Fedora: Security Advisory for python-idna (FEDORA-2024-098b5d9719)

2024-05-2700:00:00

plugins.openvas.org

python-idna

fedora 40

cve-2024-3651

internationalised domain names

idna2008

encodings.idna

rfc 5891

vendorfix

package

7.6 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.886488");
  script_version("2024-06-07T05:05:42+0000");
  script_cve_id("CVE-2024-3651");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_tag(name:"last_modification", value:"2024-06-07 05:05:42 +0000 (Fri, 07 Jun 2024)");
  script_tag(name:"creation_date", value:"2024-05-27 10:41:44 +0000 (Mon, 27 May 2024)");
  script_name("Fedora: Security Advisory for python-idna (FEDORA-2024-098b5d9719)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC40");

  script_xref(name:"Advisory-ID", value:"FEDORA-2024-098b5d9719");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5IDLLD2IKSIVRBSLB34WTSYGLMWUFWF");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'python-idna'
  package(s) announced via the FEDORA-2024-098b5d9719 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"A library to support the Internationalised Domain Names in Applications (IDNA)
protocol as specified in RFC 5891.  This
version of the protocol is often referred to as 'IDNA2008' and can produce
different results from the earlier standard from 2003.

The library is also intended to act as a suitable drop-in replacement for the
'encodings.idna' module that comes with the Python standard library but
currently only supports the older 2003 specification.");

  script_tag(name:"affected", value:"'python-idna' package(s) on Fedora 40.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "FC40") {

  if(!isnull(res = isrpmvuln(pkg:"python-idna", rpm:"python-idna~3.7~1.fc40", rls:"FC40"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);