpc_gzip_27.patch\n\n - python-2.7.6-bdist-rpm.patch: fix broken 'setup.py\n bdist_rpm' command (bnc#857470, issue18045)\n\n - multilib patch: add '~/.local/lib64' paths to search\n path (bnc#637176)\n\n - CVE-2014-1912-recvfrom_into.patch: fix potential buffer\n overflow in socket.recvfrom_into (CVE-2014-1912,\n bnc#863741)\n\n - Add Obsoletes/Provides for python-ctypes.\n\n - reintroduce audioop.so as the problems with it seem to\n be fixed (bnc#831442)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=637176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831442\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00044.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython2_7-1_0-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython2_7-1_0-debuginfo-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-base-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-base-debuginfo-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-base-debugsource-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-curses-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-curses-debuginfo-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-debuginfo-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-debugsource-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-demo-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-devel-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-doc-pdf-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-gdbm-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-gdbm-debuginfo-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-idle-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-tk-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-tk-debuginfo-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-xml-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-xml-debuginfo-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-32bit-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-base-32bit-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-base-debuginfo-32bit-2.7.6-8.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python-debuginfo-32bit-2.7.6-8.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:43:58", "description": "Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-2315 David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules.\n\n - CVE-2008-3142 Justin Ferguson discovered that incorrect memory allocation in the unicode_resize() function can lead to buffer overflows.\n\n - CVE-2008-3143 Several integer overflows were discovered in various Python core modules.\n\n - CVE-2008-3144 Several integer overflows were discovered in the PyOS_vsnprintf() function.", "cvss3": {}, "published": "2008-11-21T00:00:00", "type": "nessus", "title": "Debian DSA-1667-1 : python2.4 - several vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python2.4", "cpe:/o:debian:debian_linux:4.0"], "id": "DEBIAN_DSA-1667.NASL", "href": "https://www.tenable.com/plugins/nessus/34823", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1667. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(34823);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-2315\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n script_xref(name:\"DSA\", value:\"1667\");\n\n script_name(english:\"Debian DSA-1667-1 : python2.4 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Python language. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2008-2315\n David Remahl discovered several integer overflows in the\n stringobject, unicodeobject, bufferobject, longobject,\n tupleobject, stropmodule, gcmodule, and mmapmodule\n modules.\n\n - CVE-2008-3142\n Justin Ferguson discovered that incorrect memory\n allocation in the unicode_resize() function can lead to\n buffer overflows.\n\n - CVE-2008-3143\n Several integer overflows were discovered in various\n Python core modules.\n\n - CVE-2008-3144\n Several integer overflows were discovered in the\n PyOS_vsnprintf() function.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-3144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1667\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python2.4 packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"idle-python2.4\", reference:\"2.4.4-3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4\", reference:\"2.4.4-3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-dbg\", reference:\"2.4.4-3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-dev\", reference:\"2.4.4-3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-examples\", reference:\"2.4.4-3+etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"python2.4-minimal\", reference:\"2.4.4-3+etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:17:56", "description": "Multiple vulnerabilities were discovered in Python2.7, an interactive high-level object-oriented language.\n\nCVE-2018-20852\n\nBy using a malicious server an attacker might steal cookies that are meant for other domains.\n\nCVE-2019-5010\n\nNULL pointer dereference using a specially crafted X509 certificate.\n\nCVE-2019-9636\n\nImproper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization resulting in information disclosure (credentials, cookies, etc. that are cached against a given hostname).\nA specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.\n\nCVE-2019-9740\n\nAn issue was discovered in urllib2 where CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.\n\nCVE-2019-9947\n\nAn issue was discovered in urllib2 where CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.\n\nCVE-2019-9948\n\nurllib supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file:\nURIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.\n\nCVE-2019-10160\n\nA security regression of CVE-2019-9636 was discovered which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed.\nThe result of an attack may vary based on the application.\n\nCVE-2019-16056\n\nThe email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied.\n\nCVE-2019-20907\n\nOpening a crafted tar file could result in an infinite loop due to missing header validation.\n\nFor Debian 9 stretch, these problems have been fixed in version 2.7.13-2+deb9u4.\n\nWe recommend that you upgrade your python2.7 packages.\n\nFor the detailed security status of python2.7 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/python2.7\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-24T00:00:00", "type": "nessus", "title": "Debian DLA-2337-1 : python2.7 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20852", "CVE-2019-10160", "CVE-2019-16056", "CVE-2019-20907", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-9948"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:idle-python2.7", "p-cpe:/a:debian:debian_linux:libpython2.7", "p-cpe:/a:debian:debian_linux:libpython2.7-dbg", "p-cpe:/a:debian:debian_linux:libpython2.7-dev", "p-cpe:/a:debian:debian_linux:libpython2.7-minimal", "p-cpe:/a:debian:debian_linux:libpython2.7-stdlib", "p-cpe:/a:debian:debian_linux:libpython2.7-testsuite", "p-cpe:/a:debian:debian_linux:python2.7", "p-cpe:/a:debian:debian_linux:python2.7-dbg", "p-cpe:/a:debian:debian_linux:python2.7-dev", "p-cpe:/a:debian:debian_linux:python2.7-doc", "p-cpe:/a:debian:debian_linux:python2.7-examples", "p-cpe:/a:debian:debian_linux:python2.7-minimal", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2337.NASL", "href": "https://www.tenable.com/plugins/nessus/139757", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2337-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139757);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2018-20852\", \"CVE-2019-10160\", \"CVE-2019-16056\", \"CVE-2019-20907\", \"CVE-2019-5010\", \"CVE-2019-9636\", \"CVE-2019-9740\", \"CVE-2019-9947\", \"CVE-2019-9948\");\n script_xref(name:\"IAVA\", value:\"2020-A-0340-S\");\n\n script_name(english:\"Debian DLA-2337-1 : python2.7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple vulnerabilities were discovered in Python2.7, an interactive\nhigh-level object-oriented language.\n\nCVE-2018-20852\n\nBy using a malicious server an attacker might steal cookies that are\nmeant for other domains.\n\nCVE-2019-5010\n\nNULL pointer dereference using a specially crafted X509 certificate.\n\nCVE-2019-9636\n\nImproper Handling of Unicode Encoding (with an incorrect netloc)\nduring NFKC normalization resulting in information disclosure\n(credentials, cookies, etc. that are cached against a given hostname).\nA specially crafted URL could be incorrectly parsed to locate cookies\nor authentication data and send that information to a different host\nthan when parsed correctly.\n\nCVE-2019-9740\n\nAn issue was discovered in urllib2 where CRLF injection is possible if\nthe attacker controls a url parameter, as demonstrated by the first\nargument to urllib.request.urlopen with \\r\\n (specifically in the\nquery string after a ? character) followed by an HTTP header or a\nRedis command.\n\nCVE-2019-9947\n\nAn issue was discovered in urllib2 where CRLF injection is possible if\nthe attacker controls a url parameter, as demonstrated by the first\nargument to urllib.request.urlopen with \\r\\n (specifically in the path\ncomponent of a URL that lacks a ? character) followed by an HTTP\nheader or a Redis command. This is similar to the CVE-2019-9740 query\nstring issue.\n\nCVE-2019-9948\n\nurllib supports the local_file: scheme, which makes it easier for\nremote attackers to bypass protection mechanisms that blacklist file:\nURIs, as demonstrated by triggering a\nurllib.urlopen('local_file:///etc/passwd') call.\n\nCVE-2019-10160\n\nA security regression of CVE-2019-9636 was discovered which still\nallows an attacker to exploit CVE-2019-9636 by abusing the user and\npassword parts of a URL. When an application parses user-supplied URLs\nto store cookies, authentication credentials, or other kind of\ninformation, it is possible for an attacker to provide specially\ncrafted URLs to make the application locate host-related information\n(e.g. cookies, authentication data) and send them to a different host\nthan where it should, unlike if the URLs had been correctly parsed.\nThe result of an attack may vary based on the application.\n\nCVE-2019-16056\n\nThe email module wrongly parses email addresses that contain multiple\n@ characters. An application that uses the email module and implements\nsome kind of checks on the From/To headers of a message could be\ntricked into accepting an email address that should be denied.\n\nCVE-2019-20907\n\nOpening a crafted tar file could result in an infinite loop due to\nmissing header validation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2.7.13-2+deb9u4.\n\nWe recommend that you upgrade your python2.7 packages.\n\nFor the detailed security status of python2.7 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/python2.7\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/python2.7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/python2.7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9948\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:idle-python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"idle-python2.7\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7-dbg\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7-dev\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7-minimal\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7-stdlib\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7-testsuite\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7-dbg\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7-dev\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7-doc\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7-examples\", reference:\"2.7.13-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7-minimal\", reference:\"2.7.13-2+deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-18T14:33:22", "description": "4 vulnerabilities were discovered for the python (2.7) and python3 packages in openSUSE versions 11.4 and 12.1.", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python (openSUSE-SU-2012:0667-1) (BEAST)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-3389", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpython2_7-1_0", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:libpython3_2mu1_0", "p-cpe:/a:novell:opensuse:libpython3_2mu1_0-32bit", "p-cpe:/a:novell:opensuse:libpython3_2mu1_0-debuginfo", "p-cpe:/a:novell:opensuse:libpython3_2mu1_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python-base", "p-cpe:/a:novell:opensuse:python-base-32bit", "p-cpe:/a:novell:opensuse:python-base-debuginfo", "p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python-base-debugsource", "p-cpe:/a:novell:opensuse:python-devel", "p-cpe:/a:novell:opensuse:python-doc-pdf", "p-cpe:/a:novell:opensuse:python-xml", "p-cpe:/a:novell:opensuse:python-xml-debuginfo", "p-cpe:/a:novell:opensuse:python3-2to3", "p-cpe:/a:novell:opensuse:python3-base", "p-cpe:/a:novell:opensuse:python3-base-debuginfo", "p-cpe:/a:novell:opensuse:python3-base-debugsource", "p-cpe:/a:novell:opensuse:python3-devel", "p-cpe:/a:novell:opensuse:python3-devel-debuginfo", "p-cpe:/a:novell:opensuse:python3-doc-pdf", "p-cpe:/a:novell:opensuse:python3-idle", "p-cpe:/a:novell:opensuse:python3-tools", "p-cpe:/a:novell:opensuse:python3-xml", "p-cpe:/a:novell:opensuse:python3-xml-debuginfo", "cpe:/o:novell:opensuse:12.1"], "id": "OPENSUSE-2012-302.NASL", "href": "https://www.tenable.com/plugins/nessus/74640", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-302.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74640);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2011-3389\",\n \"CVE-2011-4944\",\n \"CVE-2012-0845\",\n \"CVE-2012-1150\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2019-0547\");\n\n script_name(english:\"openSUSE Security Update : python (openSUSE-SU-2012:0667-1) (BEAST)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"4 vulnerabilities were discovered for the python (2.7) and python3\npackages in openSUSE versions 11.4 and 12.1.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=747125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=751718\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=754447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=754677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.opensuse.org/opensuse-updates/2012-05/msg00048.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_2mu1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_2mu1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_2mu1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_2mu1_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-2to3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpython2_7-1_0-2.7.2-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpython2_7-1_0-debuginfo-2.7.2-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpython3_2mu1_0-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"libpython3_2mu1_0-debuginfo-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-base-2.7.2-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-base-debuginfo-2.7.2-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-base-debugsource-2.7.2-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-devel-2.7.2-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-doc-pdf-2.7-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-xml-2.7.2-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python-xml-debuginfo-2.7.2-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python3-2to3-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python3-base-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python3-base-debuginfo-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python3-base-debugsource-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python3-devel-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python3-devel-debuginfo-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python3-doc-pdf-3.2-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python3-idle-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python3-tools-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python3-xml-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"python3-xml-debuginfo-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.2-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-debuginfo-32bit-2.7.2-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpython3_2mu1_0-32bit-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"libpython3_2mu1_0-debuginfo-32bit-3.2.1-5.6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"python-base-32bit-2.7.2-7.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", cpu:\"x86_64\", reference:\"python-base-debuginfo-32bit-2.7.2-7.14.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpython2_7-1_0 / libpython2_7-1_0-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:49:54", "description": "Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution.\n\nCVE-2017-1000158\n\nCPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)\n\nCVE-2018-1060\n\npython is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.\n\nCVE-2018-1061\n\npython is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.\n\nCVE-2018-1000802\n\nPython Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.4.2-1+deb8u1.\n\nWe recommend that you upgrade your python3.4 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-27T00:00:00", "type": "nessus", "title": "Debian DLA-1520-1 : python3.4 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000158", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:idle-python3.4", "p-cpe:/a:debian:debian_linux:libpython3.4", "p-cpe:/a:debian:debian_linux:libpython3.4-dbg", "p-cpe:/a:debian:debian_linux:libpython3.4-dev", "p-cpe:/a:debian:debian_linux:libpython3.4-minimal", "p-cpe:/a:debian:debian_linux:libpython3.4-stdlib", "p-cpe:/a:debian:debian_linux:libpython3.4-testsuite", "p-cpe:/a:debian:debian_linux:python3.4", "p-cpe:/a:debian:debian_linux:python3.4-dbg", "p-cpe:/a:debian:debian_linux:python3.4-dev", "p-cpe:/a:debian:debian_linux:python3.4-doc", "p-cpe:/a:debian:debian_linux:python3.4-examples", "p-cpe:/a:debian:debian_linux:python3.4-minimal", "p-cpe:/a:debian:debian_linux:python3.4-venv", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1520.NASL", "href": "https://www.tenable.com/plugins/nessus/117713", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1520-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117713);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000158\", \"CVE-2018-1000802\", \"CVE-2018-1060\", \"CVE-2018-1061\");\n\n script_name(english:\"Debian DLA-1520-1 : python3.4 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in the CPython interpreter which\ncan cause denial of service, information gain, and arbitrary code\nexecution.\n\nCVE-2017-1000158\n\nCPython (aka Python) is vulnerable to an integer overflow in the\nPyString_DecodeEscape function in stringobject.c, resulting in\nheap-based buffer overflow (and possible arbitrary code execution)\n\nCVE-2018-1060\n\npython is vulnerable to catastrophic backtracking in pop3lib's apop()\nmethod. An attacker could use this flaw to cause denial of service.\n\nCVE-2018-1061\n\npython is vulnerable to catastrophic backtracking in the\ndifflib.IS_LINE_JUNK method. An attacker could use this flaw to cause\ndenial of service.\n\nCVE-2018-1000802\n\nPython Software Foundation Python (CPython) version 2.7 contains a\nCWE-77: Improper Neutralization of Special Elements used in a Command\n('Command Injection') vulnerability in shutil module (make_archive\nfunction) that can result in Denial of service, Information gain via\ninjection of arbitrary files on the system or entire drive. This\nattack appear to be exploitable via Passage of unfiltered user input\nto the function.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.4.2-1+deb8u1.\n\nWe recommend that you upgrade your python3.4 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/python3.4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:idle-python3.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython3.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython3.4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython3.4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython3.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython3.4-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython3.4-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3.4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3.4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3.4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3.4-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3.4-venv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"idle-python3.4\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython3.4\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython3.4-dbg\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython3.4-dev\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython3.4-minimal\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython3.4-stdlib\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython3.4-testsuite\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3.4\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3.4-dbg\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3.4-dev\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3.4-doc\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3.4-examples\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3.4-minimal\", reference:\"3.4.2-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3.4-venv\", reference:\"3.4.2-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:32", "description": "Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution.\n\nCVE-2017-1000158\n\nCPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)\n\nCVE-2018-1060\n\npython is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.\n\nCVE-2018-1061\n\npython is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.\n\nCVE-2018-1000802\n\nPython Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2.7.9-2+deb8u2.\n\nWe recommend that you upgrade your python2.7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-27T00:00:00", "type": "nessus", "title": "Debian DLA-1519-1 : python2.7 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000158", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:idle-python2.7", "p-cpe:/a:debian:debian_linux:libpython2.7", "p-cpe:/a:debian:debian_linux:libpython2.7-dbg", "p-cpe:/a:debian:debian_linux:libpython2.7-dev", "p-cpe:/a:debian:debian_linux:libpython2.7-minimal", "p-cpe:/a:debian:debian_linux:libpython2.7-stdlib", "p-cpe:/a:debian:debian_linux:libpython2.7-testsuite", "p-cpe:/a:debian:debian_linux:python2.7", "p-cpe:/a:debian:debian_linux:python2.7-dbg", "p-cpe:/a:debian:debian_linux:python2.7-dev", "p-cpe:/a:debian:debian_linux:python2.7-doc", "p-cpe:/a:debian:debian_linux:python2.7-examples", "p-cpe:/a:debian:debian_linux:python2.7-minimal", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1519.NASL", "href": "https://www.tenable.com/plugins/nessus/117712", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1519-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117712);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-1000158\", \"CVE-2018-1000802\", \"CVE-2018-1060\", \"CVE-2018-1061\");\n\n script_name(english:\"Debian DLA-1519-1 : python2.7 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in the CPython interpreter which\ncan cause denial of service, information gain, and arbitrary code\nexecution.\n\nCVE-2017-1000158\n\nCPython (aka Python) is vulnerable to an integer overflow in the\nPyString_DecodeEscape function in stringobject.c, resulting in\nheap-based buffer overflow (and possible arbitrary code execution)\n\nCVE-2018-1060\n\npython is vulnerable to catastrophic backtracking in pop3lib's apop()\nmethod. An attacker could use this flaw to cause denial of service.\n\nCVE-2018-1061\n\npython is vulnerable to catastrophic backtracking in the\ndifflib.IS_LINE_JUNK method. An attacker could use this flaw to cause\ndenial of service.\n\nCVE-2018-1000802\n\nPython Software Foundation Python (CPython) version 2.7 contains a\nCWE-77: Improper Neutralization of Special Elements used in a Command\n('Command Injection') vulnerability in shutil module (make_archive\nfunction) that can result in Denial of service, Information gain via\ninjection of arbitrary files on the system or entire drive. This\nattack appear to be exploitable via Passage of unfiltered user input\nto the function.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.7.9-2+deb8u2.\n\nWe recommend that you upgrade your python2.7 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/python2.7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:idle-python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpython2.7-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"idle-python2.7\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7-dbg\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7-dev\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7-minimal\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7-stdlib\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpython2.7-testsuite\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7-dbg\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7-dev\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7-doc\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7-examples\", reference:\"2.7.9-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python2.7-minimal\", reference:\"2.7.9-2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:23:33", "description": "This update for python3 fixes the following issues :\n\nCVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459).\n\nCVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847).\n\nCVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2019:2053-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000802", "CVE-2018-14647", "CVE-2019-10160", "CVE-2019-9636"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpython3_4m1_0", "p-cpe:/a:novell:suse_linux:libpython3_4m1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python3", "p-cpe:/a:novell:suse_linux:python3-base", "p-cpe:/a:novell:suse_linux:python3-base-debuginfo", "p-cpe:/a:novell:suse_linux:python3-base-debugsource", "p-cpe:/a:novell:suse_linux:python3-curses", "p-cpe:/a:novell:suse_linux:python3-curses-debuginfo", "p-cpe:/a:novell:suse_linux:python3-debuginfo", "p-cpe:/a:novell:suse_linux:python3-debugsource", "p-cpe:/a:novell:suse_linux:python3-tk", "p-cpe:/a:novell:suse_linux:python3-tk-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2053-1.NASL", "href": "https://www.tenable.com/plugins/nessus/127768", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2053-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127768);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-1000802\", \"CVE-2018-14647\", \"CVE-2019-10160\", \"CVE-2019-9636\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2019:2053-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for python3 fixes the following issues :\n\nCVE-2019-10160: Fixed a regression in urlparse() and urlsplit()\nintroduced by the fix for CVE-2019-9636 (bsc#1138459).