Update for python RHSA-2013:1582-02. Flaw found in Python SSL module handling X.509 certificate fields. Upgrade python packages for bug fixes and enhancement
Reporter | Title | Published | Views | Family All 136 |
---|---|---|---|---|
![]() | Fedora 19 : python3-3.3.2-6.fc19 (2013-15254) | 28 Aug 201300:00 | โ | nessus |
![]() | Scientific Linux Security Update : python on SL6.x i386/x86_64 (20131121) | 4 Dec 201300:00 | โ | nessus |
![]() | Mandriva Linux Security Advisory : python (MDVSA-2013:214) | 22 Aug 201300:00 | โ | nessus |
![]() | Fedora 19 : python-2.7.5-4.fc19 (2013-15146) | 25 Aug 201300:00 | โ | nessus |
![]() | openSUSE Security Update : python3 (openSUSE-SU-2013:1439-1) | 13 Jun 201400:00 | โ | nessus |
![]() | openSUSE Security Update : python3 (openSUSE-SU-2013:1437-1) | 13 Jun 201400:00 | โ | nessus |
![]() | Oracle Linux 6 : python (ELSA-2013-1582) | 29 Nov 201300:00 | โ | nessus |
![]() | RHEL 6 : python (RHSA-2013:1582) | 21 Nov 201300:00 | โ | nessus |
![]() | SuSE 11.2 / 11.3 Security Update : Python (SAT Patch Numbers 8404 / 8405) | 1 Nov 201300:00 | โ | nessus |
![]() | CentOS 6 : python (CESA-2013:1582) | 12 Nov 201400:00 | โ | nessus |
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for python RHSA-2013:1582-02
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
if(description)
{
script_id(871077);
script_version("$Revision: 8494 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $");
script_tag(name:"creation_date", value:"2013-11-21 10:44:06 +0530 (Thu, 21 Nov 2013)");
script_cve_id("CVE-2013-4238");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_name("RedHat Update for python RHSA-2013:1582-02");
tag_insight = "Python is an interpreted, interactive, object-oriented programming
language.
A flaw was found in the way the Python SSL module handled X.509 certificate
fields that contain a NULL byte. An attacker could potentially exploit this
flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that
to exploit this issue, an attacker would need to obtain a carefully crafted
certificate signed by an authority that the client trusts. (CVE-2013-4238)
These updated python packages include numerous bug fixes and one
enhancement. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical
Notes, linked to in the References, for information on the most significant
of these changes.
All users of python are advised to upgrade to these updated packages, which
fix these issues and add this enhancement.
";
tag_affected = "python on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)";
tag_solution = "Please Install the Updated Packages.";
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name: "RHSA", value: "2013:1582-02");
script_xref(name: "URL" , value: "https://www.redhat.com/archives/rhsa-announce/2013-November/msg00023.html");
script_tag(name: "summary" , value: "Check for the Version of python");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone Networks GmbH");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "RHENT_6")
{
if ((res = isrpmvuln(pkg:"python", rpm:"python~2.6.6~51.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"python-debuginfo", rpm:"python-debuginfo~2.6.6~51.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"python-devel", rpm:"python-devel~2.6.6~51.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"python-libs", rpm:"python-libs~2.6.6~51.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"tkinter", rpm:"tkinter~2.6.6~51.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo