Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2020-3930-1.NASL
HistoryDec 24, 2020 - 12:00 a.m.

SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3930-1)

2020-12-2400:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
33

7.3 High

AI Score

Confidence

High

JSON

This update for python3 fixes the following issues :

Fixed CVE-2020-27619 (bsc#1178009), where Lib/test/multibytecodec_support calls eval() on content retrieved via HTTP.

Change setuptools and pip version numbers according to new wheels

Handful of changes to make python36 compatible with SLE15 and SLE12 (jsc#ECO-2799, jsc#SLE-13738)

add triplets for mips-r6 and riscv

RISC-V needs CTYPES_PASS_BY_REF_HACK

Update to 3.6.12 (bsc#1179193)

Ensure python3.dll is loaded from correct locations when Python is embedded

The hash() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).

Prevent http header injection by rejecting control characters in http.client.putrequest(�).

Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing.

Avoid infinite loop when reading specially crafted TAR files using the tarfile module

This release also fixes CVE-2020-26116 (bsc#1177211) and CVE-2019-20907 (bsc#1174091).

Update to 3.6.11 :

Disallow CR or LF in email.headerregistry. Address arguments to guard against header injection attacks.

Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. (bsc#1155094)

CVE-2020-8492: The AbstractBasicAuthHandler class of the urllib.request module uses an inefficient regular expression which can be exploited by an attacker to cause a denial of service. Fix the regex to prevent the catastrophic backtracking. Vulnerability reported by Ben Caller and Matt Schwager.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:3930-1.
# The text itself is copyright (C) SUSE.
#

include('compat.inc');

if (description)
{
  script_id(144586);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/31");

  script_cve_id(
    "CVE-2019-16935",
    "CVE-2019-18348",
    "CVE-2019-20907",
    "CVE-2019-5010",
    "CVE-2020-14422",
    "CVE-2020-26116",
    "CVE-2020-27619",
    "CVE-2020-8492"
  );

  script_name(english:"SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:3930-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"This update for python3 fixes the following issues :

Fixed CVE-2020-27619 (bsc#1178009), where
Lib/test/multibytecodec_support calls eval() on content retrieved via
HTTP.

Change setuptools and pip version numbers according to new wheels

Handful of changes to make python36 compatible with SLE15 and SLE12
(jsc#ECO-2799, jsc#SLE-13738)

add triplets for mips-r6 and riscv

RISC-V needs CTYPES_PASS_BY_REF_HACK

Update to 3.6.12 (bsc#1179193)

Ensure python3.dll is loaded from correct locations when Python is
embedded

The __hash__() methods of ipaddress.IPv4Interface and
ipaddress.IPv6Interface incorrectly generated constant hash values of
32 and 128 respectively. This resulted in always causing hash
collisions. The fix uses hash() to generate hash values for the tuple
of (address, mask length, network address).

Prevent http header injection by rejecting control characters in
http.client.putrequest(…).

Unpickling invalid NEWOBJ_EX opcode with the C implementation raises
now UnpicklingError instead of crashing.

Avoid infinite loop when reading specially crafted TAR files using the
tarfile module

This release also fixes CVE-2020-26116 (bsc#1177211) and
CVE-2019-20907 (bsc#1174091).

Update to 3.6.11 :

Disallow CR or LF in email.headerregistry. Address arguments to guard
against header injection attacks.

Disallow control characters in hostnames in http.client, addressing
CVE-2019-18348. Such potentially malicious header injection URLs now
cause a InvalidURL to be raised. (bsc#1155094)

CVE-2020-8492: The AbstractBasicAuthHandler class of the
urllib.request module uses an inefficient regular expression which can
be exploited by an attacker to cause a denial of service. Fix the
regex to prevent the catastrophic backtracking. Vulnerability reported
by Ben Caller and Matt Schwager.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1155094");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1174091");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1174571");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1174701");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1177211");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1178009");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1179193");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1179630");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-16935/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-18348/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-20907/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-5010/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-14422/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-26116/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-27619/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-8492/");
  # https://www.suse.com/support/update/announcement/2020/suse-su-20203930-1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?825c06e1");
  script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 15 :

