{"href": "https://vulners.com/osvdb/OSVDB:35247", "id": "OSVDB:35247", "reporter": "OSVDB", "published": "2007-03-31T06:51:25", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.python.org/download/releases/2.5.1/NEWS.txt\nVendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093\n[Secunia Advisory ID:25190](https://secuniaresearch.flexerasoftware.com/advisories/25190/)\n[Secunia Advisory ID:25353](https://secuniaresearch.flexerasoftware.com/advisories/25353/)\n[Secunia Advisory ID:25787](https://secuniaresearch.flexerasoftware.com/advisories/25787/)\n[Secunia Advisory ID:28050](https://secuniaresearch.flexerasoftware.com/advisories/28050/)\n[Secunia Advisory ID:25217](https://secuniaresearch.flexerasoftware.com/advisories/25217/)\n[Secunia Advisory ID:25233](https://secuniaresearch.flexerasoftware.com/advisories/25233/)\n[Secunia Advisory ID:28027](https://secuniaresearch.flexerasoftware.com/advisories/28027/)\nRedHat RHSA: RHSA-2007:1077\nRedHat RHSA: RHSA-2007:1076\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:099\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_13_sr.html\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-May/000189.html\nOther Advisory URL: https://issues.rpath.com/browse/RPL-1358\nOther Advisory URL: http://www.trustix.org/errata/2007/0019/\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:099\nFrSIRT Advisory: ADV-2007-1465\n[CVE-2007-2052](https://vulners.com/cve/CVE-2007-2052)\nBugtraq ID: 23887\n", "title": "Python Modules/_localemodule.c PyLocale_strxfrm() Function Arbitrary Memory Disclosure", "lastseen": "2017-04-28T13:20:31", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "references": [], "edition": 1, "cvelist": ["CVE-2007-2052"], "affectedSoftware": [], "viewCount": 3, "enchantments": {"score": {"value": 4.4, "vector": "NONE", "modified": "2017-04-28T13:20:31", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-2052"]}, {"type": "seebug", "idList": ["SSV:3195"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310830058", "OPENVAS:840265", "OPENVAS:830058", "OPENVAS:136141256231065615", "OPENVAS:880319", "OPENVAS:1361412562310870189", "OPENVAS:1361412562310880314", "OPENVAS:65615", "OPENVAS:1361412562310880319", "OPENVAS:870189"]}, {"type": "nessus", "idList": ["UBUNTU_USN-585-1.NASL", "CENTOS_RHSA-2007-1076.NASL", "REDHAT-RHSA-2007-1077.NASL", "MANDRAKE_MDKSA-2007-099.NASL", "SUSE_PYTHON-3749.NASL", "SL_20071210_PYTHON_ON_SL4_X.NASL", "SUSE_PYTHON-3750.NASL", "SUSE_PYTHON-3478.NASL", "ORACLELINUX_ELSA-2007-1076.NASL", "REDHAT-RHSA-2007-1076.NASL"]}, {"type": "exploitdb", "idList": ["EDB-ID:30018"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7604"]}, {"type": "ubuntu", "idList": ["USN-585-1"]}, {"type": "centos", "idList": ["CESA-2009:1176", "CESA-2007:1076", "CESA-2007:1077-01"]}, {"type": "redhat", "idList": ["RHSA-2007:1076", "RHSA-2009:1176", "RHSA-2008:0525", "RHSA-2007:1077", "RHSA-2008:0629", "RHSA-2008:0264"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-1076", "ELSA-2009-1176"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1620-1:7CA52", "DEBIAN:DSA-1551-1:41B8A"]}, {"type": "vmware", "idList": ["VMSA-2009-0016", "VMSA-2008-0003"]}], "modified": "2017-04-28T13:20:31", "rev": 2}, "vulnersScore": 4.4}, "modified": "2007-03-31T06:51:25"}

{"cve": [{"lastseen": "2020-10-03T11:45:51", "description": "Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.", "edition": 3, "cvss3": {}, "published": "2007-04-16T22:19:00", "title": "CVE-2007-2052", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2052"], "modified": "2018-10-16T16:41:00", "cpe": ["cpe:/a:python_software_foundation:python:2.5", "cpe:/a:python_software_foundation:python:2.4"], "id": "CVE-2007-2052", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2052", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:python_software_foundation:python:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:python_software_foundation:python:2.4:*:*:*:*:*:*:*"]}], "seebug": [{"lastseen": "2017-11-19T21:43:02", "description": "BUGTRAQ ID: 23887\r\nCVE(CAN) ID: CVE-2007-2052\r\n\r\nPython\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u811a\u672c\u7f16\u7a0b\u8bed\u8a00\u3002\r\n\r\nPython\u7684Modules/_localemodule.c\u6587\u4ef6\u4e2d\u7684PyLocale_strxfrm\u51fd\u6570\u4e2d\u5b58\u5728\u5355\u5b57\u8282\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u8bfb\u53d6\u90e8\u5206\u5185\u5b58\u5185\u5bb9\u3002 \r\n\r\nModules/_localemodule.c:361\r\n356 n1 = strlen(s) + 1;\r\n357 buf = PyMem_Malloc(n1);\r\n358 if (!buf)\r\n359 return PyErr_NoMemory();\r\n360 n2 = strxfrm(buf, s, n1);\r\n\r\n\u5982\u679c\u6240\u8f6c\u6362\u7684\u5b57\u7b26\u4e32\u957f\u4e8e\u539f\u59cb\u5b57\u7b26\u4e32\u7684\u8bdd\uff1a\r\n\r\n361 if (n2 &gt; n1) {\r\n362 /* more space needed */\r\n\r\n\u5728\u8fd9\u91cc\u4f1a\u5206\u914dn2\u5b57\u8282\uff1a\r\n\r\n363 buf = PyMem_Realloc(buf, n2);\r\n364 if (!buf)\r\n365 return PyErr_NoMemory();\r\n\r\n\u5b57\u7b26\u4e32\u4f1a\u4e3an2\u5b57\u7b26\u957f\uff0c\u7ec8\u6b62\u7684\u7a7a\u5b57\u7b26\u4e0d\u9002\u5408\u8fd9\u4e2a\u957f\u5ea6\uff0c\u56e0\u6b64\u5b57\u7b26\u4e32\u4e0d\u4f1a\u7ec8\u6b62\uff0c\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u53ef\u80fd\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3002 \r\n\r\n366 strxfrm(buf, s, n2);\r\n367 }\r\n368 result = PyString_FromString(buf);\r\n369 PyMem_Free(buf);\r\n370 return result;\r\n371 }\r\n372\r\n373 #if defined(MS_WINDOWS)\r\n374 static PyObject*\r\n375 PyLocale_getdefaultlocale(PyObject* self)\r\n\n\nPython Software Foundation Python 2.5\r\nPython Software Foundation Python 2.4\n \u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDebian\r\n------\r\nDebian\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08DSA-1551-1\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nDSA-1551-1\uff1aNew python2.4 packages fix several vulnerabilities\r\n\u94fe\u63a5\uff1a<a href=http://www.debian.org/security/2008/dsa-1551 target=_blank>http://www.debian.org/security/2008/dsa-1551</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\nSource archives:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.diff.gz target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.diff.gz</a>\r\nSize/MD5 checksum: 195434 8b86b3dc4c5a86a9ad8682fee56f30ca\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz</a>\r\nSize/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.dsc target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.dsc</a>\r\nSize/MD5 checksum: 1201 585773fd24634e05bb56b8cc85215c65\r\n\r\nArchitecture independent packages:\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch1_all.deb</a>\r\nSize/MD5 checksum: 589642 63092c4cd1ea78c0993345be25a162b8\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch1_all.deb</a>\r\nSize/MD5 checksum: 60864 21664a3f029087144046b6c175e88736\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_alpha.deb</a>\r\nSize/MD5 checksum: 2968890 60a29f058a96e21d278a738fbb8067bf\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_alpha.deb</a>\r\nSize/MD5 checksum: 1848176 ddb7c47970f277baa00e6c080e4530bd\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_alpha.deb</a>\r\nSize/MD5 checksum: 5226532 5aa6daa859acdfdfcb7445586f4a0eb6\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_alpha.deb</a>\r\nSize/MD5 checksum: 963606 38c08ee31ae6189631e503ad3d76fa87\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_amd64.deb</a>\r\nSize/MD5 checksum: 2967058 6f06a90e94a6068b126413111185aff5\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_amd64.deb</a>\r\nSize/MD5 checksum: 1635936 d5f98666609c652224b5552f5bb6b7a9\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_amd64.deb</a>\r\nSize/MD5 checksum: 966196 7436b29b52acd99872d79b595f489ace\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_amd64.deb</a>\r\nSize/MD5 checksum: 5587046 82444f4d11055f259d0899a0f8574b37\r\n\r\narm architecture (ARM)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_arm.deb</a>\r\nSize/MD5 checksum: 2881272 408ac2b8cd6180975109364b26ae1c95\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_arm.deb</a>\r\nSize/MD5 checksum: 901442 88d59caa6744da5c62a802124087d09c\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_arm.deb</a>\r\nSize/MD5 checksum: 1500512 