\n\nCVE-2018-14647: Fixed a denial of service vulnerability caused by a\ncrafted XML document (bsc#1109847).\n\nCVE-2018-1000802: Fixed a command injection in the shutil module\n(bsc#1109663).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000802/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10160/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192053-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b5f13c3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-2053=1\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-2053=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t\npatch SUSE-SLE-SDK-12-SP5-2019-2053=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-2053=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-2053=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-2053=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2019-2053=1\n\nSUSE Linux Enterprise Server 12-SP5:zypper in -t patch\nSUSE-SLE-SERVER-12-SP5-2019-2053=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2053=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-2053=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-2053=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-2053=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2019-2053=1\n\nSUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch\nSUSE-SLE-Module-Web-Scripting-12-2019-2053=1\n\nSUSE Linux Enterprise Desktop 12-SP5:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP5-2019-2053=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2053=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-2053=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-2053=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_4m1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_4m1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3/4/5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpython3_4m1_0-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libpython3_4m1_0-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-base-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-base-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-base-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpython3_4m1_0-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libpython3_4m1_0-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-base-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-base-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-base-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-curses-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-curses-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython3_4m1_0-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"libpython3_4m1_0-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-base-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-base-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-base-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpython3_4m1_0-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libpython3_4m1_0-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-base-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-base-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-base-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-curses-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-curses-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpython3_4m1_0-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libpython3_4m1_0-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-base-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-base-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-base-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-curses-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-curses-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpython3_4m1_0-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpython3_4m1_0-32bit-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpython3_4m1_0-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libpython3_4m1_0-debuginfo-32bit-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-base-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-base-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-base-debuginfo-32bit-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-base-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-curses-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-curses-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-tk-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"python3-tk-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"python3-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"python3-base-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"python3-base-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"python3-curses-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"python3-curses-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"python3-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"python3-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-32bit-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-debuginfo-32bit-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"python3-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"python3-base-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-32bit-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"python3-base-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"python3-curses-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"python3-curses-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"python3-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"python3-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"python3-tk-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"5\", cpu:\"x86_64\", reference:\"python3-tk-debuginfo-3.4.6-25.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:24:49", "description": "This update for python3 fixes the following issues :\n\nCVE-2019-10160: Fixed a regression in urlparse() and urlsplit() introduced by the fix for CVE-2019-9636 (bsc#1138459).\n\nCVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document (bsc#1109847).\n\nCVE-2018-1000802: Fixed a command injection in the shutil module (bsc#1109663).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : python3 (SUSE-SU-2019:2053-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000802", "CVE-2018-14647", "CVE-2019-10160", "CVE-2019-9636"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpython3_4m1_0", "p-cpe:/a:novell:suse_linux:libpython3_4m1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python3", "p-cpe:/a:novell:suse_linux:python3-base", "p-cpe:/a:novell:suse_linux:python3-base-debuginfo", "p-cpe:/a:novell:suse_linux:python3-base-debugsource", "p-cpe:/a:novell:suse_linux:python3-curses", "p-cpe:/a:novell:suse_linux:python3-curses-debuginfo", "p-cpe:/a:novell:suse_linux:python3-debuginfo", "p-cpe:/a:novell:suse_linux:python3-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2053-2.NASL", "href": "https://www.tenable.com/plugins/nessus/128019", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2053-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128019);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2018-1000802\", \"CVE-2018-14647\", \"CVE-2019-10160\", \"CVE-2019-9636\");\n\n script_name(english:\"SUSE SLES12 Security Update : python3 (SUSE-SU-2019:2053-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for python3 fixes the following issues :\n\nCVE-2019-10160: Fixed a regression in urlparse() and urlsplit()\nintroduced by the fix for CVE-2019-9636 (bsc#1138459).\n\nCVE-2018-14647: Fixed a denial of service vulnerability caused by a\ncrafted XML document (bsc#1109847).\n\nCVE-2018-1000802: Fixed a command injection in the shutil module\n(bsc#1109663).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138459\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000802/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10160/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192053-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd1ae08c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-2053=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-2053=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2019-2053=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-2053=1\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2019-2053=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_4m1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython3_4m1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"libpython3_4m1_0-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"python3-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"python3-base-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"python3-base-debugsource-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"python3-curses-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"python3-curses-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"python3-debuginfo-3.4.6-25.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"python3-debugsource-3.4.6-25.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:32", "description": "Multiple security issues were discovered in Python: ElementTree failed to initialise Expat's hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-09-28T00:00:00", "type": "nessus", "title": "Debian DSA-4306-1 : python2.7 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647"], "modified": "2022-02-22T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python2.7", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4306.NASL", "href": "https://www.tenable.com/plugins/nessus/117812", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4306. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117812);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/22\");\n\n script_cve_id(\"CVE-2018-1000802\", \"CVE-2018-1060\", \"CVE-2018-1061\", \"CVE-2018-14647\");\n script_xref(name:\"DSA\", value:\"4306\");\n\n script_name(english:\"Debian DSA-4306-1 : python2.7 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in Python: ElementTree failed\nto initialise Expat's hash salt, two denial of service issues were\nfound in difflib and poplib and the shutil module was affected by a\ncommand injection vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/python2.7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/python2.7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4306\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the python2.7 packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2.7.13-2+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-1000802\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"idle-python2.7\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7-dbg\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7-dev\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7-minimal\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7-stdlib\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython2.7-testsuite\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7-dbg\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7-dev\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7-doc\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7-examples\", reference:\"2.7.13-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python2.7-minimal\", reference:\"2.7.13-2+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:49:24", "description": "Multiple security issues were discovered in Python: ElementTree failed to initialise Expat's hash salt, two denial of service issues were found in difflib and poplib and a buffer overflow in PyString_DecodeEscape.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-01T00:00:00", "type": "nessus", "title": "Debian DSA-4307-1 : python3.5 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000158", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647"], "modified": "2022-02-18T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python3.5", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4307.NASL", "href": "https://www.tenable.com/plugins/nessus/117838", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4307. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117838);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/18\");\n\n script_cve_id(\"CVE-2017-1000158\", \"CVE-2018-1060\", \"CVE-2018-1061\", \"CVE-2018-14647\");\n script_xref(name:\"DSA\", value:\"4307\");\n\n script_name(english:\"Debian DSA-4307-1 : python3.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in Python: ElementTree failed\nto initialise Expat's hash salt, two denial of service issues were\nfound in difflib and poplib and a buffer overflow in\nPyString_DecodeEscape.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/python3.