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3930=1

SUSE Linux Enterprise Server 15-LTSS :

zypper in -t patch SUSE-SLE-Product-SLES-15-2020-3930=1

SUSE Linux Enterprise Module for Development Tools 15-SP3 :

zypper in -t patch
SUSE-SLE-Module-Development-Tools-15-SP3-2020-3930=1

SUSE Linux Enterprise Module for Development Tools 15-SP2 :

zypper in -t patch
SUSE-SLE-Module-Development-Tools-15-SP2-2020-3930=1

SUSE Linux Enterprise Module for Development Tools 15-SP1 :

zypper in -t patch
SUSE-SLE-Module-Development-Tools-15-SP1-2020-3930=1

SUSE Linux Enterprise Module for Basesystem 15-SP3 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2020-3930=1

SUSE Linux Enterprise Module for Basesystem 15-SP2 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3930=1

SUSE Linux Enterprise Module for Basesystem 15-SP1 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-3930=1

SUSE Linux Enterprise High Performance Computing 15-LTSS :

zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3930=1

SUSE Linux Enterprise High Performance Computing 15-ESPOS :

zypper in -t patch SUSE-SLE-Product-HPC-15-2020-3930=1");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27619");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/12/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/12/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-curses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-curses-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-dbm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-dbm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-idle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-testsuite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-tk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-tk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1|2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1/2/3", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(1|2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1/2/3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"1", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-testsuite-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"3", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", cpu:"s390x", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-testsuite-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"3", reference:"python3-tools-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"libpython3_6m1_0-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"libpython3_6m1_0-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-base-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-curses-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-curses-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-dbm-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-dbm-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-debugsource-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-devel-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-devel-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-idle-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-tk-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-tk-debuginfo-3.6.12-3.67.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"python3-tools-3.6.12-3.67.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3");
}
VendorProductVersionCPE
novellsuse_linuxlibpython3_6m1_0p-cpe:/a:novell:suse_linux:libpython3_6m1_0
novellsuse_linuxlibpython3_6m1_0-debuginfop-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo
novellsuse_linuxpython3p-cpe:/a:novell:suse_linux:python3
novellsuse_linuxpython3-basep-cpe:/a:novell:suse_linux:python3-base
novellsuse_linuxpython3-cursesp-cpe:/a:novell:suse_linux:python3-curses
novellsuse_linuxpython3-curses-debuginfop-cpe:/a:novell:suse_linux:python3-curses-debuginfo
novellsuse_linuxpython3-dbmp-cpe:/a:novell:suse_linux:python3-dbm
novellsuse_linuxpython3-dbm-debuginfop-cpe:/a:novell:suse_linux:python3-dbm-debuginfo
novellsuse_linuxpython3-debuginfop-cpe:/a:novell:suse_linux:python3-debuginfo
novellsuse_linuxpython3-debugsourcep-cpe:/a:novell:suse_linux:python3-debugsource
Rows per page:
1-10 of 181

