Mageia: Security Advisory (MGASA-2019-0135)

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2019.0135");
  script_cve_id("CVE-2018-14647", "CVE-2018-20406", "CVE-2019-5010", "CVE-2019-9636");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:09+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-03-12 13:27:34 +0000 (Tue, 12 Mar 2019)");

  script_name("Mageia: Security Advisory (MGASA-2019-0135)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA6");

  script_xref(name:"Advisory-ID", value:"MGASA-2019-0135");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2019-0135.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=23664");
  script_xref(name:"URL", value:"https://pythoninsider.blogspot.com/2019/03/python-3.html");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/thread/A7QEHDSATR6O6LCG44EN2DA4QDAYBYWW/");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/thread/JSKPGPZQNTAULHW4UH63KGOOUIDE4RRB/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2019-0135 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Python's elementtree C accelerator failed to initialise Expat's hash salt
during initialization. This could make it easy to conduct denial of service
attacks against Expat by constructing an XML document that would cause
pathological hash collisions in Expat's internal data structures, consuming
large amounts CPU and RAM (CVE-2018-14647).

Modules/_pickle.c in Python before 3.5.7 has an integer overflow via a large
LONG_BINPUT value that is mishandled during a 'resize to twice the size'
attempt. This issue might cause memory exhaustion, but is only relevant if
the pickle format is used for serializing tens or hundreds of gigabytes of
data
(CVE-2018-20406).

A null pointer dereference vulnerability was found in the certificate
parsing code in Python. This causes a denial of service to applications when
parsing specially crafted certificates. This vulnerability is unlikely to be
triggered if application enables SSL/TLS certificate validation and accepts
certificates only from trusted root certificate authorities (CVE-2019-5010).

A vulnerability was found in Python 3.x through 3.5.7. An improper Handling
of Unicode Encoding (with an incorrect netloc) during NFKC normalization could
lead to an Information Disclosure (credentials, cookies, etc. that are cached
against a given hostname) in the urllib.parse.urlsplit, urllib.parse.urlparse
components. A specially crafted URL could be incorrectly parsed to locate
cookies or authentication data and send that information to a different host
than when parsed correctly (CVE-2019-9636).

The python3 package has been updated to version 3.5.7, fixing these and other
issues.");

  script_tag(name:"affected", value:"'python3' package(s) on Mageia 6.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA6") {

  if(!isnull(res = isrpmvuln(pkg:"lib64python3-devel", rpm:"lib64python3-devel~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib64python3.5", rpm:"lib64python3.5~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib64python3.5-stdlib", rpm:"lib64python3.5-stdlib~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib64python3.5-testsuite", rpm:"lib64python3.5-testsuite~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libpython3-devel", rpm:"libpython3-devel~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libpython3.5", rpm:"libpython3.5~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libpython3.5-stdlib", rpm:"libpython3.5-stdlib~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libpython3.5-testsuite", rpm:"libpython3.5-testsuite~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"python3", rpm:"python3~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"python3-docs", rpm:"python3-docs~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"tkinter3", rpm:"tkinter3~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"tkinter3-apps", rpm:"tkinter3-apps~3.5.7~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);