{"id": "OPENVAS:1361412562311220192653", "type": "openvas", "bulletinFamily": "scanner", "title": "Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-2653)", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "published": "2020-01-23T00:00:00", "modified": "2020-01-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192653", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["2019-2653", "https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2653"], "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-11340"], "lastseen": "2020-01-27T18:37:53", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1275.NASL", "SUSE_SU-2019-2743-1.NASL", "EULEROS_SA-2019-2225.NASL", "OPENSUSE-2019-2389.NASL", "EULEROS_SA-2019-2442.NASL", "EULEROS_SA-2019-2653.NASL", "EULEROS_SA-2020-1048.NASL", "EULEROS_SA-2020-1212.NASL", "OPENSUSE-2019-2393.NASL", "EULEROS_SA-2020-1044.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220192225", "OPENVAS:1361412562311220192442", "OPENVAS:1361412562310852752", "OPENVAS:1361412562311220201044", "OPENVAS:1361412562311220192115", "OPENVAS:1361412562310852941", "OPENVAS:1361412562311220192114", "OPENVAS:1361412562311220201048", "OPENVAS:1361412562311220201212", "OPENVAS:1361412562311220201275"]}, {"type": "cve", "idList": ["CVE-2019-17514", "CVE-2019-11340", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-16056", "CVE-2019-2653", "CVE-2019-16935"]}, {"type": "symantec", "idList": ["SMNTC-110222", "SMNTC-110026"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:2453-1", "OPENSUSE-SU-2019:2389-1", "OPENSUSE-SU-2019:2438-1", "OPENSUSE-SU-2019:2393-1"]}, {"type": "amazon", "idList": ["ALAS-2019-1230", "ALAS-2019-1324", "ALAS-2019-1242", "ALAS-2019-1243", "ALAS-2019-1314", "ALAS-2019-1204", "ALAS2-2019-1247", "ALAS2-2019-1368"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2280-1:96280", "DEBIAN:DLA-1835-2:87B43"]}, {"type": "ubuntu", "idList": ["USN-4151-2", "USN-4151-1"]}, {"type": "fedora", "idList": ["FEDORA:BF65760525B8", "FEDORA:071096091F43", "FEDORA:9848360648DC", "FEDORA:B940C60A8A0C", "FEDORA:61CEB60525CF", "FEDORA:4B77660C7BDE"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:372C89C2034124B41C6B1DC1B76A49D9"]}], "modified": "2020-01-27T18:37:53", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2020-01-27T18:37:53", "rev": 2}, "vulnersScore": 7.0}, "pluginID": "1361412562311220192653", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2653\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-17514\", \"CVE-2019-9740\", \"CVE-2019-9947\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:12:25 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-2653)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2653\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2653\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python' package(s) announced via the EulerOS-SA-2019-2653 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340, however, this CVE applies to Python more generally.(CVE-2019-16056)\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740)\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947)\n\nlibrary/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated 'finds all the pathnames matching a specified pattern according to the rules used by the Unix shell, ' one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.(CVE-2019-17514)\n\nThe documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935)\");\n\n script_tag(name:\"affected\", value:\"'python' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~58.h22\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~58.h22\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~58.h22\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.7.5~58.h22\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "naslFamily": "Huawei EulerOS Local Security Checks"}

{"nessus": [{"lastseen": "2021-01-07T09:03:14", "description": "According to the versions of the python packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\n (specifically in the\n path component of a URL that lacks a ? character)\n followed by an HTTP header or a Redis command. This is\n similar to the CVE-2019-9740 query string\n issue.(CVE-2019-9947)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\n (specifically in the\n query string after a ? character) followed by an HTTP\n header or a Redis command.(CVE-2019-9740)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-03-20T00:00:00", "title": "EulerOS Virtualization 3.0.2.2 : python (EulerOS-SA-2020-1275)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-11340"], "modified": "2020-03-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python", "cpe:/o:huawei:euleros:uvp:3.0.2.2", "p-cpe:/a:huawei:euleros:tkinter", "p-cpe:/a:huawei:euleros:python-tools", "p-cpe:/a:huawei:euleros:python-devel", "p-cpe:/a:huawei:euleros:python-libs"], "id": "EULEROS_SA-2020-1275.NASL", "href": "https://www.tenable.com/plugins/nessus/134741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134741);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-16056\",\n \"CVE-2019-16935\",\n \"CVE-2019-17514\",\n \"CVE-2019-9740\",\n \"CVE-2019-9947\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0340\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : python (EulerOS-SA-2020-1275)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\n (specifically in the\n path component of a URL that lacks a ? character)\n followed by an HTTP header or a Redis command. This is\n similar to the CVE-2019-9740 query string\n issue.(CVE-2019-9947)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\n (specifically in the\n query string after a ? character) followed by an HTTP\n header or a Redis command.(CVE-2019-9740)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1275\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c63601ed\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17514\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-2.7.5-69.h23\",\n \"python-devel-2.7.5-69.h23\",\n \"python-libs-2.7.5-69.h23\",\n \"python-tools-2.7.5-69.h23\",\n \"tkinter-2.7.5-69.h23\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T09:01:40", "description": "According to the versions of the python packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n query string after a ? character) followed by an HTTP\n header or a Redis command.(CVE-2019-9740)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n path component of a URL that lacks a ? character)\n followed by an HTTP header or a Redis command. This is\n similar to the CVE-2019-9740 query string\n issue.(CVE-2019-9947)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-12-18T00:00:00", "title": "EulerOS 2.0 SP3 : python (EulerOS-SA-2019-2653)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-11340"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python", "p-cpe:/a:huawei:euleros:tkinter", "p-cpe:/a:huawei:euleros:python-devel", "p-cpe:/a:huawei:euleros:python-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2653.NASL", "href": "https://www.tenable.com/plugins/nessus/132188", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132188);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-16056\",\n \"CVE-2019-16935\",\n \"CVE-2019-17514\",\n \"CVE-2019-9740\",\n \"CVE-2019-9947\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0340\");\n\n script_name(english:\"EulerOS 2.0 SP3 : python (EulerOS-SA-2019-2653)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n query string after a ? character) followed by an HTTP\n header or a Redis command.(CVE-2019-9740)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n path component of a URL that lacks a ? character)\n followed by an HTTP header or a Redis command. This is\n similar to the CVE-2019-9740 query string\n issue.(CVE-2019-9947)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2653\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9af6caf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17514\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-2.7.5-58.h22\",\n \"python-devel-2.7.5-58.h22\",\n \"python-libs-2.7.5-58.h22\",\n \"tkinter-2.7.5-58.h22\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T09:00:01", "description": "According to the versions of the python packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in\n Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into\n sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a\n hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for\n example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP\n connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x\n through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7,\n 3.6.x before 3.6.9, and 3.7.x before\n 3.7.3.(CVE-2018-20852)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n query string after a ? character) followed by an HTTP\n header or a Redis command.(CVE-2019-9740)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n path component of a URL that lacks a ? character)\n followed by an HTTP header or a Redis command. This is\n similar to the CVE-2019-9740 query string\n issue.(CVE-2019-9947)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-11-08T00:00:00", "title": "EulerOS 2.0 SP5 : python (EulerOS-SA-2019-2225)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-11340"], "modified": "2019-11-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python", "p-cpe:/a:huawei:euleros:tkinter", "p-cpe:/a:huawei:euleros:python-devel", "p-cpe:/a:huawei:euleros:python-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2225.NASL", "href": "https://www.tenable.com/plugins/nessus/130687", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130687);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-20852\",\n \"CVE-2019-16056\",\n \"CVE-2019-16935\",\n \"CVE-2019-17514\",\n \"CVE-2019-9740\",\n \"CVE-2019-9947\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0340\");\n\n script_name(english:\"EulerOS 2.0 SP5 : python (EulerOS-SA-2019-2225)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in\n Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into\n sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a\n hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for\n example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP\n connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x\n through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7,\n 3.6.x before 3.6.9, and 3.7.x before\n 3.7.3.(CVE-2018-20852)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n query string after a ? character) followed by an HTTP\n header or a Redis command.(CVE-2019-9740)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n path component of a URL that lacks a ? character)\n followed by an HTTP header or a Redis command. This is\n similar to the CVE-2019-9740 query string\n issue.(CVE-2019-9947)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2225\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?36751261\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17514\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-2.7.5-69.h26.eulerosv2r7\",\n \"python-devel-2.7.5-69.h26.eulerosv2r7\",\n \"python-libs-2.7.5-69.h26.eulerosv2r7\",\n \"tkinter-2.7.5-69.h26.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T09:03:02", "description": "According to the versions of the python packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in\n Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into\n sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a\n hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for\n example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP\n connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x\n through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7,\n 3.6.x before 3.6.9, and 3.7.x before\n 3.7.3.(CVE-2018-20852)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n path component of a URL that lacks a ? character)\n followed by an HTTP header or a Redis command. This is\n similar to the CVE-2019-9740 query string\n issue.(CVE-2019-9947)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n query string after a ? character) followed by an HTTP\n header or a Redis command.(CVE-2019-9740)\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-03-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : python (EulerOS-SA-2020-1212)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-11340"], "modified": "2020-03-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python", "cpe:/o:huawei:euleros:uvp:3.0.2.0", "p-cpe:/a:huawei:euleros:python-tools", "p-cpe:/a:huawei:euleros:python-devel", "p-cpe:/a:huawei:euleros:python-libs"], "id": "EULEROS_SA-2020-1212.NASL", "href": "https://www.tenable.com/plugins/nessus/134501", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134501);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-20852\",\n \"CVE-2019-16056\",\n \"CVE-2019-16935\",\n \"CVE-2019-17514\",\n \"CVE-2019-9740\",\n \"CVE-2019-9947\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0340\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : python (EulerOS-SA-2020-1212)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in\n Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into\n sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a\n hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for\n example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP\n connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x\n through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7,\n 3.6.x before 3.6.9, and 3.7.x before\n 3.7.3.(CVE-2018-20852)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n path component of a URL that lacks a ? character)\n followed by an HTTP header or a Redis command. This is\n similar to the CVE-2019-9740 query string\n issue.(CVE-2019-9947)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n query string after a ? character) followed by an HTTP\n header or a Redis command.