References

Related

suse 2
nessus 84
openvas 47
redhat 8
almalinux 3
oraclelinux 5
freebsd 2
ibm 3
mageia 1
archlinux 1
cloudlinux 2
amazon 6
fedora 13
centos 2
osv 6
ubuntu 4
cloudfoundry 2
gentoo 2
debian 2
rocky 1
rosalinux 1
prion 1
cbl_mariner 1
suse
suse
Security update for python3 (important)
2020-12-26 00:00:00
Security update for python3 (important)
2020-12-26 00:00:00
nessus
nessus
openSUSE Security Update : python3 (openSUSE-2020-2333)
2021-01-25 00:00:00
openSUSE Security Update : python3 (openSUSE-2020-2332)
2021-01-25 00:00:00
RHEL 6 / 7 : rh-python36 (RHSA-2020:4285)
2023-01-23 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:3930-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2021-1623)
2021-03-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3563-1)
2021-04-19 00:00:00
redhat
redhat
(RHSA-2020:4285) Moderate: rh-python36 security, bug fix, and enhancement update
2020-10-19 17:43:31
(RHSA-2020:4433) Moderate: python3 security and bug fix update
2020-11-03 12:04:08
(RHSA-2020:4273) Moderate: python27 security, bug fix, and enhancement update
2020-10-20 15:44:20
almalinux
almalinux
Moderate: python3 security and bug fix update
2020-11-03 12:04:08
Moderate: python38:3.8 security, bug fix, and enhancement update
2020-11-03 12:23:02
Moderate: python3 security update
2021-05-18 05:42:46
oraclelinux
oraclelinux
python3 security and bug fix update
2020-11-10 00:00:00
python3 security update
2020-11-13 00:00:00
python3 security update
2020-10-06 00:00:00
freebsd
freebsd
Python -- multiple vulnerabilities
2020-08-19 00:00:00
Python -- multiple vulnerabilities
2019-10-24 00:00:00
ibm
ibm
Security Bulletin: Security vulnerabilities in Python3 affect IBM Cloud Pak for Multicloud Management Hybrid GRC.
2021-02-04 21:29:35
Security Bulletin: Streams service for IBM Cloud Pak for Data might be affected by some underlying Python vulnerabilities
2021-06-16 19:01:03
Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
2022-10-18 14:58:51
mageia
mageia
Updated python and python3 packages fix security vulnerabilities
2020-12-08 13:40:32
archlinux
archlinux
[ASA-202103-27] python2: multiple issues
2021-03-25 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2020-26116, CVE-2020-8492, CVE-2018-20852, CVE-2020-27619
2021-10-05 14:07:59
Fix of CVE: CVE-2018-20852, CVE-2020-8492, CVE-2020-26116, CVE-2020-27619
2021-09-23 12:55:16
amazon
amazon
Medium: python3
2021-06-16 20:37:00
Medium: python27, python34, python35, python36
2020-07-27 23:54:00
Medium: python34, python35, python36
2020-09-03 22:08:00
fedora
fedora
[SECURITY] Fedora 31 Update: python38-3.8.5-1.fc31
2020-07-30 19:09:05
[SECURITY] Fedora 32 Update: python3-3.8.5-1.fc32
2020-07-30 18:57:25
[SECURITY] Fedora 32 Update: python36-3.6.11-1.fc32
2020-07-04 01:14:28
centos
centos
python3 security update
2020-11-18 17:23:37
python3 security update
2020-10-20 18:48:39
osv
osv
python2.7, python3.7, python3.8 vulnerabilities
2021-03-12 14:07:56
python3.5 - security update
2020-11-18 00:00:00
Moderate: python38:3.8 security, bug fix, and enhancement update
2020-11-03 12:23:02
ubuntu
ubuntu
Python vulnerabilities
2020-04-21 00:00:00
Python vulnerabilities
2020-04-30 00:00:00
Python vulnerabilities
2021-03-12 00:00:00
cloudfoundry
cloudfoundry
USN-4333-1: Python vulnerabilities | Cloud Foundry
2020-05-14 00:00:00
USN-4428-1: Python vulnerabilities | Cloud Foundry
2020-08-27 00:00:00
gentoo
gentoo
Python: Multiple vulnerabilities
2020-08-02 00:00:00
GNAT Ada Suite: Remote Code Execution
2024-02-03 00:00:00
debian
debian
[SECURITY] [DLA 2456-1] python3.5 security update
2020-11-19 03:44:14
[SECURITY] [DLA 2280-1] python3.5 security update
2020-07-15 10:00:36
rocky
rocky
python38:3.8 security, bug fix, and enhancement update
2020-11-03 12:23:02
rosalinux
rosalinux
Advisory ROSA-SA-2023-2202
2023-07-25 10:31:09
prion
prion
Design/Logic Flaw
2020-10-22 03:16:00
cbl_mariner
cbl_mariner
CVE-2019-18348 affecting package python3 3.7.9-2
2021-07-08 21:56:42

7.3 High

AI Score

Confidence

High

JSON
Related for SUSE_SU-2020-3930-1.NASL
suse2nessus84openvas47redhat8almalinux3oraclelinux5freebsd2ibm3mageia1archlinux1cloudlinux2amazon6fedora13centos2osv6ubuntu4cloudfoundry2gentoo2debian2rocky1rosalinux1prion1cbl_mariner1