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/python3.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4307\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the python3.5 packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 3.5.3-1+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000158\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"idle-python3.5\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython3.5\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython3.5-dbg\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython3.5-dev\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython3.5-minimal\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython3.5-stdlib\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpython3.5-testsuite\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3.5\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3.5-dbg\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3.5-dev\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3.5-doc\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3.5-examples\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3.5-minimal\", reference:\"3.5.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"python3.5-venv\", reference:\"3.5.3-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:31:01", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1268 advisory.\n\n - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060)\n\n - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061)\n\n - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647)\n\n - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)\n\n - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)\n\n - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-04-01T00:00:00", "type": "nessus", "title": "RHEL 7 : python (RHSA-2020:1268)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-9948"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_eus:7.5:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-test:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tkinter:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1268.NASL", "href": "https://www.tenable.com/plugins/nessus/135089", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1268. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135089);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-1060\",\n \"CVE-2018-1061\",\n \"CVE-2018-14647\",\n \"CVE-2019-9740\",\n \"CVE-2019-9947\",\n \"CVE-2019-9948\"\n );\n script_bugtraq_id(\n 104495,\n 104504,\n 105396,\n 107466,\n 107549,\n 107555\n );\n script_xref(name:\"RHSA\", value:\"2020:1268\");\n\n script_name(english:\"RHEL 7 : python (RHSA-2020:1268)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1268 advisory.\n\n - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060)\n\n - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061)\n\n - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647)\n\n - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)\n\n - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)\n\n - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms\n (CVE-2019-9948)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1549191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1549192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1631822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1688169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695572\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9948\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 113, 335, 665, 749);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.5')) audit(AUDIT_OS_NOT, 'Red Hat 7.5', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/eus/rhel/computenode/7/7.5/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.5/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.5/x86_64/os',\n 'content/eus/rhel/computenode/7/7.5/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.5/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.5/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/os',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.5/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.5/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.5/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.5/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.5/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.5/s390x/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python-2.7.5-74.el7_5', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-2.7.5-74.el7_5', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-debug-2.7.5-74.el7_5', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-debug-2.7.5-74.el7_5', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-devel-2.7.5-74.el7_5', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-devel-2.7.5-74.el7_5', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-libs-2.7.5-74.el7_5', 'sp':'5', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-test-2.7.5-74.el7_5', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-test-2.7.5-74.el7_5', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-tools-2.7.5-74.el7_5', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-tools-2.7.5-74.el7_5', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tkinter-2.7.5-74.el7_5', 'sp':'5', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tkinter-2.7.5-74.el7_5', 'sp':'5', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python / python-debug / python-devel / python-libs / python-test / etc');\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-25T14:32:23", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1346 advisory.\n\n - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060)\n\n - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061)\n\n - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647)\n\n - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)\n\n - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)\n\n - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-04-07T00:00:00", "type": "nessus", "title": "RHEL 7 : python (RHSA-2020:1346)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-9948"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.4:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-test:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:tkinter:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1346.NASL", "href": "https://www.tenable.com/plugins/nessus/135247", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1346. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135247);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-1060\",\n \"CVE-2018-1061\",\n \"CVE-2018-14647\",\n \"CVE-2019-9740\",\n \"CVE-2019-9947\",\n \"CVE-2019-9948\"\n );\n script_bugtraq_id(\n 104495,\n 104504,\n 105396,\n 107466,\n 107549,\n 107555\n );\n script_xref(name:\"RHSA\", value:\"2020:1346\");\n\n script_name(english:\"RHEL 7 : python (RHSA-2020:1346)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1346 advisory.\n\n - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060)\n\n - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061)\n\n - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647)\n\n - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740)\n\n - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947)\n\n - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms\n (CVE-2019-9948)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-14647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1549191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1549192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1631822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1688169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1695572\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9948\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 113, 335, 665, 749);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python-2.7.5-63.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-debug-2.7.5-63.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-devel-2.7.5-63.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-libs-2.7.5-63.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-libs-2.7.5-63.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-test-2.7.5-63.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-tools-2.7.5-63.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'tkinter-2.7.5-63.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python / python-debug / python-devel / python-libs / python-test / etc');\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T15:09:16", "description": "The remote host is affected by the vulnerability described in GLSA-202003-26 (Python: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly perform a CRLF injection attack, obtain sensitive information, trick Python into sending cookies to the wrong domain or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-16T00:00:00", "type": "nessus", "title": "GLSA-202003-26 : Python: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20852", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-9948"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:python", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202003-26.NASL", "href": "https://www.tenable.com/plugins/nessus/134603", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202003-26.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134603);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2018-20852\", \"CVE-2019-5010\", \"CVE-2019-9636\", \"CVE-2019-9740\", \"CVE-2019-9947\", \"CVE-2019-9948\");\n script_xref(name:\"GLSA\", value:\"202003-26\");\n\n script_name(english:\"GLSA-202003-26 : Python: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202003-26\n(Python: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Python. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly perform a CRLF injection attack, obtain\n sensitive information, trick Python into sending cookies to the wrong\n domain or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202003-26\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All Python 2.7.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-2.7.17:2.7'\n All Python 3.5.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-3.5.7:3.5/3.5m'\n All Python 3.6.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-3.6.9:3.6/3.6m'\n All Python 3.7x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/python-3.7.4:3.7/3.7m'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9948\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/python\", unaffected:make_list(\"ge 2.7.17\", \"ge 3.5.7\", \"ge 3.6.9\", \"ge 3.7.4\"), vulnerable:make_list(\"lt 2.7.17\", \"lt 3.5.7\", \"lt 3.6.9\", \"lt 3.7.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Python\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-13T14:57:23", "description": "It was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406)\n\nIt was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852)\n\nJonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled Unicode encoding during NFKC normalization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9636, CVE-2019-10160)\n\nColin Read and Nicolas Edet discovered that Python incorrectly handled parsing certain X509 certificates. An attacker could possibly use this issue to cause Python to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.\n(CVE-2019-5010)\n\nIt was discovered that Python incorrectly handled certain urls. A remote attacker could possibly use this issue to perform CRLF injection attacks. (CVE-2019-9740, CVE-2019-9947)\n\nSihoon Lee discovered that Python incorrectly handled the local_file:\nscheme. A remote attacker could possibly use this issue to bypass blacklist meschanisms. (CVE-2019-9948).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : python2.7, python3.5, python3.6, python3.7 vulnerabilities (USN-4127-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20406", "CVE-2018-20852", "CVE-2019-10160", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-9948"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python2.7", "p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.5", "p-cpe:/a:canonical:ubuntu_linux:python3.5-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.6", "p-cpe:/a:canonical:ubuntu_linux:python3.6-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.7", "p-cpe:/a:canonical:ubuntu_linux:python3.7-minimal", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4127-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128631", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4127-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128631);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-20406\", \"CVE-2018-20852\", \"CVE-2019-10160\", \"CVE-2019-5010\", \"CVE-2019-9636\", \"CVE-2019-9740\", \"CVE-2019-9947\", \"CVE-2019-9948\");\n script_xref(name:\"USN\", value:\"4127-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : python2.7, python3.5, python3.6, python3.7 vulnerabilities (USN-4127-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Python incorrectly handled certain pickle\nfiles. An attacker could possibly use this issue to consume memory,\nleading to a denial of service. This issue only affected Ubuntu 16.04\nLTS and Ubuntu 18.04 LTS. (CVE-2018-20406)\n\nIt was discovered that Python incorrectly validated the domain when\nhandling cookies. An attacker could possibly trick Python into sending\ncookies to the wrong domain. (CVE-2018-20852)\n\nJonathan Birch and Panayiotis Panayiotou discovered that Python\nincorrectly handled Unicode encoding during NFKC normalization. An\nattacker could possibly use this issue to obtain sensitive\ninformation. (CVE-2019-9636, CVE-2019-10160)\n\nColin Read and Nicolas Edet discovered that Python incorrectly handled\nparsing certain X509 certificates. An attacker could possibly use this\nissue to cause Python to crash, resulting in a denial of service. This\nissue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.