(CVE-2019-9740)\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1212\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e8729fc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17514\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-2.7.5-69.h26\",\n \"python-devel-2.7.5-69.h26\",\n \"python-libs-2.7.5-69.h26\",\n \"python-tools-2.7.5-69.h26\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T09:01:02", "description": "According to the versions of the python packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n query string after a ? character) followed by an HTTP\n header or a Redis command.(CVE-2019-9740)\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in\n Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into\n sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a\n hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for\n example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP\n connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x\n through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7,\n 3.6.x before 3.6.9, and 3.7.x before\n 3.7.3.(CVE-2018-20852)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-12-04T00:00:00", "title": "EulerOS 2.0 SP2 : python (EulerOS-SA-2019-2442)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-9740", "CVE-2019-11340"], "modified": "2019-12-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python", "p-cpe:/a:huawei:euleros:tkinter", "p-cpe:/a:huawei:euleros:python-devel", "p-cpe:/a:huawei:euleros:python-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2442.NASL", "href": "https://www.tenable.com/plugins/nessus/131596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131596);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-20852\",\n \"CVE-2019-16056\",\n \"CVE-2019-16935\",\n \"CVE-2019-17514\",\n \"CVE-2019-9740\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0340\");\n\n script_name(english:\"EulerOS 2.0 SP2 : python (EulerOS-SA-2019-2442)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - An issue was discovered in urllib2 in Python 2.x\n through 2.7.16 and urllib in Python 3.x through 3.7.3.\n CRLF injection is possible if the attacker controls a\n url parameter, as demonstrated by the first argument to\n urllib.request.urlopen with \\r\\n (specifically in the\n query string after a ? character) followed by an HTTP\n header or a Redis command.(CVE-2019-9740)\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in\n Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into\n sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a\n hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for\n example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP\n connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x\n through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7,\n 3.6.x before 3.6.9, and 3.7.x before\n 3.7.3.(CVE-2018-20852)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2442\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a89cbebd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17514\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-2.7.5-58.h20\",\n \"python-devel-2.7.5-58.h20\",\n \"python-libs-2.7.5-58.h20\",\n \"tkinter-2.7.5-58.h20\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T09:01:53", "description": "According to the versions of the python2 packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in\n Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into\n sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a\n hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for\n example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP\n connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x\n through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7,\n 3.6.x before 3.6.9, and 3.7.x before\n 3.7.3.(CVE-2018-20852)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-01-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : python2 (EulerOS-SA-2020-1044)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-11340"], "modified": "2020-01-13T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.5.0", "p-cpe:/a:huawei:euleros:python-unversioned-command", "p-cpe:/a:huawei:euleros:python2-devel", "p-cpe:/a:huawei:euleros:python2", "p-cpe:/a:huawei:euleros:python2-libs"], "id": "EULEROS_SA-2020-1044.NASL", "href": "https://www.tenable.com/plugins/nessus/132798", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132798);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-20852\",\n \"CVE-2019-16056\",\n \"CVE-2019-16935\",\n \"CVE-2019-17514\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0340\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : python2 (EulerOS-SA-2020-1044)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python2 packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in\n Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into\n sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a\n hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for\n example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP\n connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x\n through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7,\n 3.6.x before 3.6.9, and 3.7.x before\n 3.7.3.(CVE-2018-20852)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1044\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae7b2361\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17514\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-unversioned-command\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python-unversioned-command-2.7.15-10.h18.eulerosv2r8\",\n \"python2-2.7.15-10.h18.eulerosv2r8\",\n \"python2-devel-2.7.15-10.h18.eulerosv2r8\",\n \"python2-libs-2.7.15-10.h18.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T09:01:54", "description": "According to the versions of the python3 packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in\n Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into\n sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a\n hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for\n example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP\n connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x\n through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7,\n 3.6.x before 3.6.9, and 3.7.x before\n 3.7.3.(CVE-2018-20852)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2020-01-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : python3 (EulerOS-SA-2020-1048)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-11340"], "modified": "2020-01-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-libs", "cpe:/o:huawei:euleros:uvp:3.0.5.0", "p-cpe:/a:huawei:euleros:python3", "p-cpe:/a:huawei:euleros:python3-devel"], "id": "EULEROS_SA-2020-1048.NASL", "href": "https://www.tenable.com/plugins/nessus/132802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132802);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-20852\",\n \"CVE-2019-16056\",\n \"CVE-2019-16935\",\n \"CVE-2019-17514\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0340\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : python3 (EulerOS-SA-2020-1048)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the python3 packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An issue was discovered in Python through 2.7.16, 3.x\n through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through\n 3.7.4. The email module wrongly parses email addresses\n that contain multiple @ characters. An application that\n uses the email module and implements some kind of\n checks on the From/To headers of a message could be\n tricked into accepting an email address that should be\n denied. An attack may be the same as in CVE-2019-11340\n however, this CVE applies to Python more\n generally.(CVE-2019-16056)\n\n - http.cookiejar.DefaultPolicy.domain_return_ok in\n Lib/http/cookiejar.py in Python before 3.7.3 does not\n correctly validate the domain: it can be tricked into\n sending existing cookies to the wrong server. An\n attacker may abuse this flaw by using a server with a\n hostname that has another valid hostname as a suffix\n (e.g., pythonicexample.com to steal cookies for\n example.com). When a program uses\n http.cookiejar.DefaultPolicy and tries to do an HTTP\n connection to an attacker-controlled server, existing\n cookies can be leaked to the attacker. This affects 2.x\n through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7,\n 3.6.x before 3.6.9, and 3.7.x before\n 3.7.3.(CVE-2018-20852)\n\n - The documentation XML-RPC server in Python through\n 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has\n XSS via the server_title field. This occurs in\n Lib/DocXMLRPCServer.py in Python 2.x, and in\n Lib/xmlrpc/server.py in Python 3.x. If set_server_title\n is called with untrusted input, arbitrary JavaScript\n can be delivered to clients that visit the http URL for\n this server.(CVE-2019-16935)\n\n - library/glob.html in the Python 2 and 3 documentation\n before 2016 has potentially misleading information\n about whether sorting occurs, as demonstrated by\n irreproducible cancer-research results. NOTE: the\n effects of this documentation cross application\n domains, and thus it is likely that security-relevant\n code elsewhere is affected. This issue is not a Python\n implementation bug, and there are no reports that NMR\n researchers were specifically relying on\n library/glob.html. In other words, because the older\n documentation stated 'finds all the pathnames matching\n a specified pattern according to the rules used by the\n Unix shell,' one might have incorrectly inferred that\n the sorting that occurs in a Unix shell also occurred\n for glob.glob. There is a workaround in newer versions\n of Willoughby nmr-data_compilation-p2.py and\n nmr-data_compilation-p3.py, which call sort()\n directly.(CVE-2019-17514)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1048\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d7e8235c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17514\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-3.7.0-9.h15.eulerosv2r8\",\n \"python3-devel-3.7.0-9.h15.eulerosv2r8\",\n \"python3-libs-3.7.0-9.h15.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T04:22:40", "description": "This update for python fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9947: Fixed an insufficient validation of URL\n paths with embedded whitespace or control characters\n that could allow HTTP header injections. (bsc#1130840)\n\n - CVE-2019-16056: Fixed a parser issue in the email\n module. (bsc#1149955)\n\n - CVE-2019-16935: Fixed a reflected XSS in\n python/Lib/DocXMLRPCServer.py (bsc#1153238).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-10-28T00:00:00", "title": "openSUSE Security Update : python (openSUSE-2019-2393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-16056", "CVE-2019-9947"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python-32bit-debuginfo", "p-cpe:/a:novell:opensuse:python-curses-debuginfo", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:python-idle", "p-cpe:/a:novell:opensuse:python-curses", "p-cpe:/a:novell:opensuse:python-32bit", "p-cpe:/a:novell:opensuse:python-gdbm-debuginfo", "p-cpe:/a:novell:opensuse:python-base-debuginfo", "p-cpe:/a:novell:opensuse:python-debuginfo", "p-cpe:/a:novell:opensuse:python-gdbm", "p-cpe:/a:novell:opensuse:python-base", "p-cpe:/a:novell:opensuse:python-xml-debuginfo", "p-cpe:/a:novell:opensuse:python-tk-debuginfo", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit", "p-cpe:/a:novell:opensuse:python", "p-cpe:/a:novell:opensuse:python-debugsource", "p-cpe:/a:novell:opensuse:libpython2_7-1_0", "p-cpe:/a:novell:opensuse:python-base-debugsource", "p-cpe:/a:novell:opensuse:python-xml", "p-cpe:/a:novell:opensuse:python-tk", "p-cpe:/a:novell:opensuse:python-base-32bit", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo", "p-cpe:/a:novell:opensuse:python-doc-pdf", "p-cpe:/a:novell:opensuse:python-base-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit-debuginfo", "p-cpe:/a:novell:opensuse:python-demo", "p-cpe:/a:novell:opensuse:python-devel"], "id": "OPENSUSE-2019-2393.NASL", "href": "https://www.tenable.com/plugins/nessus/130339", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2393.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130339);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-9947\");\n\n script_name(english:\"openSUSE Security Update : python (openSUSE-2019-2393)\");\n script_summary(english:\"Check for the openSUSE-2019-2393 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for python fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9947: Fixed an insufficient validation of URL\n paths with embedded whitespace or control characters\n that could allow HTTP header injections. (bsc#1130840)\n\n - CVE-2019-16056: Fixed a parser issue in the email\n module. (bsc#1149955)\n\n - CVE-2019-16935: Fixed a reflected XSS in\n python/Lib/DocXMLRPCServer.py (bsc#1153238).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153238\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-doc-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpython2_7-1_0-2.7.14-lp151.10.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libpython2_7-1_0-debuginfo-2.7.14-lp151.10.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-base-2.7.14-lp151.10.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-base-debuginfo-2.7.14-lp151.10.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-base-debugsource-2.7.14-lp151.10.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-curses-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-curses-debuginfo-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-debuginfo-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-debugsource-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-demo-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-devel-2.7.14-lp151.10.