9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
COMPLETE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:C/A:P
0.014 Low
EPSS
Percentile
86.4%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2023.0707.1");
script_cve_id("CVE-2015-20107", "CVE-2022-37454", "CVE-2022-42919", "CVE-2022-45061", "CVE-2023-24329");
script_tag(name:"creation_date", value:"2023-03-28 13:04:06 +0000 (Tue, 28 Mar 2023)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"8.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:C/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-11-09 17:55:33 +0000 (Wed, 09 Nov 2022)");
script_name("SUSE: Security Advisory (SUSE-SU-2023:0707-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP3)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:0707-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2023/suse-su-20230707-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'python39' package(s) announced via the SUSE-SU-2023:0707-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for python39 fixes the following issues:
CVE-2023-24329: Fixed blocklists bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
Update to 3.9.16:
- python -m http.server no longer allows terminal control
characters sent within a garbage request to be printed to the
stderr server log.
This is done by changing the http.server
BaseHTTPRequestHandler .log_message method to replace control
characters with a \xHH hex escape before printing.
- Avoid publishing list of active per-interpreter audit hooks
via the gc module
- The IDNA codec decoder used on DNS hostnames by socket or
asyncio related name resolution functions no longer involves
a quadratic algorithm. This prevents a potential CPU denial
of service if an out-of-spec excessive length hostname
involving bidirectional characters were decoded. Some
protocols such as urllib http 3xx redirects potentially allow
for an attacker to supply such a name (CVE-2015-20107).
- Update bundled libexpat to 2.5.0
- Port XKCP's fix for the buffer overflows in SHA-3
(CVE-2022-37454).
- On Linux the multiprocessing module returns to using
filesystem backed unix domain sockets for communication with
the forkserver process instead of the Linux abstract socket
namespace. Only code that chooses to use the 'forkserver'
start method is affected.
Abstract sockets have no permissions and could allow any
user on the system in the same network namespace (often
the whole system) to inject code into the multiprocessing
forkserver process. This was a potential privilege
escalation. Filesystem based socket permissions restrict this
to the forkserver process user as was the default in Python
3.8 and earlier.
This prevents Linux CVE-2022-42919.
- The deprecated mailcap module now refuses to inject unsafe
text (filenames, MIME types, parameters) into shell
commands. Instead of using such text, it will warn and act
as if a match was not found (or for test commands, as if the
test failed).");
script_tag(name:"affected", value:"'python39' package(s) on SUSE Enterprise Storage 7.1, SUSE Linux Enterprise High Performance Computing 15-SP3, SUSE Linux Enterprise Real Time 15-SP3, SUSE Linux Enterprise Server 15-SP3, SUSE Linux Enterprise Server for SAP Applications 15-SP3, SUSE Manager Proxy 4.2, SUSE Manager Retail Branch Server 4.2, SUSE Manager Server 4.2.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"libpython3_9-1_0", rpm:"libpython3_9-1_0~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libpython3_9-1_0-debuginfo", rpm:"libpython3_9-1_0-debuginfo~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39", rpm:"python39~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-base", rpm:"python39-base~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-base-debuginfo", rpm:"python39-base-debuginfo~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-core-debugsource", rpm:"python39-core-debugsource~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-curses", rpm:"python39-curses~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-curses-debuginfo", rpm:"python39-curses-debuginfo~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-dbm", rpm:"python39-dbm~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-dbm-debuginfo", rpm:"python39-dbm-debuginfo~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-debuginfo", rpm:"python39-debuginfo~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-debugsource", rpm:"python39-debugsource~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-devel", rpm:"python39-devel~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-idle", rpm:"python39-idle~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-tk", rpm:"python39-tk~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-tk-debuginfo", rpm:"python39-tk-debuginfo~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python39-tools", rpm:"python39-tools~3.9.16~150300.4.24.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
COMPLETE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:C/A:P
0.014 Low
EPSS
Percentile
86.4%