\n(CVE-2019-5010)\n\nIt was discovered that Python incorrectly handled certain urls. A\nremote attacker could possibly use this issue to perform CRLF\ninjection attacks. (CVE-2019-9740, CVE-2019-9947)\n\nSihoon Lee discovered that Python incorrectly handled the local_file:\nscheme. A remote attacker could possibly use this issue to bypass\nblacklist meschanisms. (CVE-2019-9948).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4127-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9948\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.6-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python2.7\", pkgver:\"2.7.12-1ubuntu0~16.04.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.12-1ubuntu0~16.04.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python3.5\", pkgver:\"3.5.2-2ubuntu0~16.04.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python3.5-minimal\", pkgver:\"3.5.2-2ubuntu0~16.04.8\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"python2.7\", pkgver:\"2.7.15-4ubuntu4~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.15-4ubuntu4~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"python3.6\", pkgver:\"3.6.8-1~18.04.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"python3.6-minimal\", pkgver:\"3.6.8-1~18.04.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"python2.7\", pkgver:\"2.7.16-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.16-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"python3.7\", pkgver:\"3.7.3-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"python3.7-minimal\", pkgver:\"3.7.3-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2.7 / python2.7-minimal / python3.5 / python3.5-minimal / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-01-11T14:40:13", "description": "It was discovered that there were new integer overflows in the imageop module. If an attacker were able to trick a Python application into processing a specially crafted image, they could execute arbitrary code with user privileges. (CVE-2008-1679)\n\nJustin Ferguson discovered that the zlib module did not correctly handle certain archives. If an attacker were able to trick a Python application into processing a specially crafted archive file, they could execute arbitrary code with user privileges. (CVE-2008-1721)\n\nJustin Ferguson discovered that certain string manipulations in Python could be made to overflow. If an attacker were able to pass a specially crafted string through the PyString_FromStringAndSize function, they could execute arbitrary code with user privileges.\n(CVE-2008-1887)\n\nMultiple integer overflows were discovered in Python's core and modules including hashlib, binascii, pickle, md5, stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service.\n(CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2008-08-04T00:00:00", "type": "nessus", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1679", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-5031"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:idle-python2.4", "p-cpe:/a:canonical:ubuntu_linux:idle-python2.5", "p-cpe:/a:canonical:ubuntu_linux:python2.4", "p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg", "p-cpe:/a:canonical:ubuntu_linux:python2.4-dev", "p-cpe:/a:canonical:ubuntu_linux:python2.4-doc", "p-cpe:/a:canonical:ubuntu_linux:python2.4-examples", "p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm", "p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal", "p-cpe:/a:canonical:ubuntu_linux:python2.4-tk", "p-cpe:/a:canonical:ubuntu_linux:python2.5", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dev", "p-cpe:/a:canonical:ubuntu_linux:python2.5-doc", "p-cpe:/a:canonical:ubuntu_linux:python2.5-examples", "p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "cpe:/o:canonical:ubuntu_linux:7.04", "cpe:/o:canonical:ubuntu_linux:7.10", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts"], "id": "UBUNTU_USN-632-1.NASL", "href": "https://www.tenable.com/plugins/nessus/33807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-632-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33807);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1721\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\", \"CVE-2008-5031\");\n script_xref(name:\"USN\", value:\"632-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : python2.4, python2.5 vulnerabilities (USN-632-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there were new integer overflows in the imageop\nmodule. If an attacker were able to trick a Python application into\nprocessing a specially crafted image, they could execute arbitrary\ncode with user privileges. (CVE-2008-1679)\n\nJustin Ferguson discovered that the zlib module did not correctly\nhandle certain archives. If an attacker were able to trick a Python\napplication into processing a specially crafted archive file, they\ncould execute arbitrary code with user privileges. (CVE-2008-1721)\n\nJustin Ferguson discovered that certain string manipulations in Python\ncould be made to overflow. If an attacker were able to pass a\nspecially crafted string through the PyString_FromStringAndSize\nfunction, they could execute arbitrary code with user privileges.\n(CVE-2008-1887)\n\nMultiple integer overflows were discovered in Python's core and\nmodules including hashlib, binascii, pickle, md5, stringobject,\nunicodeobject, bufferobject, longobject, tupleobject, stropmodule,\ngcmodule, and mmapmodule. If an attacker were able to exploit these\nflaws they could execute arbitrary code with user privileges or cause\nPython applications to crash, leading to a denial of service.\n(CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143,\nCVE-2008-3144).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/632-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"idle-python2.4\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dev\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-doc\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-examples\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-gdbm\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-tk\", pkgver:\"2.4.3-0ubuntu6.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-2ubuntu7.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-0ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-6ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-5ubuntu5.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"idle-python2.4\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"idle-python2.5\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-dev\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-doc\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-examples\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.5-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-dev\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-doc\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-examples\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.2-2ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"idle-python2.4 / idle-python2.5 / python2.4 / python2.4-dbg / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:06:43", "description": "This update of python fixes several security vulnerabilities.\n(CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)", "cvss3": {}, "published": "2009-07-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python (python-128)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python", "p-cpe:/a:novell:opensuse:python-32bit", "p-cpe:/a:novell:opensuse:python-curses", "p-cpe:/a:novell:opensuse:python-demo", "p-cpe:/a:novell:opensuse:python-devel", "p-cpe:/a:novell:opensuse:python-gdbm", "p-cpe:/a:novell:opensuse:python-idle", "p-cpe:/a:novell:opensuse:python-tk", "p-cpe:/a:novell:opensuse:python-xml", "cpe:/o:novell:opensuse:11.0"], "id": "SUSE_11_0_PYTHON-080801.NASL", "href": "https://www.tenable.com/plugins/nessus/40115", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update python-128.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40115);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n\n script_name(english:\"openSUSE Security Update : python (python-128)\");\n script_summary(english:\"Check for the python-128 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of python fixes several security vulnerabilities.\n(CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142,\nCVE-2008-3144, CVE-2008-2315, CVE-2008-2316)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=377090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=379121\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=379534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=406051\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-curses-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-demo-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-devel-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-gdbm-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-idle-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-tk-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"python-xml-2.5.2-26.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"python-32bit-2.5.2-26.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:01:01", "description": "Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows (CVE-2008-1679). This was due to an incomplete fix for CVE-2007-4965.\n\nDavid Remahl of Apple Product Security reported several integer overflows in a number of core modules (CVE-2008-2315). He also reported an integer overflow in the hashlib module on Python 2.5 that lead to unreliable cryptographic digest results (CVE-2008-2316).\n\nJustin Ferguson reported multiple buffer overflows in unicode string processing that affected 32bit systems (CVE-2008-3142).\n\nMultiple integer overflows were reported by the Google Security Team that had been fixed in Python 2.5.2 (CVE-2008-3143).\n\nJustin Ferguson reported a number of integer overflows and underflows in the PyOS_vsnprintf() function, as well as an off-by-one error when passing zero-length strings, that led to memory corruption (CVE-2008-3144).\n\nThe updated packages have been patched to correct these issues. As well, Python packages on Mandriva Linux 2007.1 and 2008.0 have been updated to version 2.5.2. Due to slight packaging changes on Mandriva Linux 2007.1, a new package is available (tkinter-apps) that contains binary files (such as /usr/bin/idle) that were previously in the tkinter package.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : python (MDVSA-2008:163)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-4965", "CVE-2008-1679", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64python2.5", "p-cpe:/a:mandriva:linux:lib64python2.5-devel", "p-cpe:/a:mandriva:linux:libpython2.5", "p-cpe:/a:mandriva:linux:libpython2.5-devel", "p-cpe:/a:mandriva:linux:python", "p-cpe:/a:mandriva:linux:python-base", "p-cpe:/a:mandriva:linux:python-docs", "p-cpe:/a:mandriva:linux:tkinter", "p-cpe:/a:mandriva:linux:tkinter-apps", "cpe:/o:mandriva:linux:2007.1", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2008.1"], "id": "MANDRIVA_MDVSA-2008-163.NASL", "href": "https://www.tenable.com/plugins/nessus/37212", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:163. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37212);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2008-1679\",\n \"CVE-2008-2315\",\n \"CVE-2008-2316\",\n \"CVE-2008-3142\",\n \"CVE-2008-3143\",\n \"CVE-2008-3144\"\n );\n script_bugtraq_id(\n 28715,\n 30491\n );\n script_xref(name:\"MDVSA\", value:\"2008:163\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2008:163)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflows in the imageop module in Python prior to\n2.5.3 allowed context-dependent attackers to cause a denial of service\n(crash) or possibly execute arbitrary code via crafted images that\ntrigger heap-based buffer overflows (CVE-2008-1679). This was due to\nan incomplete fix for CVE-2007-4965.\n\nDavid Remahl of Apple Product Security reported several integer\noverflows in a number of core modules (CVE-2008-2315). He also\nreported an integer overflow in the hashlib module on Python 2.5 that\nlead to unreliable cryptographic digest results (CVE-2008-2316).\n\nJustin Ferguson reported multiple buffer overflows in unicode string\nprocessing that affected 32bit systems (CVE-2008-3142).\n\nMultiple integer overflows were reported by the Google Security Team\nthat had been fixed in Python 2.5.2 (CVE-2008-3143).\n\nJustin Ferguson reported a number of integer overflows and underflows\nin the PyOS_vsnprintf() function, as well as an off-by-one error when\npassing zero-length strings, that led to memory corruption\n(CVE-2008-3144).