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-doc-pdf-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-gdbm-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-gdbm-debuginfo-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-idle-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-tk-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-tk-debuginfo-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-xml-2.7.14-lp151.10.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python-xml-debuginfo-2.7.14-lp151.10.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.14-lp151.10.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-debuginfo-2.7.14-lp151.10.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"python-32bit-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"python-32bit-debuginfo-2.7.14-lp151.10.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"python-base-32bit-2.7.14-lp151.10.10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"python-base-32bit-debuginfo-2.7.14-lp151.10.10.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpython2_7-1_0 / libpython2_7-1_0-debuginfo / python-base / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-14T06:21:50", "description": "This update for python fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9947: Fixed an insufficient validation of URL paths with\nembedded whitespace or control characters that could allow HTTP header\ninjections. (bsc#1130840)\n\nCVE-2019-16056: Fixed a parser issue in the email module.\n(bsc#1149955)\n\nCVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py\n(bsc#1153238).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-10-23T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2019:2743-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-16056", "CVE-2019-9947"], "modified": "2019-10-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:python-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:libpython2_7", "p-cpe:/a:novell:suse_linux:python-base-debugsource", "p-cpe:/a:novell:suse_linux:python-gdbm", "p-cpe:/a:novell:suse_linux:python", "p-cpe:/a:novell:suse_linux:python-xml-debuginfo", "p-cpe:/a:novell:suse_linux:python-devel", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:python-curses-debuginfo", "p-cpe:/a:novell:suse_linux:python-base", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:python-tk", "p-cpe:/a:novell:suse_linux:python-base-debuginfo", "p-cpe:/a:novell:suse_linux:python-base-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:python-demo", "p-cpe:/a:novell:suse_linux:python-curses", "p-cpe:/a:novell:suse_linux:python-debuginfo", "p-cpe:/a:novell:suse_linux:python-tk-debuginfo", "p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo", "p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo", "p-cpe:/a:novell:suse_linux:python-debugsource", "p-cpe:/a:novell:suse_linux:python-xml", "p-cpe:/a:novell:suse_linux:python-idle"], "id": "SUSE_SU-2019-2743-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130164", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2743-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130164);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-9947\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2019:2743-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for python fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-9947: Fixed an insufficient validation of URL paths with\nembedded whitespace or control characters that could allow HTTP header\ninjections. (bsc#1130840)\n\nCVE-2019-16056: Fixed a parser issue in the email module.\n(bsc#1149955)\n\nCVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py\n(bsc#1153238).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16056/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16935/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9947/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192743-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e32fe43e\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Python2 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Python2-15-SP1-2019-2743=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2743=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2743=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2019-2743=1\n\nSUSE Linux Enterprise Module for Desktop Applications 15:zypper in -t\npatch SUSE-SLE-Module-Desktop-Applications-15-2019-2743=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2743=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-2743=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-base-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-xml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-32bit-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-32bit-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-32bit-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-32bit-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libpython2_7-1_0-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libpython2_7-1_0-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-base-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-base-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-base-debugsource-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-curses-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-curses-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-debugsource-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-demo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-devel-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-gdbm-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-gdbm-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-idle-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-tk-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-tk-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-xml-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"python-xml-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libpython2_7-1_0-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-base-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-base-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-base-debugsource-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-curses-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-curses-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-debugsource-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-demo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-devel-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-gdbm-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-gdbm-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-idle-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-tk-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-tk-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-xml-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-xml-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"libpython2_7-1_0-32bit-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-32bit-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-32bit-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-32bit-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"python-base-32bit-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libpython2_7-1_0-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libpython2_7-1_0-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-base-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-base-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-base-debugsource-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-curses-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-curses-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-debugsource-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-demo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-devel-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-gdbm-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-gdbm-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-idle-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-tk-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-tk-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-xml-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"python-xml-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libpython2_7-1_0-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libpython2_7-1_0-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-base-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-base-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-base-debugsource-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-curses-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-curses-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-debugsource-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-demo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-devel-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-gdbm-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-gdbm-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-idle-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-tk-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-tk-debuginfo-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-xml-2.7.14-7.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-xml-debuginfo-2.7.14-7.24.1\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T12:49:18", "description": "This update for python fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9947: Fixed an insufficient validation of URL\n paths with embedded whitespace or control characters\n that could allow HTTP header injections. (bsc#1130840)\n\n - CVE-2019-16056: Fixed a parser issue in the email\n module. (bsc#1149955)\n\n - CVE-2019-16935: Fixed a reflected XSS in\n python/Lib/DocXMLRPCServer.py (bsc#1153238).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 16, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-10-28T00:00:00", "title": "openSUSE Security Update : python (openSUSE-2019-2389)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-16056", "CVE-2019-9947"], "modified": "2019-10-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python-32bit-debuginfo", "p-cpe:/a:novell:opensuse:python-curses-debuginfo", "p-cpe:/a:novell:opensuse:python-idle", "p-cpe:/a:novell:opensuse:python-curses", "p-cpe:/a:novell:opensuse:python-32bit", "p-cpe:/a:novell:opensuse:python-gdbm-debuginfo", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:python-debuginfo", "p-cpe:/a:novell:opensuse:python-gdbm", "p-cpe:/a:novell:opensuse:python-tk-debuginfo", "p-cpe:/a:novell:opensuse:python", "p-cpe:/a:novell:opensuse:python-debugsource", "p-cpe:/a:novell:opensuse:python-tk", "p-cpe:/a:novell:opensuse:python-demo"], "id": "OPENSUSE-2019-2389.NASL", "href": "https://www.tenable.com/plugins/nessus/130337", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2389.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130337);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-9947\");\n\n script_name(english:\"openSUSE Security Update : python (openSUSE-2019-2389)\");\n script_summary(english:\"Check for the openSUSE-2019-2389 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for python fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-9947: Fixed an insufficient validation of URL\n paths with embedded whitespace or control characters\n that could allow HTTP header injections. (bsc#1130840)\n\n - CVE-2019-16056: Fixed a parser issue in the email\n module. (bsc#1149955)\n\n - CVE-2019-16935: Fixed a reflected XSS in\n python/Lib/DocXMLRPCServer.py (bsc#1153238).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153238\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-curses-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-gdbm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-idle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-curses-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-curses-debuginfo-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-debuginfo-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-debugsource-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-demo-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-gdbm-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-gdbm-debuginfo-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-idle-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-tk-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-tk-debuginfo-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"python-32bit-2.7.14-lp150.6.21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"python-32bit-debuginfo-2.7.14-lp150.6.21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-curses / python-curses-debuginfo / python-debuginfo / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2020-03-23T14:56:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-11340"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-19T00:00:00", "published": "2020-03-19T00:00:00", "id": "OPENVAS:1361412562311220201275", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201275", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1275)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1275\");\n script_version(\"2020-03-19T13:43:26+0000\");\n script_cve_id(\"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-17514\", \"CVE-2019-9740\", \"CVE-2019-9947\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-19 13:43:26 +0000 (Thu, 19 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-19 13:43:26 +0000 (Thu, 19 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1275)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1275\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1275\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python' package(s) announced via the EulerOS-SA-2020-1275 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340, however, this CVE applies to Python more generally.