This update for python3 fixes the following issues :
Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP.
Change setuptools and pip version numbers according to new wheels
Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738)
add triplets for mips-r6 and riscv
RISC-V needs CTYPES_PASS_BY_REF_HACK
Update to 3.6.12 (bsc#1179193)
Ensure python3.dll is loaded from correct locations when Python is embedded
The hash() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).
Prevent http header injection by rejecting control characters in http.client.putrequest(�).
Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing.
Avoid infinite loop when reading specially crafted TAR files using the tarfile module
This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091).
Update to 3.6.11 :
Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks.
Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094)
CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:3930-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(144586);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/31");
script_cve_id(
"CVE-2019-16935",
"CVE-2019-18348",
"CVE-2019-20907",
"CVE-2019-5010",
"CVE-2020-14422",
"CVE-2020-26116",
"CVE-2020-27619",
"CVE-2020-8492"
);
script_name(english:"SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3930-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for python3 fixes the following issues :
Fixed CVE-2020-27619 (bsc#1178009), where
Lib/test/multibytecodec_support calls eval() on content retrieved via
HTTP.
Change setuptools and pip version numbers according to new wheels
Handful of changes to make python36 compatible with SLE15 and SLE12
(jsc#ECO-2799, jsc#SLE-13738)
add triplets for mips-r6 and riscv
RISC-V needs CTYPES_PASS_BY_REF_HACK
Update to 3.6.12 (bsc#1179193)
Ensure python3.dll is loaded from correct locations when Python is
embedded
The __hash__() methods of ipaddress.IPv4Interface and
ipaddress.IPv6Interface incorrectly generated constant hash values of
32 and 128 respectively. This resulted in always causing hash
collisions. The fix uses hash() to generate hash values for the tuple
of (address, mask length, network address).
Prevent http header injection by rejecting control characters in
http.client.putrequest(…).
Unpickling invalid NEWOBJ_EX opcode with the C implementation raises
now UnpicklingError instead of crashing.
Avoid infinite loop when reading specially crafted TAR files using the
tarfile module
This release also fixes CVE-2020-26116 (bsc#1177211) and
CVE-2019-20907 (bsc#1174091).
Update to 3.6.11 :
Disallow CR or LF in email.headerregistry. Address arguments to guard
against header injection attacks.
Disallow control characters in hostnames in http.client, addressing
CVE-2019-18348. Such potentially malicious header injection URLs now
cause a InvalidURL to be raised. (bsc#1155094)
CVE-2020-8492: The AbstractBasicAuthHandler class of the
urllib.request module uses an inefficient regular expression which can
be exploited by an attacker to cause a denial of service. Fix the
regex to prevent the catastrophic backtracking. Vulnerability reported
by Ben Caller and Matt Schwager.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1155094");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1174091");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1174571");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1174701");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1177211");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1178009");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1179193");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1179630");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-16935/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-18348/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-20907/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-5010/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-14422/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26116/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-27619/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-8492/");
# https://www.suse.com/support/update/announcement/2020/suse-su-20203930-1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?825c06e1");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server for SAP 15 :
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3930=1
SUSE Linux Enterprise Server 15-LTSS :
zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3930=1
SUSE Linux Enterprise Module for Development Tools 15-SP3 :
zypper in -t patch
SUSE-SLE-Module-Development-Tools-15-SP3-2020-3930=1
SUSE Linux Enterprise Module for Development Tools 15-SP2 :
zypper in -t patch
SUSE-SLE-Module-Development-Tools-15-SP2-2020-3930=1
SUSE Linux Enterprise Module for Development Tools 15-SP1 :
zypper in -t patch
SUSE-SLE-Module-Development-Tools-15-SP1-2020-3930=1
SUSE Linux Enterprise Module for Basesystem 15-SP3 :
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2020-3930=1
SUSE Linux Enterprise Module for Basesystem 15-SP2 :
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3930=1
SUSE Linux Enterprise Module for Basesystem 15-SP1 :
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3930=1
SUSE Linux Enterprise High Performance Computing 15-LTSS :
zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3930=1
SUSE Linux Enterprise High Performance Computing 15-ESPOS :
zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3930=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27619");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/28");
script_set_attribute(attribute:"patch_publication_date", value:"2020/12/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/12/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-curses");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-curses-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-dbm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-dbm-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-idle");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-testsuite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-tk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-tk-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1|2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1/2/3", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(1|2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1/2/3", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"1", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-testsuite-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-testsuite-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | libpython3_6m1_0 | p-cpe:/a:novell:suse_linux:libpython3_6m1_0 |
novell | suse_linux | libpython3_6m1_0-debuginfo | p-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo |
novell | suse_linux | python3 | p-cpe:/a:novell:suse_linux:python3 |
novell | suse_linux | python3-base | p-cpe:/a:novell:suse_linux:python3-base |
novell | suse_linux | python3-curses | p-cpe:/a:novell:suse_linux:python3-curses |
novell | suse_linux | python3-curses-debuginfo | p-cpe:/a:novell:suse_linux:python3-curses-debuginfo |
novell | suse_linux | python3-dbm | p-cpe:/a:novell:suse_linux:python3-dbm |
novell | suse_linux | python3-dbm-debuginfo | p-cpe:/a:novell:suse_linux:python3-dbm-debuginfo |
novell | suse_linux | python3-debuginfo | p-cpe:/a:novell:suse_linux:python3-debuginfo |
novell | suse_linux | python3-debugsource | p-cpe:/a:novell:suse_linux:python3-debugsource |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18348
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20907
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5010
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14422
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8492
www.nessus.org/u?825c06e1
bugzilla.suse.com/show_bug.cgi?id=1155094
bugzilla.suse.com/show_bug.cgi?id=1174091
bugzilla.suse.com/show_bug.cgi?id=1174571
bugzilla.suse.com/show_bug.cgi?id=1174701
bugzilla.suse.com/show_bug.cgi?id=1177211
bugzilla.suse.com/show_bug.cgi?id=1178009
bugzilla.suse.com/show_bug.cgi?id=1179193
bugzilla.suse.com/show_bug.cgi?id=1179630
www.suse.com/security/cve/CVE-2019-16935/
www.suse.com/security/cve/CVE-2019-18348/
www.suse.com/security/cve/CVE-2019-20907/
www.suse.com/security/cve/CVE-2019-5010/
www.suse.com/security/cve/CVE-2020-14422/
www.suse.com/security/cve/CVE-2020-26116/
www.suse.com/security/cve/CVE-2020-27619/
www.suse.com/security/cve/CVE-2020-8492/