\n\nThe updated packages have been patched to correct these issues. As\nwell, Python packages on Mandriva Linux 2007.1 and 2008.0 have been\nupdated to version 2.5.2. Due to slight packaging changes on Mandriva\nLinux 2007.1, a new package is available (tkinter-apps) that contains\nbinary files (such as /usr/bin/idle) that were previously in the\ntkinter package.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64python2.5-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64python2.5-devel-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libpython2.5-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libpython2.5-devel-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"python-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"python-base-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"python-docs-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tkinter-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tkinter-apps-2.5.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64python2.5-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64python2.5-devel-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpython2.5-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libpython2.5-devel-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-base-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"python-docs-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tkinter-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"tkinter-apps-2.5.2-2.2mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64python2.5-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64python2.5-devel-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libpython2.5-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libpython2.5-devel-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"python-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"python-base-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"python-docs-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tkinter-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"tkinter-apps-2.5.2-2.2mdv2008.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:25", "description": "This update of python fixes several security vulnerabilities.\n(CVE-2008-1679 / CVE-2008-1887 / CVE-2008-3143 / CVE-2008-3142 / CVE-2008-3144 / CVE-2008-2315 / CVE-2008-2316) Note: for SLE10 a non-security bug in mmap was fixed too.", "cvss3": {}, "published": "2008-08-17T00:00:00", "type": "nessus", "title": "SuSE 10 Security Update : Python (ZYPP Patch Number 5490)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_PYTHON-5490.NASL", "href": "https://www.tenable.com/plugins/nessus/33923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33923);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n\n script_name(english:\"SuSE 10 Security Update : Python (ZYPP Patch Number 5490)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of python fixes several security vulnerabilities.\n(CVE-2008-1679 / CVE-2008-1887 / CVE-2008-3143 / CVE-2008-3142 /\nCVE-2008-3144 / CVE-2008-2315 / CVE-2008-2316) Note: for SLE10 a\nnon-security bug in mmap was fixed too.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1679.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1887.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2315.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2316.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3142.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3144.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5490.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-curses-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-devel-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-gdbm-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-tk-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-xml-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-curses-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-devel-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-gdbm-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-tk-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"python-xml-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-curses-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-demo-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-devel-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-doc-2.4.2-18.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-doc-pdf-2.4.2-18.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-gdbm-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-idle-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-tk-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-xml-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-curses-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-demo-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-devel-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-doc-2.4.2-18.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-doc-pdf-2.4.2-18.19\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-gdbm-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-idle-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-tk-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"python-xml-2.4.2-18.22\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:40:39", "description": "This update of python fixes several security vulnerabilities.\n(CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)", "cvss3": {}, "published": "2008-08-17T00:00:00", "type": "nessus", "title": "openSUSE 10 Security Update : python (python-5491)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python", "p-cpe:/a:novell:opensuse:python-32bit", "p-cpe:/a:novell:opensuse:python-curses", "p-cpe:/a:novell:opensuse:python-demo", "p-cpe:/a:novell:opensuse:python-devel", "p-cpe:/a:novell:opensuse:python-gdbm", "p-cpe:/a:novell:opensuse:python-idle", "p-cpe:/a:novell:opensuse:python-tk", "p-cpe:/a:novell:opensuse:python-xml", "cpe:/o:novell:opensuse:10.2", "cpe:/o:novell:opensuse:10.3"], "id": "SUSE_PYTHON-5491.NASL", "href": "https://www.tenable.com/plugins/nessus/33924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update python-5491.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33924);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n\n script_name(english:\"openSUSE 10 Security Update : python (python-5491)\");\n script_summary(english:\"Check for the python-5491 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of python fixes several security vulnerabilities.\n(CVE-2008-1679,CVE-2008-1887, CVE-2008-3143, CVE-2008-3142,\nCVE-2008-3144, CVE-2008-2315, CVE-2008-2316)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-curses-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-demo-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-devel-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-gdbm-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-idle-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-tk-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-xml-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"python-32bit-2.5-19.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-curses-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-demo-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-devel-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-gdbm-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-idle-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-tk-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"python-xml-2.5.1-39.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"python-32bit-2.5.1-39.6\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T15:08:39", "description": "This update of python fixes several security vulnerabilities.\n(CVE-2008-1679 / CVE-2008-1887, CVE-2008-3143, CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)\n\nNote: for SLE10 a non-security bug in mmap was fixed too.", "cvss3": {}, "published": "2009-09-24T00:00:00", "type": "nessus", "title": "SuSE9 Security Update : Python (YOU Patch Number 12215)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-1679", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12215.NASL", "href": "https://www.tenable.com/plugins/nessus/41229", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41229);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-1679\", \"CVE-2008-1887\", \"CVE-2008-2315\", \"CVE-2008-2316\", \"CVE-2008-3142\", \"CVE-2008-3143\", \"CVE-2008-3144\");\n\n script_name(english:\"SuSE9 Security Update : Python (YOU Patch Number 12215)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of python fixes several security vulnerabilities.\n(CVE-2008-1679 / CVE-2008-1887, CVE-2008-3143, CVE-2008-3142,\nCVE-2008-3144, CVE-2008-2315, CVE-2008-2316)\n\nNote: for SLE10 a non-security bug in mmap was fixed too.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1679.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-1887.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2315.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2316.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3142.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3143.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3144.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12215.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cwe_id(119, 189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"python-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-curses-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-demo-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-devel-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-doc-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-doc-pdf-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-gdbm-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-idle-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-mpz-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-tk-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"python-xml-2.3.3-88.24\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"python-32bit-9-200808010009\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:51:24", "description": "Updated python packages fix security vulnerabilities :\n\nA vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912).\n\nThis updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules (CVE-2013-1752).\n\nDenial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules (CVE-2013-1752).\n\nA gzip bomb and unbound read denial of service flaw in python XMLRPC library (CVE-2013-1753).\n\nPython are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).\n\nThe CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root (CVE-2014-4650).\n\nPython before 2.7.8 is vulnerable to an integer overflow in the buffer type (CVE-2014-7185).\n\nWhen Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking (CVE-2014-9365).\n\nThe python-pip and tix packages was added due to missing build dependencies.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : python (MDVSA-2015:075)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-1912", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185", "CVE-2014-9365"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64python-devel", "p-cpe:/a:mandriva:linux:lib64python2.7", "p-cpe:/a:mandriva:linux:python", "p-cpe:/a:mandriva:linux:python-docs", "p-cpe:/a:mandriva:linux:python-pip", "p-cpe:/a:mandriva:linux:python3-pip", "p-cpe:/a:mandriva:linux:tix", "p-cpe:/a:mandriva:linux:tix-devel", "p-cpe:/a:mandriva:linux:tkinter", "p-cpe:/a:mandriva:linux:tkinter-apps", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-075.NASL", "href": "https://www.tenable.com/plugins/nessus/82328", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:075. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82328);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-1912\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\", \"CVE-2014-9365\");\n script_xref(name:\"MDVSA\", value:\"2015:075\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python (MDVSA-2015:075)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages fix security vulnerabilities :\n\nA vulnerability was reported in Python's socket module, due to a\nboundary error within the sock_recvfrom_into() function, which could\nbe exploited to cause a buffer overflow. This could be used to crash a\nPython application that uses the socket.recvfrom_info() function or,\npossibly, execute arbitrary code with the permissions of the user\nrunning vulnerable Python code (CVE-2014-1912).\n\nThis updates the python package to version 2.7.6, which fixes several\nother bugs, including denial of service flaws due to unbound\nreadline() calls in the ftplib and nntplib modules (CVE-2013-1752).\n\nDenial of service flaws due to unbound readline() calls in the\nimaplib, poplib, and smtplib modules (CVE-2013-1752).\n\nA gzip bomb and unbound read denial of service flaw in python XMLRPC\nlibrary (CVE-2013-1753).\n\nPython are susceptible to arbitrary process memory reading by a user\nor adversary due to a bug in the _json module caused by insufficient\nbounds checking. The bug is caused by allowing the user to supply a\nnegative value that is used an an array index, causing the scanstring\nfunction to access process memory outside of the string it is intended\nto access (CVE-2014-4616).