(CVE-2019-16056)\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947)\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740)\n\nThe documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935)\n\nlibrary/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated 'finds all the pathnames matching a specified pattern according to the rules used by the Unix shell' one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.(CVE-2019-17514)\");\n\n script_tag(name:\"affected\", value:\"'python' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~69.h23\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~69.h23\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~69.h23\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.7.5~69.h23\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.7.5~69.h23\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:37:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-11340"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192225", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192225", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-2225)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2225\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2018-20852\", \"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-17514\", \"CVE-2019-9740\", \"CVE-2019-9947\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:41:26 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-2225)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2225\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2225\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python' package(s) announced via the EulerOS-SA-2019-2225 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935)\n\nlibrary/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated 'finds all the pathnames matching a specified pattern according to the rules used by the Unix shell, ' one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.(CVE-2019-17514)\n\nAn issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340, however, this CVE applies to Python more generally.(CVE-2019-16056)\n\nhttp.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852)\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url paramet ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'python' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~69.h26.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~69.h26.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~69.h26.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.7.5~69.h26.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-14T16:49:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-11340"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-13T00:00:00", "published": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201212", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201212", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1212)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1212\");\n script_version(\"2020-03-13T07:15:02+0000\");\n script_cve_id(\"CVE-2018-20852\", \"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-17514\", \"CVE-2019-9740\", \"CVE-2019-9947\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:15:02 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:15:02 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python (EulerOS-SA-2020-1212)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1212\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1212\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python' package(s) announced via the EulerOS-SA-2020-1212 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852)\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.(CVE-2019-9947)\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740)\n\nAn issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340, however, this CVE applies to Python more generally.(CVE-2019-16056)\n\nThe documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935)\n\nlibrary/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'python' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~69.h26\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~69.h26\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~69.h26\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.7.5~69.h26\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:36:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-9740", "CVE-2019-11340"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192442", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192442", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-2442)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2442\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2018-20852\", \"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-17514\", \"CVE-2019-9740\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:57:53 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-2442)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2442\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2442\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python' package(s) announced via the EulerOS-SA-2019-2442 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated 'finds all the pathnames matching a specified pattern according to the rules used by the Unix shell, ' one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.(CVE-2019-17514)\n\nThe documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935)\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.(CVE-2019-9740)\n\nAn issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340, however, this CVE applies to Python more generally.(CVE-2019-16056)\n\nhttp.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-cont ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'python' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.5~58.h20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.5~58.h20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.7.5~58.h20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.7.5~58.h20\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:35:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-11340"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201048", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201048", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2020-1048)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1048\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2018-20852\", \"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-17514\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:18:07 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2020-1048)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1048\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1048\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python3' package(s) announced via the EulerOS-SA-2020-1048 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340, however, this CVE applies to Python more generally.(CVE-2019-16056)\n\nhttp.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852)\n\nThe documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935)\n\nlibrary/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated 'finds all the pathnames matching a specified pattern according to the rules used by the Unix shell, ' one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.(CVE-2019-17514)\");\n\n script_tag(name:\"affected\", value:\"'python3' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.7.0~9.h15.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-devel\", rpm:\"python3-devel~3.7.0~9.h15.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-libs\", rpm:\"python3-libs~3.7.0~9.h15.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:37:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-17514", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-11340"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201044", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201044", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2020-1044)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1044\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2018-20852\", \"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-17514\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:18:00 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2020-1044)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1044\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1044\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python2' package(s) announced via the EulerOS-SA-2020-1044 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340, however, this CVE applies to Python more generally.(CVE-2019-16056)\n\nhttp.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852)\n\nThe documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935)\n\nlibrary/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated 'finds all the pathnames matching a specified pattern according to the rules used by the Unix shell, ' one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.(CVE-2019-17514)\");\n\n script_tag(name:\"affected\", value:\"'python2' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python-unversioned-command\", rpm:\"python-unversioned-command~2.7.15~10.h18.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2\", rpm:\"python2~2.7.15~10.h18.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-devel\", rpm:\"python2-devel~2.7.15~10.h18.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-libs\", rpm:\"python2-libs~2.7.15~10.h18.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T16:29:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-16056", "CVE-2019-9947"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852941", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852941", "type": "openvas", "title": "openSUSE: Security Advisory for python (openSUSE-SU-2019:2393-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852941\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-9947\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:46:51 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for python (openSUSE-SU-2019:2393-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2393-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the openSUSE-SU-2019:2393-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for python fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9947: Fixed an insufficient validation of URL paths with\n embedded whitespace or control characters that could allow HTTP header\n injections. (bsc#1130840)\n\n - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)\n\n - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py\n (bsc#1153238).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2393=1\");\n\n script_tag(name:\"affected\", value:\"'python' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libpython2_7-1_0\", rpm:\"libpython2_7-1_0~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpython2_7-1_0-debuginfo\", rpm:\"libpython2_7-1_0-debuginfo~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-base-debuginfo\", rpm:\"python-base-debuginfo~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-base-debugsource\", rpm:\"python-base-debugsource~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-curses-debuginfo\", rpm:\"python-curses-debuginfo~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-debugsource\", rpm:\"python-debugsource~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-gdbm-debuginfo\", rpm:\"python-gdbm-debuginfo~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-tk-debuginfo\", rpm:\"python-tk-debuginfo~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-xml\", rpm:\"python-xml~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-xml-debuginfo\", rpm:\"python-xml-debuginfo~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpython2_7-1_0-32bit\", rpm:\"libpython2_7-1_0-32bit~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libpython2_7-1_0-32bit-debuginfo\", rpm:\"libpython2_7-1_0-32bit-debuginfo~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-32bit\", rpm:\"python-32bit~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-32bit-debuginfo\", rpm:\"python-32bit-debuginfo~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-base-32bit\", rpm:\"python-base-32bit~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-base-32bit-debuginfo\", rpm:\"python-base-32bit-debuginfo~2.7.14~lp151.10.10.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-doc\", rpm:\"python-doc~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-doc-pdf\", rpm:\"python-doc-pdf~2.7.14~lp151.10.10.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-31T16:54:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-16056", "CVE-2019-9947"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-10-28T00:00:00", "id": "OPENVAS:1361412562310852752", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852752", "type": "openvas", "title": "openSUSE: Security Advisory for python (openSUSE-SU-2019:2389-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852752\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-16056\", \"CVE-2019-16935\", \"CVE-2019-9947\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-28 03:00:51 +0000 (Mon, 28 Oct 2019)\");\n script_name(\"openSUSE: Security Advisory for python (openSUSE-SU-2019:2389-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2389-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the openSUSE-SU-2019:2389-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for python fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9947: Fixed an insufficient validation of URL paths with\n embedded whitespace or control characters that could allow HTTP header\n injections. (bsc#1130840)\n\n - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)\n\n - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py\n (bsc#1153238).