Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623114202235112HistoryOct 21, 2022 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2022:3511-2)
2022-10-2100:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
2
suse
security advisory
python3
cve-2021-28861
update
sles12.0sp2
vulnerability
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
7.9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.8%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2022.3511.2");
script_cve_id("CVE-2021-28861");
script_tag(name:"creation_date", value:"2022-10-21 04:44:57 +0000 (Fri, 21 Oct 2022)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-08-24 13:50:37 +0000 (Wed, 24 Aug 2022)");
script_name("SUSE: Security Advisory (SUSE-SU-2022:3511-2)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP2|SLES12\.0SP3|SLES12\.0SP4)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:3511-2");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2022/suse-su-20223511-2/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'python3' package(s) announced via the SUSE-SU-2022:3511-2 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for python3 fixes the following issues:
CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP
server when an URI path starts with // (bsc#1202624).");
script_tag(name:"affected", value:"'python3' package(s) on SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server for SAP 12-SP4, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 9.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"libpython3_4m1_0", rpm:"libpython3_4m1_0~3.4.10~25.96.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libpython3_4m1_0-debuginfo", rpm:"libpython3_4m1_0-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3", rpm:"python3~3.4.10~25.96.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-base", rpm:"python3-base~3.4.10~25.96.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-base-debuginfo", rpm:"python3-base-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-base-debugsource", rpm:"python3-base-debugsource~3.4.10~25.96.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-curses", rpm:"python3-curses~3.4.10~25.96.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-curses-debuginfo", rpm:"python3-curses-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-debuginfo", rpm:"python3-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-debugsource", rpm:"python3-debugsource~3.4.10~25.96.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"libpython3_4m1_0", rpm:"libpython3_4m1_0~3.4.10~25.96.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libpython3_4m1_0-debuginfo", rpm:"libpython3_4m1_0-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3", rpm:"python3~3.4.10~25.96.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-base", rpm:"python3-base~3.4.10~25.96.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-base-debuginfo", rpm:"python3-base-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-base-debugsource", rpm:"python3-base-debugsource~3.4.10~25.96.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-curses", rpm:"python3-curses~3.4.10~25.96.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-curses-debuginfo", rpm:"python3-curses-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-debuginfo", rpm:"python3-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-debugsource", rpm:"python3-debugsource~3.4.10~25.96.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"libpython3_4m1_0", rpm:"libpython3_4m1_0~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libpython3_4m1_0-debuginfo", rpm:"libpython3_4m1_0-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3", rpm:"python3~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-base", rpm:"python3-base~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-base-debuginfo", rpm:"python3-base-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-base-debugsource", rpm:"python3-base-debugsource~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-curses", rpm:"python3-curses~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-curses-debuginfo", rpm:"python3-curses-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-debuginfo", rpm:"python3-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-debugsource", rpm:"python3-debugsource~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-devel", rpm:"python3-devel~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-devel-debuginfo", rpm:"python3-devel-debuginfo~3.4.10~25.96.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
cve
cve
CVE-2021-28861
2022-08-23 01:15:07
nessus
nessus
SUSE SLES15 Security Update : python3 (SUSE-SU-2022:3593-1)
2022-10-15 00:00:00
EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2022-2913)
2022-12-28 00:00:00
Fedora 36 : pypy3.8 (2022-15f1aa7dc7)
2022-12-23 00:00:00
prion
prion
Open redirect
2022-08-23 01:15:00
osv
osv
python3.5 vulnerability
2022-09-22 18:52:20
http.server: Open Redirection if the URL path starts with //
2022-08-23 00:00:00
BIT-python-2021-28861
2024-03-06 11:06:51
openvas
openvas
Fedora: Security Advisory for pypy3.8 (FEDORA-2022-20116fb6aa)
2022-11-11 00:00:00
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-2693)
2022-11-03 00:00:00
Fedora: Security Advisory for pypy3.9 (FEDORA-2022-4ac2e16969)
2022-10-23 00:00:00
debiancve
debiancve
CVE-2021-28861
2022-08-23 01:15:07
fedora
fedora
[SECURITY] Fedora 36 Update: pypy3.7-7.3.9-4.3.7.fc36
2022-10-28 11:16:46
[SECURITY] Fedora 35 Update: pypy3.7-7.3.9-4.3.7.fc35
2022-10-28 11:46:08
[SECURITY] Fedora 37 Update: python3.6-3.6.15-12.fc37
2022-09-27 00:17:04
ibm
ibm
ubuntucve
ubuntucve
CVE-2021-28861
2022-08-23 00:00:00
veracode
veracode
Information Disclosure
2022-10-10 23:00:45
nvd
nvd
CVE-2021-28861
2022-08-23 01:15:07
redhatcve
redhatcve
CVE-2021-28861
2022-08-23 13:09:44
cvelist
cvelist
CVE-2021-28861
2022-08-23 00:00:00
ubuntu
ubuntu
Python vulnerability
2022-09-22 00:00:00
Python vulnerabilities
2023-02-27 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-28861 affecting package python3 3.7.13-2
2022-09-17 05:56:36
CVE-2021-28861 affecting package python3 for versions less than 3.9.19-1
2022-09-16 06:05:37
suse
suse
Security update for python (moderate)
2022-10-04 00:00:00
Security update for python3 (important)
2022-10-06 00:00:00
Security update for python39 (important)
2022-10-01 00:00:00
rocky
rocky
python3.9 security, bug fix, and enhancement update
2022-11-15 06:22:23
python3 security update
2023-02-22 01:08:44
redhat
redhat
oraclelinux
oraclelinux
python3.9 security, bug fix, and enhancement update
2022-11-22 00:00:00
python39:3.9 and python39-devel:3.9 security update
2023-05-23 00:00:00
python3 security update
2023-02-22 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0240
2022-09-05 00:00:00
Important Photon OS Security Update - PHSA-2022-0516
2022-09-15 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0240
2022-09-05 00:00:00
almalinux
almalinux
Moderate: python3.9 security, bug fix, and enhancement update
2022-11-15 00:00:00
Moderate: python3 security update
2023-02-21 00:00:00
Moderate: python39:3.9 and python39-devel:3.9 security update
2023-05-16 00:00:00
mageia
mageia
Updated python3 packages fix security vulnerability
2022-10-08 23:22:22
gentoo
gentoo
Python, PyPy3: Multiple Vulnerabilities
2023-05-03 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
avleonov
avleonov
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
7.9 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.8%
Related for OPENVAS:13614125623114202235112