\n\nThe CGIHTTPServer Python module does not properly handle URL-encoded\npath separators in URLs. This may enable attackers to disclose a CGI\nscript's source code or execute arbitrary scripts in the server's\ndocument root (CVE-2014-4650).\n\nPython before 2.7.8 is vulnerable to an integer overflow in the buffer\ntype (CVE-2014-7185).\n\nWhen Python's standard library HTTP clients (httplib, urllib, urllib2,\nxmlrpclib) are used to access resources with HTTPS, by default the\ncertificate is not checked against any trust store, nor is the\nhostname in the certificate checked against the requested host. It was\npossible to configure a trust root to be checked against, however\nthere were no faculties for hostname checking (CVE-2014-9365).\n\nThe python-pip and tix packages was added due to missing build\ndependencies.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0085.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0139.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0285.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0399.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-pip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python3-pip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tix-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter-apps\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64python-devel-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64python2.7-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"python-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python-docs-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python-pip-1.4.1-4.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"python3-pip-1.4.1-4.2.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tix-8.4.3-9.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tix-devel-8.4.3-9.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tkinter-2.7.9-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"tkinter-apps-2.7.9-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:41:44", "description": "This update to python 2.6.8 fixes the following bugs, among others :\n\n - XMLRPC Server DoS. (CVE-2012-0845, bnc#747125)\n\n - hash randomization issues. (CVE-2012-1150, bnc#751718)\n\n - insecure creation of .pypirc. (CVE-2011-4944, bnc#754447)\n\n - SimpleHTTPServer XSS. (CVE-2011-1015, bnc#752375)\n\n - functions can accept unicode kwargs. (bnc#744287)\n\n - python MainThread lacks ident. (bnc#754547)\n\n - TypeError: waitpid() takes no keyword arguments.\n (bnc#751714)\n\n - Source code exposure in CGIHTTPServer module.\n (CVE-2011-1015, bnc#674646)\n\n - Insecure redirect processing in urllib2 (CVE-2011-1521, bnc#682554) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes.\n\nTo enable the hash seed randomization you can use: - pass -R to the python interpreter commandline. - set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT.\n\nIn generally enabling this is only needed when malicious third parties can inject values into your hash tables.\n\nThe update to 2.6.8 also provides many compatibility fixes with OpenStack.", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1015", "CVE-2011-1521", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0", "p-cpe:/a:novell:suse_linux:11:python", "p-cpe:/a:novell:suse_linux:11:python-base", "p-cpe:/a:novell:suse_linux:11:python-curses", "p-cpe:/a:novell:suse_linux:11:python-demo", "p-cpe:/a:novell:suse_linux:11:python-devel", "p-cpe:/a:novell:suse_linux:11:python-doc", "p-cpe:/a:novell:suse_linux:11:python-doc-pdf", "p-cpe:/a:novell:suse_linux:11:python-gdbm", "p-cpe:/a:novell:suse_linux:11:python-idle", "p-cpe:/a:novell:suse_linux:11:python-tk", "p-cpe:/a:novell:suse_linux:11:python-xml", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_PYTHON-RANDOMISATION-UPDATE-120517.NASL", "href": "https://www.tenable.com/plugins/nessus/64221", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64221);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4944\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n\n script_name(english:\"SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to python 2.6.8 fixes the following bugs, among others :\n\n - XMLRPC Server DoS. (CVE-2012-0845, bnc#747125)\n\n - hash randomization issues. (CVE-2012-1150, bnc#751718)\n\n - insecure creation of .pypirc. (CVE-2011-4944,\n bnc#754447)\n\n - SimpleHTTPServer XSS. (CVE-2011-1015, bnc#752375)\n\n - functions can accept unicode kwargs. (bnc#744287)\n\n - python MainThread lacks ident. (bnc#754547)\n\n - TypeError: waitpid() takes no keyword arguments.\n (bnc#751714)\n\n - Source code exposure in CGIHTTPServer module.\n (CVE-2011-1015, bnc#674646)\n\n - Insecure redirect processing in urllib2 (CVE-2011-1521,\n bnc#682554) The hash randomization fix is by default\n disabled to keep compatibility with existing python code\n when it extracts hashes.\n\nTo enable the hash seed randomization you can use: - pass -R to the\npython interpreter commandline. - set the environment variable\nPYTHONHASHSEED=random to enable it for programs. You can also set this\nenvironment variable to a fixed hash seed by specifying a integer\nvalue between 0 and MAX_UINT.\n\nIn generally enabling this is only needed when malicious third parties\ncan inject values into your hash tables.\n\nThe update to 2.6.8 also provides many compatibility fixes with\nOpenStack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=744287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=748079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=751714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=751718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1521.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4944.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0845.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1150.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6310.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libpython2_6-1_0-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-base-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-curses-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-devel-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-tk-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"python-xml-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"libpython2_6-1_0-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"python-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"python-base-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"python-curses-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"python-demo-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"python-doc-2.6-8.13.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"python-doc-pdf-2.6-8.13.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"python-gdbm-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"python-idle-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"python-tk-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"i586\", reference:\"python-xml-2.6.8-0.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:32:25", "description": "Niels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04.\n(CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the '-R' command line option and honors setting the PYTHONHASHSEED environment variable to 'random' to salt str and datetime objects with an unpredictable value.\n(CVE-2012-1150).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-10-03T00:00:00", "type": "nessus", "title": "Ubuntu 11.04 / 11.10 : python2.7 vulnerabilities (USN-1592-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1521", "CVE-2011-4940", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python2.7", "p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:11.10"], "id": "UBUNTU_USN-1592-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62410", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1592-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62410);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2011-1521\", \"CVE-2011-4940\", \"CVE-2011-4944\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n script_bugtraq_id(47024, 51239, 51996, 52732, 54083);\n script_xref(name:\"USN\", value:\"1592-1\");\n\n script_name(english:\"Ubuntu 11.04 / 11.10 : python2.7 vulnerabilities (USN-1592-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Niels Heinen discovered that the urllib and urllib2 modules would\nprocess Location headers that specify a redirection to file: URLs. A\nremote attacker could exploit this to obtain sensitive information or\ncause a denial of service. This issue only affected Ubuntu 11.04.\n(CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset\nparameter in the Content-Type HTTP header. An attacker could\npotentially exploit this to conduct cross-site scripting (XSS) attacks\nagainst Internet Explorer 7 users. This issue only affected Ubuntu\n11.04. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition\nwhen creating the ~/.pypirc file. A local attacker could exploit this\nto obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate\nits input when handling HTTP POST requests. A remote attacker could\nexploit this to cause a denial of service via excessive CPU\nutilization. (CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm\nattacks. An attacker could cause a denial of service under certian\ncircumstances. This update adds the '-R' command line option and\nhonors setting the PYTHONHASHSEED environment variable to 'random' to\nsalt str and datetime objects with an unpredictable value.\n(CVE-2012-1150).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1592-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python2.7 and / or python2.7-minimal packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.04|11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.04 / 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.04\", pkgname:\"python2.7\", pkgver:\"2.7.1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.1-5ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"python2.7\", pkgver:\"2.7.2-5ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.2-5ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2.7 / python2.7-minimal\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:40:15", "description": "This update to python 2.6.8 fixes the following bugs, among others :\n\n - XMLRPC Server DoS. (CVE-2012-0845, bnc#747125)\n\n - hash randomization issues. (CVE-2012-1150, bnc#751718)\n\n - insecure creation of .pypirc. (CVE-2011-4944, bnc#754447)\n\n - SimpleHTTPServer XSS. (CVE-2011-1015, bnc#752375)\n\n - functions can accept unicode kwargs. (bnc#744287)\n\n - python MainThread lacks ident. (bnc#754547)\n\n - TypeError: waitpid() takes no keyword arguments.\n (bnc#751714)\n\n - Source code exposure in CGIHTTPServer module.\n (CVE-2011-1015, bnc#674646)\n\n - Insecure redirect processing in urllib2 (CVE-2011-1521, bnc#682554) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes.\n\nTo enable the hash seed randomization you can use: - pass -R to the python interpreter commandline. - set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT.\n\nIn generally enabling this is only needed when malicious third parties can inject values into your hash tables.\n\nThe update to 2.6.8 also provides many compatibility fixes with OpenStack.", "cvss3": {}, "published": "2013-01-25T00:00:00", "type": "nessus", "title": "SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1015", "CVE-2011-1521", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0", "p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0-32bit", "p-cpe:/a:novell:suse_linux:11:python", "p-cpe:/a:novell:suse_linux:11:python-32bit", "p-cpe:/a:novell:suse_linux:11:python-base", "p-cpe:/a:novell:suse_linux:11:python-base-32bit", "p-cpe:/a:novell:suse_linux:11:python-curses", "p-cpe:/a:novell:suse_linux:11:python-demo", "p-cpe:/a:novell:suse_linux:11:python-devel", "p-cpe:/a:novell:suse_linux:11:python-doc", "p-cpe:/a:novell:suse_linux:11:python-doc-pdf", "p-cpe:/a:novell:suse_linux:11:python-gdbm", "p-cpe:/a:novell:suse_linux:11:python-idle", "p-cpe:/a:novell:suse_linux:11:python-tk", "p-cpe:/a:novell:suse_linux:11:python-xml", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_PYTHON-RANDOMISATION-UPDATE-120516.NASL", "href": "https://www.tenable.com/plugins/nessus/64220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64220);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2011-1015\", \"CVE-2011-1521\", \"CVE-2011-4944\", \"CVE-2012-0845\", \"CVE-2012-1150\");\n\n script_name(english:\"SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update to python 2.6.8 fixes the following bugs, among others :\n\n - XMLRPC Server DoS. (CVE-2012-0845, bnc#747125)\n\n - hash randomization issues. (CVE-2012-1150, bnc#751718)\n\n - insecure creation of .pypirc. (CVE-2011-4944,\n bnc#754447)\n\n - SimpleHTTPServer XSS. (CVE-2011-1015, bnc#752375)\n\n - functions can accept unicode kwargs. (bnc#744287)\n\n - python MainThread lacks ident. (bnc#754547)\n\n - TypeError: waitpid() takes no keyword arguments.\n (bnc#751714)\n\n - Source code exposure in CGIHTTPServer module.\n (CVE-2011-1015, bnc#674646)\n\n - Insecure redirect processing in urllib2 (CVE-2011-1521,\n bnc#682554) The hash randomization fix is by default\n disabled to keep compatibility with existing python code\n when it extracts hashes.