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-2389=1\");\n\n script_tag(name:\"affected\", value:\"'python' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python\", rpm:\"python~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-curses\", rpm:\"python-curses~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-curses-debuginfo\", rpm:\"python-curses-debuginfo~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-debugsource\", rpm:\"python-debugsource~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-demo\", rpm:\"python-demo~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-gdbm\", rpm:\"python-gdbm~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-gdbm-debuginfo\", rpm:\"python-gdbm-debuginfo~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-idle\", rpm:\"python-idle~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-tk\", rpm:\"python-tk~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-tk-debuginfo\", rpm:\"python-tk-debuginfo~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-32bit\", rpm:\"python-32bit~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-32bit-debuginfo\", rpm:\"python-32bit-debuginfo~2.7.14~lp150.6.21.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:32:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-11340"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192115", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2019-2115)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2115\");\n script_version(\"2020-01-23T12:35:02+0000\");\n script_cve_id(\"CVE-2018-20852\", \"CVE-2019-16056\", \"CVE-2019-16935\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:35:02 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:35:02 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2019-2115)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2115\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2115\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python3' package(s) announced via the EulerOS-SA-2019-2115 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935)\n\nhttp.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852)\n\nAn issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340, however, this CVE applies to Python more generally.(CVE-2019-16056)\");\n\n script_tag(name:\"affected\", value:\"'python3' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python3\", rpm:\"python3~3.7.0~9.h11.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-devel\", rpm:\"python3-devel~3.7.0~9.h11.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-libs\", rpm:\"python3-libs~3.7.0~9.h11.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-test\", rpm:\"python3-test~3.7.0~9.h11.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-27T18:35:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16935", "CVE-2019-16056", "CVE-2018-20852", "CVE-2019-11340"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192114", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2019-2114)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2114\");\n script_version(\"2020-01-23T12:34:59+0000\");\n script_cve_id(\"CVE-2018-20852\", \"CVE-2019-16056\", \"CVE-2019-16935\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:34:59 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:34:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2019-2114)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2114\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2114\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'python2' package(s) announced via the EulerOS-SA-2019-2114 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.(CVE-2019-16935)\n\nhttp.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.(CVE-2018-20852)\n\nAn issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340, however, this CVE applies to Python more generally.(CVE-2019-16056)\");\n\n script_tag(name:\"affected\", value:\"'python2' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python-unversioned-command\", rpm:\"python-unversioned-command~2.7.15~10.h14.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2\", rpm:\"python2~2.7.15~10.h14.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-devel\", rpm:\"python2-devel~2.7.15~10.h14.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-libs\", rpm:\"python2-libs~2.7.15~10.h14.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-test\", rpm:\"python2-test~2.7.15~10.h14.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2020-10-03T13:38:47", "description": "library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated \"finds all the pathnames matching a specified pattern according to the rules used by the Unix shell,\" one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-12T13:15:00", "title": "CVE-2019-17514", "type": "cve", "cwe": ["NVD-CWE-noinfo", "CWE-682"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17514"], "modified": "2020-07-27T18:15:00", "cpe": ["cpe:/a:python:python:3.7.0", "cpe:/a:python:python:3.8.0", "cpe:/a:python:python:3.6.0"], "id": "CVE-2019-17514", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17514", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:python:python:3.6.0:-:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.8.0:-:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.7.0:-:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:39", "description": "util/emailutils.py in Matrix Sydent before 1.0.2 mishandles registration restrictions that are based on e-mail domain, if the allowed_local_3pids option is enabled. This occurs because of potentially unwanted behavior in Python, in which an email.utils.parseaddr call on user@bad.example.net@good.example.com returns the user@bad.example.net substring.", "edition": 5, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-04-19T14:29:00", "title": "CVE-2019-11340", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11340"], "modified": "2019-04-22T17:52:00", "cpe": [], "id": "CVE-2019-11340", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11340", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2020-12-09T21:41:58", "description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.", "edition": 20, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-03-23T18:29:00", "title": "CVE-2019-9947", "type": "cve", "cwe": ["CWE-93"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9947"], "modified": "2020-11-02T21:15:00", "cpe": ["cpe:/a:python:python:3.7.2", "cpe:/a:python:python:2.7.15", "cpe:/a:python:python:2.7.16"], "id": "CVE-2019-9947", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9947", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:python:python:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.16:-:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.15:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:46", "description": "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", "edition": 19, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2019-09-28T02:15:00", "title": "CVE-2019-16935", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16935"], "modified": "2020-07-15T12:15:00", "cpe": ["cpe:/a:python:python:3.7.4", "cpe:/a:python:python:2.7.16", "cpe:/a:python:python:3.6.9"], "id": "CVE-2019-16935", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16935", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:python:python:2.7.16:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.7.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:58", "description": "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.", "edition": 25, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-03-13T03:29:00", "title": "CVE-2019-9740", "type": "cve", "cwe": ["CWE-93"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9740"], "modified": "2020-11-02T21:15:00", "cpe": ["cpe:/a:python:python:3.7.2", "cpe:/a:python:python:2.7.16"], "id": "CVE-2019-9740", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9740", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:python:python:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.16:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T21:41:45", "description": "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.", "edition": 27, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-09-06T18:15:00", "title": "CVE-2019-16056", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16056"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:python:python:3.0.1", "cpe:/a:python:python:3.3.7", "cpe:/a:python:python:3.4.10", "cpe:/a:python:python:3.5.7", "cpe:/a:python:python:3.7.4", "cpe:/a:python:python:3.1.5", "cpe:/a:python:python:2.7.16", "cpe:/a:python:python:3.6.9", "cpe:/a:python:python:3.2.6"], "id": "CVE-2019-16056", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16056", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:python:python:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:2.7.16:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:python:python:3.3.7:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2019-10-24T14:32:40", "bulletinFamily": "software", "cvelist": ["CVE-2019-16056"], "description": "### Description\n\nPython is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Python versions through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4 are vulnerable.\n\n### Technologies Affected\n\n * Python Software Foundation Python 2.0.0 \n * Python Software Foundation Python 2.0.1 \n * Python Software Foundation Python 2.1.0 \n * Python Software Foundation Python 2.1.1 \n * Python Software Foundation Python 2.1.2 \n * Python Software Foundation Python 2.1.3 \n * Python Software Foundation Python 2.2 \n * Python Software Foundation Python 2.2.0 \n * Python Software Foundation Python 2.2.1 \n * Python Software Foundation Python 2.2.2 \n * Python Software Foundation Python 2.2.3 \n * Python Software Foundation Python 2.3 \n * Python Software Foundation Python 2.3.0 \n * Python Software Foundation Python 2.3.1 \n * Python Software Foundation Python 2.3.2 \n * Python Software Foundation Python 2.3.3 \n * Python Software Foundation Python 2.3.4 \n * Python Software Foundation Python 2.3.5 \n * Python Software Foundation Python 2.3.6 \n * Python Software Foundation Python 2.3.7 \n * Python Software Foundation Python 2.4 \n * Python Software Foundation Python 2.4.2 \n * Python Software Foundation Python 2.4.6 \n * Python Software Foundation Python 2.5 \n * Python Software Foundation Python 2.5.1 \n * Python Software Foundation Python 2.5.2 \n * Python Software Foundation Python 2.5.3 \n * Python Software Foundation Python 2.5.4 \n * Python Software Foundation Python 2.5.5 \n * Python Software Foundation Python 2.5.6 \n * Python Software Foundation Python 2.6 \n * Python Software Foundation Python 2.6.1 \n * Python Software Foundation Python 2.6.2 \n * Python Software Foundation Python 2.6.3 \n * Python Software Foundation Python 2.6.4 \n * Python Software Foundation Python 2.6.5 \n * Python Software Foundation Python 2.6.6 \n * Python Software Foundation Python 2.6.7 \n * Python Software Foundation Python 2.6.8 \n * Python Software Foundation Python 2.7 \n * Python Software Foundation Python 2.7.0 \n * Python Software Foundation Python 2.7.1 \n * Python Software Foundation Python 2.7.10 \n * Python Software Foundation Python 2.7.11 \n * Python Software Foundation Python 2.7.12 \n * Python Software Foundation Python 2.7.13 \n * Python Software Foundation Python 2.7.14 \n * Python Software Foundation Python 2.7.15 \n * Python Software Foundation Python 2.7.16 \n * Python Software Foundation Python 2.7.2 \n * Python Software Foundation Python 2.7.3 \n * Python Software Foundation Python 2.7.4 \n * Python Software Foundation Python 2.7.5 \n * Python Software Foundation Python 2.7.6 \n * Python Software Foundation Python 2.7.7 \n * Python Software Foundation Python 2.7.8 \n * Python Software Foundation Python 2.7.9 \n * Python Software Foundation Python 3.0 \n * Python Software Foundation Python 3.0.1 \n * Python Software Foundation Python 3.1 \n * Python Software Foundation Python 3.1.1 \n * Python Software Foundation Python 3.1.2 \n * Python Software Foundation Python 3.1.3 \n * Python Software Foundation Python 3.1.4 \n * Python Software Foundation Python 3.1.5 \n * Python Software Foundation Python 3.2 \n * Python Software Foundation Python 3.2.0 \n * Python Software Foundation Python 3.2.1 \n * Python Software Foundation Python 3.2.2 \n * Python Software Foundation Python 3.2.3 \n * Python Software Foundation Python 3.2.4 \n * Python Software Foundation Python 3.2.5 \n * Python Software Foundation Python 3.2.6 \n * Python Software Foundation Python 3.3 \n * Python Software Foundation Python 3.3.0 \n * Python Software Foundation Python 3.3.1 \n * Python Software Foundation Python 3.3.2 \n * Python Software Foundation Python 3.3.3 \n * Python Software Foundation Python 3.3.4 \n * Python Software Foundation Python 3.4 \n * Python Software Foundation Python 3.4.0 \n * Python Software Foundation Python 3.4.1 \n * Python Software Foundation Python 3.4.10 \n * Python Software Foundation Python 3.4.2 \n * Python Software Foundation Python 3.4.3 \n * Python Software Foundation Python 3.4.4 \n * Python Software Foundation Python 3.4.5 \n * Python Software Foundation Python 3.4.6 \n * Python Software Foundation Python 3.4.7 \n * Python Software Foundation Python 3.4.8 \n * Python Software Foundation Python 3.4.9 \n * Python Software Foundation Python 3.5 \n * Python Software Foundation Python 3.5.0 \n * Python Software Foundation Python 3.5.1 \n * Python Software Foundation Python 3.5.2 \n * Python Software Foundation Python 3.5.3 \n * Python Software Foundation Python 3.5.4 \n * Python Software Foundation Python 3.5.5 \n * Python Software Foundation Python 3.5.6 \n * Python Software Foundation Python 3.5.7 \n * Python Software Foundation Python 3.6.0 \n * Python Software Foundation Python 3.6.1 \n * Python Software Foundation Python 3.6.2 \n * Python Software Foundation Python 3.6.3 \n * Python Software Foundation Python 3.6.4 \n * Python Software Foundation Python 3.6.5 \n * Python Software Foundation Python 3.6.6 \n * Python Software Foundation Python 3.6.7 \n * Python Software Foundation Python 3.6.8 \n * Python Software Foundation Python 3.6.9 \n * Python Software Foundation Python 3.7.0 \n * Python Software Foundation Python 3.7.1 \n * Python Software Foundation Python 3.7.2 \n * Python Software Foundation Python 3.7.3 \n * Python Software Foundation Python 3.7.4 \n * Redhat Enterprise Linux 7 \n * Redhat Enterprise Linux 8 \n * Redhat Software Collections \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits. \n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits. \n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the impact of a successful exploit, run server software with the least privileges required and in restricted environments while still maintaining functionality. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-09-06T00:00:00", "published": "2019-09-06T00:00:00", "id": "SMNTC-110026", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110026", "type": "symantec", "title": "Python CVE-2019-16056 Security Bypass Vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-01T14:36:35", "bulletinFamily": "software", "cvelist": ["CVE-2019-16935"], "description": "### Description\n\nPython is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Python versions through 2.7.16, 3.x through 3.6.9 and 3.7.x through 3.7.4 are vulnerable.\n\n### Technologies Affected\n\n * Python Software Foundation Python 2.0.0 \n * Python Software Foundation Python 2.0.1 \n * Python Software Foundation Python 2.1.0 \n * Python Software Foundation Python 2.1.1 \n * Python Software Foundation Python 2.1.2 \n * Python Software Foundation Python 2.1.3 \n * Python Software Foundation Python 2.2 \n * Python Software Foundation Python 2.2.0 \n * Python Software Foundation Python 2.2.1 \n * Python Software Foundation Python 2.2.2 \n * Python Software Foundation Python 2.2.3 \n * Python Software Foundation Python 2.3 \n * Python Software Foundation Python 2.3.0 \n * Python Software Foundation Python 2.3.1 \n * Python Software Foundation Python 2.3.2 \n * Python Software Foundation Python 2.3.3 \n * Python Software Foundation Python 2.3.4 \n * Python Software Foundation Python 2.3.5 \n * Python Software Foundation Python 2.3.6 \n * Python Software Foundation Python 2.3.7 \n * Python Software Foundation Python 2.4 \n * Python Software Foundation Python 2.4.0 \n * Python Software Foundation Python 2.4.1 \n * Python Software Foundation Python 2.4.2 \n * Python Software Foundation Python 2.4.2 \n * Python Software Foundation Python 2.4.3 \n * Python Software Foundation Python 2.4.4 \n * Python Software Foundation Python 2.4.5 \n * Python Software Foundation Python 2.4.6 \n * Python Software Foundation Python 2.5 \n * Python Software Foundation Python 2.5.1 \n * Python Software Foundation Python 2.5.150 \n * Python Software Foundation Python 2.5.2 \n * Python Software Foundation Python 2.5.3 \n * Python Software Foundation Python 2.5.4 \n * Python Software Foundation Python 2.5.5 \n * Python Software Foundation Python 2.5.6 \n * Python Software Foundation Python 2.6 \n * Python Software Foundation Python 2.6.1 \n * Python Software Foundation Python 2.6.2 \n * Python Software Foundation Python 2.6.4 \n * Python Software Foundation Python 2.6.5 \n * Python Software Foundation Python 2.6.6 \n * Python Software Foundation Python 2.6.7 \n * Python Software Foundation Python 2.6.8 \n * Python Software Foundation Python 2.7 \n * Python Software Foundation Python 2.7.0 \n * Python Software Foundation Python 2.7.1 \n * Python Software Foundation Python 2.7.10 \n * Python Software Foundation Python 2.7.11 \n * Python Software Foundation Python 2.7.12 \n * Python Software Foundation Python 2.7.13 \n * Python Software Foundation Python 2.7.14 \n * Python Software Foundation Python 2.7.15 \n * Python Software Foundation Python 2.7.16 \n * Python Software Foundation Python 2.7.2 \n * Python Software Foundation Python 2.7.3 \n * Python Software Foundation Python 2.7.4 \n * Python Software Foundation Python 2.7.5 \n * Python Software Foundation Python 2.7.6 \n * Python Software Foundation Python 2.7.7 \n * Python Software Foundation Python 2.7.8 \n * Python Software Foundation Python 2.7.9 \n * Python Software Foundation Python 3.0.1 \n * Python Software Foundation Python 3.1 \n * Python Software Foundation Python 3.1.1 \n * Python Software Foundation Python 3.1.2 \n * Python Software Foundation Python 3.1.3 \n * Python Software Foundation Python 3.1.4 \n * Python Software Foundation Python 3.1.5 \n * Python Software Foundation Python 3.2 \n * Python Software Foundation Python 3.2.0 \n * Python Software Foundation Python 3.2.1 \n * Python Software Foundation Python 3.2.2 \n * Python Software Foundation Python 3.2.2150 \n * Python Software Foundation Python 3.2.3 \n * Python Software Foundation Python 3.2.4 \n * Python Software Foundation Python 3.2.5 \n * Python Software Foundation Python 3.2.6 \n * Python Software Foundation Python 3.3 \n * Python Software Foundation Python 3.3.0 \n * Python Software Foundation Python 3.3.1 \n * Python Software Foundation Python 3.3.1 Rc1 \n * Python Software Foundation Python 3.3.2 \n * Python Software Foundation Python 3.3.3 \n * Python Software Foundation Python 3.3.3 Rc1 \n * Python Software Foundation Python 3.3.3 Rc2 \n * Python Software Foundation Python 3.3.4 \n * Python Software Foundation Python 3.3.4 Rc1 \n * Python Software Foundation Python 3.3.5 - \n * Python Software Foundation Python 3.3.5 Rc1 \n * Python Software Foundation Python 3.3.5 Rc2 \n * Python Software Foundation Python 3.3.6 Rc1 \n * Python Software Foundation Python 3.4 \n * Python Software Foundation Python 3.4.0 \n * Python Software Foundation Python 3.4.1 \n * Python Software Foundation Python 3.4.10 \n * Python Software Foundation Python 3.4.2 \n * Python Software Foundation Python 3.4.3 \n * Python Software Foundation Python 3.4.4 \n * Python Software Foundation Python 3.4.5 \n * Python Software Foundation Python 3.4.6 \n * Python Software Foundation Python 3.4.7 \n * Python Software Foundation Python 3.4.8 \n * Python Software Foundation Python 3.4.9 \n * Python Software Foundation Python 3.5 \n * Python Software Foundation Python 3.5.0 \n * Python Software Foundation Python 3.5.1 \n * Python Software Foundation Python 3.5.2 \n * Python Software Foundation Python 3.5.3 \n * Python Software Foundation Python 3.5.4 \n * Python Software Foundation Python 3.5.5 \n * Python Software Foundation Python 3.5.6 \n * Python Software Foundation Python 3.5.7 \n * Python Software Foundation Python 3.6 \n * Python Software Foundation Python 3.6.0 \n * Python Software Foundation Python 3.6.1 \n * Python Software Foundation Python 3.6.2 \n * Python Software Foundation Python 3.6.3 \n * Python Software Foundation Python 3.6.4 \n * Python Software Foundation Python 3.6.5 \n * Python Software Foundation Python 3.6.6 \n * Python Software Foundation Python 3.6.7 \n * Python Software Foundation Python 3.6.8 \n * Python Software Foundation Python 3.6.9 \n * Python Software Foundation Python 3.7.0 \n * Python Software Foundation Python 3.7.1 \n * Python Software Foundation Python 3.7.2 \n * Python Software Foundation Python 3.7.3 \n * Python Software Foundation Python 3.7.4 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users. \n\n**Set web browser security to disable the execution of JavaScript.** \nSince a successful exploit of these issues allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-09-30T00:00:00", "published": "2019-09-30T00:00:00", "id": "SMNTC-110222", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110222", "type": "symantec", "title": "Python CVE-2019-16935 CRLF Multiple Cross Site Scripting Vulnerabilities", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2019-10-28T02:32:00", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16935", "CVE-2019-16056", "CVE-2019-9947"], "description": "This update for python fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9947: Fixed an insufficient validation of URL paths with\n embedded whitespace or control characters that could allow HTTP header\n injections. (bsc#1130840)\n - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)\n - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py\n (bsc#1153238).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-10-28T00:12:11", "published": "2019-10-28T00:12:11", "id": "OPENSUSE-SU-2019:2393-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html", "title": "Security update for python (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-10-28T00:32:00", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16935", "CVE-2019-16056", "CVE-2019-9947"], "description": "This update for python fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-9947: Fixed an insufficient validation of URL paths with\n embedded whitespace or control characters that could allow HTTP header\n injections. (bsc#1130840)\n - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)\n - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py\n (bsc#1153238).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-10-27T21:11:42", "published": "2019-10-27T21:11:42", "id": "OPENSUSE-SU-2019:2389-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html", "title": "Security update for python (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-06T00:01:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16935", "CVE-2019-16056"], "description": "This update for python3 to 3.6.9 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)\n - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py\n (bsc#1153238).\n\n Non-security issues fixed:\n\n - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL.\n (bsc#1151490)\n - Improved locale handling by implementing PEP 538.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-11-05T21:47:46", "published": "2019-11-05T21:47:46", "id": "OPENSUSE-SU-2019:2438-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html", "title": "Security update for python3 (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-11-09T20:32:35", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16935", "CVE-2019-16056"], "description": "This update for python3 to 3.6.9 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-16056: Fixed a parser issue in the email module. (bsc#1149955)\n - CVE-2019-16935: Fixed a reflected XSS in python/Lib/DocXMLRPCServer.py\n (bsc#1153238).\n\n Non-security issues fixed:\n\n - Fixed regression of OpenSSL 1.1.1b-1 in EVP_PBE_scrypt() with salt=NULL.\n (bsc#1151490)\n - Improved locale handling by implementing PEP 538.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-11-09T18:22:13", "published": "2019-11-09T18:22:13", "id": "OPENSUSE-SU-2019:2453-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html", "title": "Security update for python3 (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:37:48", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9636", "CVE-2019-16056", "CVE-2019-9740", "CVE-2019-9948", "CVE-2019-9947", "CVE-2019-10160", "CVE-2019-11340"], "description": "**Issue Overview:**\n\nA security regression of [CVE-2019-9636 __](<https://access.redhat.com/security/cve/CVE-2019-9636>) was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit [CVE-2019-9636 __](<https://access.redhat.com/security/cve/CVE-2019-9636>) by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. ([CVE-2019-10160 __](<https://access.redhat.com/security/cve/CVE-2019-10160>))\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. ([CVE-2019-9740 __](<https://access.redhat.com/security/cve/CVE-2019-9740>))\n\nurllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(&#x27;local_file:///etc/passwd&#x27;) call. ([CVE-2019-9948 __](<https://access.redhat.com/security/cve/CVE-2019-9948>))\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the [CVE-2019-9740 __](<https://access.redhat.com/security/cve/CVE-2019-9740>) query string issue. ([CVE-2019-9947 __](<https://access.redhat.com/security/cve/CVE-2019-9947>))\n\nAn issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in [CVE-2019-11340 __](<https://access.redhat.com/security/cve/CVE-2019-11340>); however, this CVE applies to Python more generally. ([CVE-2019-16056 __](<https://access.redhat.com/security/cve/CVE-2019-16056>))\n\nPython 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. ([CVE-2019-9636 __](<https://access.redhat.com/security/cve/CVE-2019-9636>))\n\n \n**Affected Packages:** \n\n\npython34\n\n \n**Issue Correction:** \nRun _yum update python34_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n python34-devel-3.4.10-1.49.amzn1.i686 \n python34-test-3.4.10-1.49.amzn1.i686 \n python34-3.4.10-1.49.amzn1.i686 \n python34-debuginfo-3.4.10-1.49.amzn1.i686 \n python34-libs-3.4.10-1.49.amzn1.i686 \n python34-tools-3.4.10-1.49.amzn1.i686 \n \n src: \n python34-3.4.10-1.49.amzn1.src \n \n x86_64: \n python34-debuginfo-3.4.10-1.49.amzn1.x86_64 \n python34-test-3.4.10-1.49.amzn1.x86_64 \n python34-devel-3.4.10-1.49.amzn1.x86_64 \n python34-libs-3.4.10-1.49.amzn1.x86_64 \n python34-tools-3.4.10-1.49.amzn1.x86_64 \n python34-3.4.10-1.49.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2019-11-19T17:31:00", "published": "2019-11-19T17:31:00", "id": "ALAS-2019-1324", "href": "https://alas.aws.amazon.com/ALAS-2019-1324.html", "title": "Important: python34", "type": "amazon", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-11-10T12:37:29", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16056", "CVE-2019-11340"], "description": "**Issue Overview:**\n\nAn issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in [CVE-2019-11340 __](<https://access.redhat.com/security/cve/CVE-2019-11340>); however, this CVE applies to Python more generally.([CVE-2019-16056 __](<https://access.redhat.com/security/cve/CVE-2019-16056>))\n\n \n**Affected Packages:** \n\n\npython, python3\n\n \n**Issue Correction:** \nRun _yum update python_ to update your system. \nRun _yum update python3_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n python-2.7.16-4.amzn2.aarch64 \n python-libs-2.7.16-4.amzn2.aarch64 \n python-devel-2.7.16-4.amzn2.aarch64 \n python-tools-2.7.16-4.amzn2.aarch64 \n tkinter-2.7.16-4.amzn2.aarch64 \n python-test-2.7.16-4.amzn2.aarch64 \n python-debug-2.7.16-4.amzn2.aarch64 \n python-debuginfo-2.7.16-4.amzn2.aarch64 \n python3-3.7.4-1.amzn2.0.3.aarch64 \n python3-libs-3.7.4-1.amzn2.0.3.aarch64 \n python3-devel-3.7.4-1.amzn2.0.3.aarch64 \n python3-tools-3.7.4-1.amzn2.0.3.aarch64 \n python3-tkinter-3.7.4-1.amzn2.0.3.aarch64 \n python3-test-3.7.4-1.amzn2.0.3.aarch64 \n python3-debug-3.7.4-1.amzn2.0.3.aarch64 \n python3-debuginfo-3.7.4-1.amzn2.0.3.aarch64 \n \n i686: \n python-2.7.16-4.amzn2.i686 \n python-libs-2.7.16-4.amzn2.i686 \n python-devel-2.7.16-4.amzn2.i686 \n python-tools-2.7.16-4.amzn2.i686 \n tkinter-2.7.16-4.amzn2.i686 \n python-test-2.7.16-4.amzn2.i686 \n python-debug-2.7.16-4.amzn2.i686 \n python-debuginfo-2.7.16-4.amzn2.i686 \n python3-3.7.4-1.amzn2.0.3.i686 \n python3-libs-3.7.4-1.amzn2.0.3.i686 \n python3-devel-3.7.4-1.amzn2.0.3.i686 \n python3-tools-3.7.4-1.amzn2.0.3.i686 \n python3-tkinter-3.7.4-1.amzn2.0.3.i686 \n python3-test-3.7.4-1.amzn2.0.3.i686 \n python3-debug-3.7.4-1.amzn2.0.3.i686 \n python3-debuginfo-3.7.4-1.amzn2.0.3.i686 \n \n src: \n python-2.7.16-4.amzn2.src \n python3-3.7.4-1.amzn2.0.3.src \n \n x86_64: \n python-2.7.16-4.amzn2.x86_64 \n python-libs-2.7.16-4.amzn2.x86_64 \n python-devel-2.7.16-4.amzn2.x86_64 \n python-tools-2.7.16-4.amzn2.x86_64 \n tkinter-2.7.16-4.amzn2.x86_64 \n python-test-2.7.16-4.amzn2.x86_64 \n python-debug-2.7.16-4.amzn2.x86_64 \n python-debuginfo-2.7.16-4.amzn2.x86_64 \n python3-3.7.4-1.amzn2.0.3.x86_64 \n python3-libs-3.7.4-1.amzn2.0.3.x86_64 \n python3-devel-3.7.4-1.amzn2.0.3.x86_64 \n python3-tools-3.7.4-1.amzn2.0.3.x86_64 \n python3-tkinter-3.7.4-1.amzn2.0.3.x86_64 \n python3-test-3.7.4-1.amzn2.0.3.x86_64 \n python3-debug-3.7.4-1.amzn2.0.3.x86_64 \n python3-debuginfo-3.7.4-1.amzn2.0.3.x86_64 \n \n \n", "edition": 1, "modified": "2019-11-19T17:53:00", "published": "2019-11-19T17:53:00", "id": "ALAS2-2019-1368", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1368.html", "title": "Medium: python, python3", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-10T12:36:22", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16056", "CVE-2019-11340"], "description": "**Issue Overview:**\n\nAn issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in [CVE-2019-11340 __](<https://access.redhat.com/security/cve/CVE-2019-11340>); however, this CVE applies to Python more generally. ([CVE-2019-16056 __](<https://access.redhat.com/security/cve/CVE-2019-16056>))\n\n \n**Affected Packages:** \n\n\npython27, python34, python35, python36\n\n \n**Issue Correction:** \nRun _yum update python27_ to update your system. \nRun _yum update python34_ to update your system. \nRun _yum update python35_ to update your system. \nRun _yum update python36_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n python34-test-3.4.10-1.48.amzn1.i686 \n python34-libs-3.4.10-1.48.amzn1.i686 \n python34-devel-3.4.10-1.48.amzn1.i686 \n python34-debuginfo-3.4.10-1.48.amzn1.i686 \n python34-3.4.10-1.48.amzn1.i686 \n python34-tools-3.4.10-1.48.amzn1.i686 \n python35-tools-3.5.7-1.24.amzn1.i686 \n python35-debuginfo-3.5.7-1.24.amzn1.i686 \n python35-3.5.7-1.24.amzn1.i686 \n python35-devel-3.5.7-1.24.amzn1.i686 \n python35-libs-3.5.7-1.24.amzn1.i686 \n python35-test-3.5.7-1.24.amzn1.i686 \n python27-2.7.16-1.130.amzn1.i686 \n python27-libs-2.7.16-1.130.amzn1.i686 \n python27-devel-2.7.16-1.130.amzn1.i686 \n python27-tools-2.7.16-1.130.amzn1.i686 \n python27-test-2.7.16-1.130.amzn1.i686 \n python27-debuginfo-2.7.16-1.130.amzn1.i686 \n python36-devel-3.6.8-1.15.amzn1.i686 \n python36-debuginfo-3.6.8-1.15.amzn1.i686 \n python36-libs-3.6.8-1.15.amzn1.i686 \n python36-test-3.6.8-1.15.amzn1.i686 \n python36-debug-3.6.8-1.15.amzn1.i686 \n python36-tools-3.6.8-1.15.amzn1.i686 \n python36-3.6.8-1.15.amzn1.i686 \n \n src: \n python34-3.4.10-1.48.amzn1.src \n python35-3.5.7-1.24.amzn1.src \n python27-2.7.16-1.130.amzn1.src \n python36-3.6.8-1.15.amzn1.src \n \n x86_64: \n python34-libs-3.4.10-1.48.amzn1.x86_64 \n python34-tools-3.4.10-1.48.amzn1.x86_64 \n python34-devel-3.4.10-1.48.amzn1.x86_64 \n python34-debuginfo-3.4.10-1.48.amzn1.x86_64 \n python34-3.4.10-1.48.amzn1.x86_64 \n python34-test-3.4.10-1.48.amzn1.x86_64 \n python35-test-3.5.7-1.24.amzn1.x86_64 \n python35-3.5.7-1.24.amzn1.x86_64 \n python35-libs-3.5.7-1.24.amzn1.x86_64 \n python35-tools-3.5.7-1.24.amzn1.x86_64 \n python35-debuginfo-3.5.7-1.24.amzn1.x86_64 \n python35-devel-3.5.7-1.24.amzn1.x86_64 \n python27-2.7.16-1.130.amzn1.x86_64 \n python27-test-2.7.16-1.130.amzn1.x86_64 \n python27-devel-2.7.16-1.130.amzn1.x86_64 \n python27-debuginfo-2.7.16-1.130.amzn1.x86_64 \n python27-libs-2.7.16-1.130.amzn1.x86_64 \n python27-tools-2.7.16-1.130.amzn1.x86_64 \n python36-test-3.6.8-1.15.amzn1.x86_64 \n python36-libs-3.6.8-1.15.amzn1.x86_64 \n python36-debug-3.6.8-1.15.amzn1.x86_64 \n python36-debuginfo-3.6.8-1.15.amzn1.x86_64 \n python36-tools-3.6.8-1.15.amzn1.x86_64 \n python36-3.6.8-1.15.amzn1.x86_64 \n python36-devel-3.6.8-1.15.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2019-10-28T17:10:00", "published": "2019-10-28T17:10:00", "id": "ALAS-2019-1314", "href": "https://alas.aws.amazon.com/ALAS-2019-1314.html", "title": "Medium: python27, python34, python35, python36", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-10T12:35:50", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9740", "CVE-2019-9947"], "description": "**Issue Overview:**\n\nAn issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. ([CVE-2019-9740 __](<https://access.redhat.com/security/cve/CVE-2019-9740>), [CVE-2019-9947 __](<https://access.redhat.com/security/cve/CVE-2019-9947>))\n\n \n**Affected Packages:** \n\n\npython34\n\n \n**Issue Correction:** \nRun _yum update python34_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n python34-3.4.10-1.45.amzn1.i686 \n python34-devel-3.4.10-1.45.amzn1.i686 \n python34-test-3.4.10-1.45.amzn1.i686 \n python34-libs-3.4.10-1.45.amzn1.i686 \n python34-tools-3.4.10-1.45.amzn1.i686 \n python34-debuginfo-3.4.10-1.45.amzn1.i686 \n \n src: \n python34-3.4.10-1.45.amzn1.src \n \n x86_64: \n python34-libs-3.4.10-1.45.amzn1.x86_64 \n python34-test-3.4.10-1.45.amzn1.x86_64 \n python34-3.4.10-1.45.amzn1.x86_64 \n python34-tools-3.4.10-1.45.amzn1.x86_64 \n python34-devel-3.4.10-1.45.amzn1.x86_64 \n python34-debuginfo-3.4.10-1.45.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2019-07-17T23:50:00", "published": "2019-07-17T23:50:00", "id": "ALAS-2019-1242", "href": "https://alas.aws.amazon.com/ALAS-2019-1242.html", "title": "Medium: python34", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-10T12:35:50", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9740", "CVE-2019-9947"], "description": "**Issue Overview:**\n\nAn issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the [CVE-2019-9740 __](<https://access.redhat.com/security/cve/CVE-2019-9740>) query string issue. ([CVE-2019-9947 __](<https://access.redhat.com/security/cve/CVE-2019-9947>), [CVE-2019-9740 __](<https://access.redhat.com/security/cve/CVE-2019-9740>))\n\n \n**Affected Packages:** \n\n\npython3\n\n \n**Issue Correction:** \nRun _yum update python3_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n python3-3.7.3-1.amzn2.0.2.aarch64 \n python3-libs-3.7.3-1.amzn2.0.2.aarch64 \n python3-devel-3.7.3-1.amzn2.0.2.aarch64 \n python3-tools-3.7.3-1.amzn2.0.2.aarch64 \n python3-tkinter-3.7.3-1.amzn2.0.2.aarch64 \n python3-test-3.7.3-1.amzn2.0.2.aarch64 \n python3-debug-3.7.3-1.amzn2.0.2.aarch64 \n python3-debuginfo-3.7.3-1.amzn2.0.2.aarch64 \n \n i686: \n python3-3.7.3-1.amzn2.0.2.i686 \n python3-libs-3.7.3-1.amzn2.0.2.i686 \n python3-devel-3.7.3-1.amzn2.0.2.i686 \n python3-tools-3.7.3-1.amzn2.0.2.i686 \n python3-tkinter-3.7.3-1.amzn2.0.2.i686 \n python3-test-3.7.3-1.amzn2.0.2.i686 \n python3-debug-3.7.3-1.amzn2.0.2.i686 \n python3-debuginfo-3.7.3-1.amzn2.0.2.i686 \n \n src: \n python3-3.7.3-1.amzn2.0.2.src \n \n x86_64: \n python3-3.7.3-1.amzn2.0.2.x86_64 \n python3-libs-3.7.3-1.amzn2.0.2.x86_64 \n python3-devel-3.7.3-1.amzn2.0.2.x86_64 \n python3-tools-3.7.3-1.amzn2.0.2.x86_64 \n python3-tkinter-3.7.3-1.amzn2.0.2.x86_64 \n python3-test-3.7.3-1.amzn2.0.2.x86_64 \n python3-debug-3.7.3-1.amzn2.0.2.x86_64 \n python3-debuginfo-3.7.3-1.amzn2.0.2.x86_64 \n \n \n", "edition": 1, "modified": "2019-07-18T17:40:00", "published": "2019-07-18T17:40:00", "id": "ALAS2-2019-1247", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1247.html", "title": "Important: python3", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-10T12:36:33", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9636", "CVE-2019-9740", "CVE-2019-9947"], "description": "**Issue Overview:**\n\nPython is affected by improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. ([CVE-2019-9636 __](<https://access.redhat.com/security/cve/CVE-2019-9636>))\n\nAn issue was discovered in urllib2 in Python 3.6. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the [CVE-2019-9740 __](<https://access.redhat.com/security/cve/CVE-2019-9740>) query string issue.([CVE-2019-9740 __](<https://access.redhat.com/security/cve/CVE-2019-9740>))\n\nAn issue was discovered in urllib2 in Python 3.6. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the [CVE-2019-9740 __](<https://access.redhat.com/security/cve/CVE-2019-9740>) query string issue.([CVE-2019-9947 __](<https://access.redhat.com/security/cve/CVE-2019-9947>))\n\n \n**Affected Packages:** \n\n\npython36\n\n \n**Issue Correction:** \nRun _yum update python36_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n python36-debuginfo-3.6.8-1.13.amzn1.i686 \n python36-debug-3.6.8-1.13.amzn1.i686 \n python36-devel-3.6.8-1.13.amzn1.i686 \n python36-tools-3.6.8-1.13.amzn1.i686 \n python36-3.6.8-1.13.amzn1.i686 \n python36-libs-3.6.8-1.13.amzn1.i686 \n python36-test-3.6.8-1.13.amzn1.i686 \n \n src: \n python36-3.6.8-1.13.amzn1.src \n \n x86_64: \n python36-devel-3.6.8-1.13.amzn1.x86_64 \n python36-libs-3.6.8-1.13.amzn1.x86_64 \n python36-3.6.8-1.13.amzn1.x86_64 \n python36-tools-3.6.8-1.13.amzn1.x86_64 \n python36-debug-3.6.8-1.13.amzn1.x86_64 \n python36-test-3.6.8-1.13.amzn1.x86_64 \n python36-debuginfo-3.6.8-1.13.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2019-05-29T19:20:00", "published": "2019-05-29T19:20:00", "id": "ALAS-2019-1204", "href": "https://alas.aws.amazon.com/ALAS-2019-1204.html", "title": "Important: python36", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-10T12:35:05", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9636", "CVE-2019-9740", "CVE-2019-9947"], "description": "**Issue Overview:**\n\nPython 2.7.x through 2.7.16 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. ([CVE-2019-9636 __](<https://access.redhat.com/security/cve/CVE-2019-9636>)).\n\nAn issue was discovered in urllib2 in Python 2.x through 2.7.16. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. ([CVE-2019-9740 __](<https://access.redhat.com/security/cve/CVE-2019-9740>))\n\n \nAn issue was discovered in urllib2 in Python 2.x through 2.7.16 . CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the [CVE-2019-9740 __](<https://access.redhat.com/security/cve/CVE-2019-9740>) query string issue. ([CVE-2019-9947 __](<https://access.redhat.com/security/cve/CVE-2019-9947>))\n\n \n**Affected Packages:** \n\n\npython27\n\n \n**Issue Correction:** \nRun _yum update python27_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n python27-devel-2.7.16-1.127.amzn1.i686 \n python27-libs-2.7.16-1.127.amzn1.i686 \n python27-debuginfo-2.7.16-1.127.amzn1.i686 \n python27-tools-2.7.16-1.127.amzn1.i686 \n python27-test-2.7.16-1.127.amzn1.i686 \n python27-2.7.16-1.127.amzn1.i686 \n \n src: \n python27-2.7.16-1.127.amzn1.src \n \n x86_64: \n python27-test-2.7.16-1.127.amzn1.x86_64 \n python27-tools-2.7.16-1.127.amzn1.x86_64 \n python27-libs-2.7.16-1.127.amzn1.x86_64 \n python27-devel-2.7.16-1.127.amzn1.x86_64 \n python27-debuginfo-2.7.16-1.127.amzn1.x86_64 \n python27-2.7.16-1.127.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2019-06-25T21:32:00", "published": "2019-06-25T21:32:00", "id": "ALAS-2019-1230", "href": "https://alas.aws.amazon.com/ALAS-2019-1230.html", "title": "Medium: python27", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-10T12:37:40", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9636", "CVE-2019-9740", "CVE-2019-9947"], "description": "**Issue Overview:**\n\nAn issue was discovered in urllib2 in Python 2.x and urllib in Python 3.x. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. ([CVE-2019-9740 __](<https://access.redhat.com/security/cve/CVE-2019-9740>), [CVE-2019-9947 __](<https://access.redhat.com/security/cve/CVE-2019-9947>))\n\nPython 2.7.x and 3.x are affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. ([CVE-2019-9636 __](<https://access.redhat.com/security/cve/CVE-2019-9636>))\n\n \n**Affected Packages:** \n\n\npython35\n\n \n**Issue Correction:** \nRun _yum update python35_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n python35-3.5.7-1.22.amzn1.i686 \n python35-libs-3.5.7-1.22.amzn1.i686 \n python35-devel-3.5.7-1.22.amzn1.i686 \n python35-test-3.5.7-1.22.amzn1.i686 \n python35-tools-3.5.7-1.22.amzn1.i686 \n python35-debuginfo-3.5.7-1.22.amzn1.i686 \n \n src: \n python35-3.5.7-1.22.amzn1.src \n \n x86_64: \n python35-test-3.5.7-1.22.amzn1.x86_64 \n python35-debuginfo-3.5.7-1.22.amzn1.x86_64 \n python35-3.5.7-1.22.amzn1.x86_64 \n python35-libs-3.5.7-1.22.amzn1.x86_64 \n python35-tools-3.5.7-1.22.amzn1.x86_64 \n python35-devel-3.5.7-1.22.