\n\nTo enable the hash seed randomization you can use: - pass -R to the\npython interpreter commandline. - set the environment variable\nPYTHONHASHSEED=random to enable it for programs. You can also set this\nenvironment variable to a fixed hash seed by specifying a integer\nvalue between 0 and MAX_UINT.\n\nIn generally enabling this is only needed when malicious third parties\ncan inject values into your hash tables.\n\nThe update to 2.6.8 also provides many compatibility fixes with\nOpenStack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=744287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=747125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=748079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=751714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=751718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=752375\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=754547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1521.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-4944.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0845.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-1150.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 6310.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpython2_6-1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpython2_6-1_0-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libpython2_6-1_0-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-base-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-base-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-curses-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-devel-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-tk-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"python-xml-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libpython2_6-1_0-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libpython2_6-1_0-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-base-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-base-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-curses-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-demo-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-doc-2.6-8.13.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-doc-pdf-2.6-8.13.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-gdbm-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-idle-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-tk-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"python-xml-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libpython2_6-1_0-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libpython2_6-1_0-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-base-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-base-32bit-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-curses-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-demo-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-doc-2.6-8.13.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-doc-pdf-2.6-8.13.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-gdbm-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-idle-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-tk-2.6.8-0.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"python-xml-2.6.8-0.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-01-11T14:56:29", "description": "It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a certain argument. An attacker could possibly use this issue to read arbitrary memory and expose sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled URL-encoded path separators in URLs. A remote attacker could use this issue to expose sensitive information, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in buffer functions. An attacker could possibly use this issue to read arbitrary memory and obtain sensitive information. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-06-26T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2014-4616", "CVE-2014-4650", "CVE-2014-7185"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python2.7", "p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.2", "p-cpe:/a:canonical:ubuntu_linux:python3.2-minimal", "p-cpe:/a:canonical:ubuntu_linux:python3.4", "p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2653-1.NASL", "href": "https://www.tenable.com/plugins/nessus/84428", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2653-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84428);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2014-4616\", \"CVE-2014-4650\", \"CVE-2014-7185\");\n script_bugtraq_id(63804, 66958, 68119, 68147, 70089);\n script_xref(name:\"USN\", value:\"2653-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : python2.7, python3.2, python3.4 vulnerabilities (USN-2653-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that multiple Python protocol libraries incorrectly\nlimited certain data when connecting to servers. A malicious ftp,\nhttp, imap, nntp, pop or smtp server could use this issue to cause a\ndenial of service. (CVE-2013-1752)\n\nIt was discovered that the Python xmlrpc library did not limit\nunpacking gzip-compressed HTTP bodies. A malicious server could use\nthis issue to cause a denial of service. (CVE-2013-1753)\n\nIt was discovered that the Python json module incorrectly handled a\ncertain argument. An attacker could possibly use this issue to read\narbitrary memory and expose sensitive information. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-4616)\n\nIt was discovered that the Python CGIHTTPServer incorrectly handled\nURL-encoded path separators in URLs. A remote attacker could use this\nissue to expose sensitive information, or possibly execute arbitrary\ncode. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-4650)\n\nIt was discovered that Python incorrectly handled sizes and offsets in\nbuffer functions. An attacker could possibly use this issue to read\narbitrary memory and obtain sensitive information. This issue only\naffected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-7185).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2653-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.2-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2021 Canonical, Inc. / NASL script (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python2.7\", pkgver:\"2.7.3-0ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.3-0ubuntu3.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python3.2\", pkgver:\"3.2.3-0ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"python3.2-minimal\", pkgver:\"3.2.3-0ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7\", pkgver:\"2.7.6-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.6-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4\", pkgver:\"3.4.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python3.4-minimal\", pkgver:\"3.4.0-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python2.7\", pkgver:\"2.7.8-10ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python2.7-minimal\", pkgver:\"2.7.8-10ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python3.4\", pkgver:\"3.4.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"python3.4-minimal\", pkgver:\"3.4.2-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2.7 / python2.7-minimal / python3.2 / python3.2-minimal / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-18T14:32:22", "description": "Python was updated to 3.3.5 fixing bugs and security issues :\n\n - bugfix-only release, closes several security bugs\n\n - CVE-2013-1752 (bnc#856836) - DoS flaws with unbounded reads from network\n\n - disable SSLv2 by default\n\n - DoS on maliciously crafted zip files (CVE-2013-7338, bnc#869222)\n\n - CGIHttpRequestHandler directory traversal\n\n - gzip decompression bomb in xmlrpc client (CVE-2013-1753, bnc#856835) xmlrpc_gzip_33.patch\n\n - potential buffer overflow in recvfrom_into (CVE-2014-1912, bnc#863741)\n\n - hundreds of non-security-related bugfixes", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : python3 (openSUSE-SU-2014:0498-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1752", "CVE-2013-1753", "CVE-2013-4238", "CVE-2013-7338", "CVE-2014-1912"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpython3_3m1_0", "p-cpe:/a:novell:opensuse:libpython3_3m1_0-32bit", "p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo", "p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python3", "p-cpe:/a:novell:opensuse:python3-32bit", "p-cpe:/a:novell:opensuse:python3-base", "p-cpe:/a:novell:opensuse:python3-base-32bit", "p-cpe:/a:novell:opensuse:python3-base-debuginfo", "p-cpe:/a:novell:opensuse:python3-base-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python3-base-debugsource", "p-cpe:/a:novell:opensuse:python3-curses", "p-cpe:/a:novell:opensuse:python3-curses-debuginfo", "p-cpe:/a:novell:opensuse:python3-dbm", "p-cpe:/a:novell:opensuse:python3-dbm-debuginfo", "p-cpe:/a:novell:opensuse:python3-debuginfo", "p-cpe:/a:novell:opensuse:python3-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python3-debugsource", "p-cpe:/a:novell:opensuse:python3-devel", "p-cpe:/a:novell:opensuse:python3-devel-debuginfo", "p-cpe:/a:novell:opensuse:python3-doc-pdf", "p-cpe:/a:novell:opensuse:python3-idle", "p-cpe:/a:novell:opensuse:python3-testsuite", "p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo", "p-cpe:/a:novell:opensuse:python3-tk", "p-cpe:/a:novell:opensuse:python3-tk-debuginfo", "p-cpe:/a:novell:opensuse:python3-tools", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-278.NASL", "href": "https://www.tenable.com/plugins/nessus/75315", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-278.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75315);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-1752\", \"CVE-2013-1753\", \"CVE-2013-4238\", \"CVE-2013-7338\", \"CVE-2014-1912\");\n\n script_name(english:\"openSUSE Security Update : python3 (openSUSE-SU-2014:0498-1)\");\n script_summary(english:\"Check for the openSUSE-2014-278 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Python was updated to 3.3.5 fixing bugs and security issues :\n\n - bugfix-only release, closes several security bugs\n\n - CVE-2013-1752 (bnc#856836) - DoS flaws with unbounded\n reads from network\n\n - disable SSLv2 by default\n\n - DoS on maliciously crafted zip files (CVE-2013-7338,\n bnc#869222)\n\n - CGIHttpRequestHandler directory traversal\n\n - gzip decompression bomb in xmlrpc client (CVE-2013-1753,\n bnc#856835) xmlrpc_gzip_33.patch\n\n - potential buffer overflow in recvfrom_into\n (CVE-2014-1912, bnc#863741)\n\n - hundreds of non-security-related bugfixes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863741\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=869222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-04/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-dbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-dbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython3_3m1_0-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libpython3_3m1_0-debuginfo-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-base-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-base-debuginfo-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-base-debugsource-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-curses-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-curses-debuginfo-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-dbm-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-dbm-debuginfo-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-debuginfo-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-debugsource-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-devel-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-devel-debuginfo-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-doc-pdf-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-idle-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-testsuite-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-testsuite-debuginfo-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-tk-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-tk-debuginfo-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python3-tools-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython3_3m1_0-32bit-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"libpython3_3m1_0-debuginfo-32bit-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-32bit-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-base-32bit-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-base-debuginfo-32bit-3.3.5-5.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"python3-debuginfo-32bit-3.3.5-5.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:30:39", "description": "Multiple vulnerabilities has been discovered and corrected in python :\n\nThe _ssl module would always disable the CBC IV attack countermeasure (CVE-2011-3389).\n\nA race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories (CVE-2011-4944).\n\nA flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer (CVE-2012-0845).\n\nHash table collisions CPU usage DoS for the embedded copy of expat (CVE-2012-0876).\n\nA denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an arra

SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)

Description

Related