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2019-07-17T23:51:00", "published": "2019-07-17T23:51:00", "id": "ALAS-2019-1243", "href": "https://alas.aws.amazon.com/ALAS-2019-1243.html", "title": "Medium: python35", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2020-08-12T00:52:18", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9740", "CVE-2019-9947"], "description": "Package : python3.4\nVersion : 3.4.2-1+deb8u4\nCVE ID : CVE-2019-9740 CVE-2019-9947\nDebian Bug : 931044\n\n\nThe update issued as DLA-1835-1 caused a regression in the http.client\nlibrary in Python 3.4 which was broken by the patch intended to fix\nCVE-2019-9740 and CVE-2019-9947.\n\nFor Debian 8 &quot;Jessie&quot;, this problem has been fixed in version\n3.4.2-1+deb8u4.\n\nWe recommend that you upgrade your python3.4 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 7, "modified": "2019-06-25T15:04:32", "published": "2019-06-25T15:04:32", "id": "DEBIAN:DLA-1835-2:87B43", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201906/msg00026.html", "title": "[SECURITY] [DLA 1835-2] python3.4 regression update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-08-12T01:00:53", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16935", "CVE-2019-18348", "CVE-2019-9636", "CVE-2018-20406", "CVE-2019-16056", "CVE-2020-14422", "CVE-2018-20852", "CVE-2019-9740", "CVE-2019-9948", "CVE-2019-9947", "CVE-2019-5010", "CVE-2019-10160", "CVE-2020-8492", "CVE-2019-11340"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2280-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ \nJuly 15, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : python3.5\nVersion : 3.5.3-1+deb9u2\nCVE ID : CVE-2018-20406 CVE-2018-20852 CVE-2019-5010 CVE-2019-9636\n CVE-2019-9740 CVE-2019-9947 CVE-2019-9948 CVE-2019-10160\n CVE-2019-16056 CVE-2019-16935 CVE-2019-18348 CVE-2020-8492\n CVE-2020-14422\nDebian Bug : 924072 921064 940901\n\nMultiple security issues were discovered in Python, an interactive\nhigh-level object-oriented language.\n\nCVE-2018-20406\n\n Modules/_pickle.c has an integer overflow via a large LONG_BINPUT\n value that is mishandled during a &quot;resize to twice the size&quot;\n attempt. This issue might cause memory exhaustion, but is only\n relevant if the pickle format is used for serializing tens or\n hundreds of gigabytes of data.\n\nCVE-2018-20852\n\n http.cookiejar.DefaultPolicy.domain_return_ok in\n Lib/http/cookiejar.py does not correctly validate the domain: it\n can be tricked into sending existing cookies to the wrong\n server. An attacker may abuse this flaw by using a server with a\n hostname that has another valid hostname as a suffix (e.g.,\n pythonicexample.com to steal cookies for example.com). When a\n program uses http.cookiejar.DefaultPolicy and tries to do an HTTP\n connection to an attacker-controlled server, existing cookies can\n be leaked to the attacker.\n\nCVE-2019-5010\n\n An exploitable denial-of-service vulnerability exists in the X509\n certificate parser. A specially crafted X509 certificate can cause\n a NULL pointer dereference, resulting in a denial of service. An\n attacker can initiate or accept TLS connections using crafted\n certificates to trigger this vulnerability.\n\nCVE-2019-9636\n\n Improper Handling of Unicode Encoding (with an incorrect netloc)\n during NFKC normalization. The impact is: Information disclosure\n (credentials, cookies, etc. that are cached against a given\n hostname). The components are: urllib.parse.urlsplit,\n urllib.parse.urlparse. The attack vector is: A specially crafted\n URL could be incorrectly parsed to locate cookies or\n authentication data and send that information to a different host\n than when parsed correctly.\n\nCVE-2019-9740\n\n An issue was discovered in urllib2. CRLF injection is possible if\n the attacker controls a url parameter, as demonstrated by the\n first argument to urllib.request.urlopen with \\r\\n (specifically\n in the query string after a ? character) followed by an HTTP\n header or a Redis command.\n\nCVE-2019-9947\n\n An issue was discovered in urllib2. CRLF injection is possible if\n the attacker controls a url parameter, as demonstrated by the\n first argument to urllib.request.urlopen with \\r\\n (specifically\n in the path component of a URL that lacks a ? character) followed\n by an HTTP header or a Redis command. This is similar to the\n CVE-2019-9740 query string issue.\n\nCVE-2019-9948\n\n urllib supports the local_file: scheme, which makes it easier for\n remote attackers to bypass protection mechanisms that blacklist\n file: URIs, as demonstrated by triggering a\n urllib.urlopen(&#x27;local_file:///etc/passwd&#x27;) call.\n\nCVE-2019-10160\n\n A security regression was discovered in python, which still allows\n an attacker to exploit CVE-2019-9636 by abusing the user and\n password parts of a URL. When an application parses user-supplied\n URLs to store cookies, authentication credentials, or other kind\n of information, it is possible for an attacker to provide\n specially crafted URLs to make the application locate host-related\n information (e.g. cookies, authentication data) and send them to a\n different host than where it should, unlike if the URLs had been\n correctly parsed. The result of an attack may vary based on the\n application.\n\nCVE-2019-16056\n\n The email module wrongly parses email addresses that contain\n multiple @ characters. An application that uses the email module\n and implements some kind of checks on the From/To headers of a\n message could be tricked into accepting an email address that\n should be denied. An attack may be the same as in CVE-2019-11340;\n however, this CVE applies to Python more generally.\n\nCVE-2019-16935\n\n The documentation XML-RPC server has XSS via the server_title\n field. This occurs in Lib/xmlrpc/server.py. If set_server_title is\n called with untrusted input, arbitrary JavaScript can be delivered\n to clients that visit the http URL for this server.\n\nCVE-2019-18348\n\n An issue was discovered in urllib2. CRLF injection is possible if\n the attacker controls a url parameter, as demonstrated by the\n first argument to urllib.request.urlopen with \\r\\n (specifically\n in the host component of a URL) followed by an HTTP header. This\n is similar to the CVE-2019-9740 query string issue and the\n CVE-2019-9947 path string issue\n\nCVE-2020-8492\n\n Python allows an HTTP server to conduct Regular Expression Denial\n of Service (ReDoS) attacks against a client because of\n urllib.request.AbstractBasicAuthHandler catastrophic backtracking.\n\nCVE-2020-14422\n\n Lib/ipaddress.py improperly computes hash values in the\n IPv4Interface and IPv6Interface classes, which might allow a\n remote attacker to cause a denial of service if an application is\n affected by the performance of a dictionary containing\n IPv4Interface or IPv6Interface objects, and this attacker can\n cause many dictionary entries to be created.\n\nFor Debian 9 stretch, these problems have been fixed in version\n3.5.3-1+deb9u2.\n\nWe recommend that you upgrade your python3.5 packages.\n\nFor the detailed security status of python3.5 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/python3.5\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2020-07-15T10:01:04", "published": "2020-07-15T10:01:04", "id": "DEBIAN:DLA-2280-1:96280", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202007/msg00011.html", "title": "[SECURITY] [DLA 2280-1] python3.5 security update", "type": "debian", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16935", "CVE-2019-16056"], "description": "USN-4151-1 fixed several vulnerabilities in Python. This update provides \nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that Python incorrectly parsed certain email addresses. A \nremote attacker could possibly use this issue to trick Python applications \ninto accepting email addresses that should be denied. (CVE-2019-16056)\n\nIt was discovered that the Python documentation XML-RPC server incorrectly \nhandled certain fields. A remote attacker could use this issue to execute a \ncross-site scripting (XSS) attack. (CVE-2019-16935)", "edition": 2, "modified": "2019-10-10T00:00:00", "published": "2019-10-10T00:00:00", "id": "USN-4151-2", "href": "https://ubuntu.com/security/notices/USN-4151-2", "title": "Python vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-07-02T11:37:22", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16935", "CVE-2019-16056"], "description": "It was discovered that Python incorrectly parsed certain email addresses. A \nremote attacker could possibly use this issue to trick Python applications \ninto accepting email addresses that should be denied. (CVE-2019-16056)\n\nIt was discovered that the Python documentation XML-RPC server incorrectly \nhandled certain fields. A remote attacker could use this issue to execute a \ncross-site scripting (XSS) attack. (CVE-2019-16935)", "edition": 2, "modified": "2019-10-09T00:00:00", "published": "2019-10-09T00:00:00", "id": "USN-4151-1", "href": "https://ubuntu.com/security/notices/USN-4151-1", "title": "Python vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16056", "CVE-2019-16935"], "description": "Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software Collections or older Fedora releases. ", "modified": "2020-01-12T01:16:42", "published": "2020-01-12T01:16:42", "id": "FEDORA:071096091F43", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: python36-3.6.10-1.fc30", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16056", "CVE-2019-16935"], "description": "Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software Collections or older Fedora releases. ", "modified": "2020-01-12T01:46:59", "published": "2020-01-12T01:46:59", "id": "FEDORA:B940C60A8A0C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: python36-3.6.10-1.fc31", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10160", "CVE-2019-16056", "CVE-2019-16935", "CVE-2019-18348", "CVE-2019-9636", "CVE-2019-9740"], "description": "Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Collections or older Fedora releases. ", "modified": "2019-11-09T22:40:00", "published": "2019-11-09T22:40:00", "id": "FEDORA:BF65760525B8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: python35-3.5.8-2.fc30", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10160", "CVE-2019-16056", "CVE-2019-16935", "CVE-2019-18348", "CVE-2019-9636", "CVE-2019-9740"], "description": "Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software Collections or older Fedora releases. ", "modified": "2019-11-11T01:06:32", "published": "2019-11-11T01:06:32", "id": "FEDORA:9848360648DC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: python35-3.5.8-2.fc31", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9636", "CVE-2019-9740", "CVE-2019-9947"], "description": "Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the \"python3\" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3-libs packag e, which should be installed automatically along with python3. The remaining parts of the Python standard library are broken out into the python3-tkinter and python3-test packages, which may need to be installed separately. Documentation for Python is provided in the python3-docs package. Packages containing additional libraries for Python are generally named with the \"python3-\" prefix. ", "modified": "2019-05-17T01:08:18", "published": "2019-05-17T01:08:18", "id": "FEDORA:4B77660C7BDE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: python3-3.7.3-3.fc30", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20852", "CVE-2019-16056", "CVE-2019-16935"], "description": "The python2-docs package contains documentation on the Python 2 programming language and interpreter. Install the python2-docs package if you'd like to use the documentation for the Python 2 language. ", "modified": "2019-11-09T22:39:57", "published": "2019-11-09T22:39:57", "id": "FEDORA:61CEB60525CF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: python2-docs-2.7.17-1.fc30", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20852", "CVE-2019-16056", "CVE-2019-16935"], "description": "Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed in the 3.x line. Note that documentation for Python 2 is provided in the python2-docs package. This package provides the \"python2\" executable; most of the actual implementation is within the \"python2-libs\" package. ", "modified": "2019-11-09T21:21:27", "published": "2019-11-09T21:21:27", "id": "FEDORA:55FE8604DFF9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: python2-2.7.17-1.fc31", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cloudfoundry": [{"lastseen": "2019-11-07T04:08:12", "bulletinFamily": "software", "cvelist": ["CVE-2019-16935", "CVE-2019-16056"], "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056)\n\nIt was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935)\n\nCVEs contained in this USN include: CVE-2019-16056, CVE-2019-16935\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 456.x versions prior to 456.40\n * 315.x versions prior to 315.114\n * 250.x versions prior to 250.130\n * 170.x versions prior to 170.152\n * 97.x versions prior to 97.176\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.133.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 456.x versions to 456.40\n * Upgrade 315.x versions to 315.114\n * Upgrade 250.x versions to 250.130\n * Upgrade 170.x versions to 170.152\n * Upgrade 97.x versions to 97.176\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.133.0 or later.\n\n## References\n\n * [USN-4151-1](<https://usn.ubuntu.com/4151-1>)\n * [CVE-2019-16056](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16056>)\n * [CVE-2019-16935](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16935>)\n", "edition": 1, "modified": "2019-11-06T00:00:00", "published": "2019-11-06T00:00:00", "id": "CFOUNDRY:372C89C2034124B41C6B1DC1B76A49D9", "href": "https://www.cloudfoundry.org/blog/usn-4151-1/", "title": "USN-4151-1: Python vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}