3113ad3590f5969703ce426a23ca67dd\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_arm.deb</a>\r\nSize/MD5 checksum: 5351974 4f77de8e3dd9c12aa1e06a57cee82dac\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_hppa.deb</a>\r\nSize/MD5 checksum: 3073066 1b4498c26a825c27c6d9765ed8a2e33e\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_hppa.deb</a>\r\nSize/MD5 checksum: 5521834 68a5524fdb007cacc29a38865a43781d\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_hppa.deb</a>\r\nSize/MD5 checksum: 1798220 6c9ce4754c024fbd1674a63c5ba0f06a\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_hppa.deb</a>\r\nSize/MD5 checksum: 1017646 b8dd6490a43da08aa36c43712c360ff8\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_i386.deb</a>\r\nSize/MD5 checksum: 2849512 2598cb802b7f5e1aac6404b801a0a7f0\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_i386.deb</a>\r\nSize/MD5 checksum: 1508782 b8ffe50ecf5dfe173765dc5b263b7737\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_i386.deb</a>\r\nSize/MD5 checksum: 5176966 f6892dc5e598f1811bfc32ea81a863d6\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_i386.deb</a>\r\nSize/MD5 checksum: 900670 7956a1cf96b4b59de2d9e4972e04fff2\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_ia64.deb</a>\r\nSize/MD5 checksum: 3371938 88e170459b0762e1db775753f6d69bb5\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_ia64.deb</a>\r\nSize/MD5 checksum: 2269496 2c1ef318f92b9d4b1c202ad77c8c4462\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_ia64.deb</a>\r\nSize/MD5 checksum: 1289496 d6fba2d2ea64736cf614b0b3b1ced9bf\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_ia64.deb</a>\r\nSize/MD5 checksum: 6059106 e1008e68d3d775590b2a29bd7bec7b6c\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mips.deb</a>\r\nSize/MD5 checksum: 2906992 e6e43c336e1095e3fe7f5985e500bf55\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mips.deb</a>\r\nSize/MD5 checksum: 1725610 a9e2b6b11b1d9185885a9f99ed2d03b8\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mips.deb</a>\r\nSize/MD5 checksum: 5646190 5c420d1aa984c190b121c8494c6fca5a\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mips.deb</a>\r\nSize/MD5 checksum: 956712 4949e953435f72cf9d06bb8684170175\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mipsel.deb</a>\r\nSize/MD5 checksum: 1717120 30986065ecf6810f46294c8ca196b538\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mipsel.deb</a>\r\nSize/MD5 checksum: 939320 89571b10c2635774f65921083344a911\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mipsel.deb</a>\r\nSize/MD5 checksum: 5507492 a06d9728ef16072ee50b3a1fcf7d08a8\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mipsel.deb</a>\r\nSize/MD5 checksum: 2863620 90b6a4b2c498acb4a46e205d36cf8ec9\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_powerpc.deb</a>\r\nSize/MD5 checksum: 1639780 4b7c83795b6d07c3a4050d5db977c577\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_powerpc.deb</a>\r\nSize/MD5 checksum: 5778968 7e97b8f62daf0f91e48bf6af20552b51\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_powerpc.deb</a>\r\nSize/MD5 checksum: 2956174 8e55e492ee8aa6e4787e77b161a245e5\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_powerpc.deb</a>\r\nSize/MD5 checksum: 978078 9212e583942704f71a07478baa4d6446\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_s390.deb</a>\r\nSize/MD5 checksum: 973904 3cc580a21934a7f5fac203235386e250\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_s390.deb</a>\r\nSize/MD5 checksum: 2976776 efb7a2dc81b69a45ead47986d3b8fce5\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_s390.deb</a>\r\nSize/MD5 checksum: 1646932 146ee8341c514308b15ca151753b3ca8\r\n<a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_s390.deb</a>\r\nSize/MD5 checksum: 5667818 9b4543d9a0e5f51e8d9b790f6c3b43c8\r\n\r\n\u8865\u4e01\u5b89\u88c5\u65b9\u6cd5\uff1a\r\n\r\n1. \u624b\u5de5\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u4e0b\u8f7d\u8865\u4e01\u8f6f\u4ef6\uff1a\r\n # wget url (url\u662f\u8865\u4e01\u4e0b\u8f7d\u94fe\u63a5\u5730\u5740)\r\n\r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u6765\u5b89\u88c5\u8865\u4e01\uff1a \r\n # dpkg -i file.deb (file\u662f\u76f8\u5e94\u7684\u8865\u4e01\u540d)\r\n\r\n2. \u4f7f\u7528apt-get\u81ea\u52a8\u5b89\u88c5\u8865\u4e01\u5305\uff1a\r\n\r\n \u9996\u5148\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u66f4\u65b0\u5185\u90e8\u6570\u636e\u5e93\uff1a\r\n # apt-get update\r\n \r\n \u7136\u540e\uff0c\u4f7f\u7528\u4e0b\u9762\u7684\u547d\u4ee4\u5b89\u88c5\u66f4\u65b0\u8f6f\u4ef6\u5305\uff1a\r\n # apt-get upgrade\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2007:1077-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2007:1077-01\uff1aModerate: python security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2007-1077.html target=_blank>https://www.redhat.com/support/errata/RHSA-2007-1077.html</a>\r\n\r\nPython Software Foundation\r\n--------------------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://svn.python.org/view/python/branches/release25-maint/Modules/_localemodule.c?rev=54670&amp;r1=51333&amp;r2=54670 target=_blank>http://svn.python.org/view/python/branches/release25-maint/Modules/_localemodule.c?rev=54670&amp;r1=51333&amp;r2=54670</a>", "published": "2008-04-23T00:00:00", "type": "seebug", "title": "Python PyLocale_strxfrm\u51fd\u6570\u8fdc\u7a0b\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2052"], "modified": "2008-04-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3195", "id": "SSV:3195", "sourceData": "\n #!/usr/bin/python\r\n\r\nimport&nbsp;locale\r\n\r\nprint&nbsp;locale.setlocale(locale.LC_COLLATE,&nbsp;'pl_PL.UTF8')\r\nprint&nbsp;repr(locale.strxfrm('a'))\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-3195", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T11:36:09", "description": "Python 2.5 PyLocale_strxfrm Function Remote Information Leak Vulnerability. CVE-2007-2052 . Remote exploit for linux platform", "published": "2007-05-08T00:00:00", "type": "exploitdb", "title": "Python 2.5 PyLocale_strxfrm Function Remote Information Leak Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2007-2052"], "modified": "2007-05-08T00:00:00", "id": "EDB-ID:30018", "href": "https://www.exploit-db.com/exploits/30018/", "sourceData": "source: http://www.securityfocus.com/bid/23887/info\r\n\r\nPython applications that use the 'PyLocale_strxfrm' function are prone to an information leak.\r\n\r\nExploiting this issue allows remote attackers to read portions of memory.\r\n\r\nPython 2.4.4-2 and 2.5 are confirmed vulnerable. \r\n\r\n#!/usr/bin/python\r\n\r\nimport locale\r\n\r\nprint locale.setlocale(locale.LC_COLLATE, 'pl_PL.UTF8')\r\nprint repr(locale.strxfrm('a'))\r\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/30018/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:25", "bulletinFamily": "software", "cvelist": ["CVE-2007-2052"], "description": "strxfrm function leaks memory content.", "edition": 1, "modified": "2007-04-19T00:00:00", "published": "2007-04-19T00:00:00", "id": "SECURITYVULNS:VULN:7604", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7604", "title": "Python information leak", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2018-04-06T11:38:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-devel\n python\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065615", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065615", "type": "openvas", "title": "SLES9: Security update for Python", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021454.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-devel\n python\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65615\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2052\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.3~88.16\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052"], "description": "Check for the Version of python", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:830058", "href": "http://plugins.openvas.org/nasl.php?oid=830058", "type": "openvas", "title": "Mandriva Update for python MDKSA-2007:099 (python)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDKSA-2007:099 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An off-by-one error was discovered in the PyLocale_strxfrm function\n in Python 2.4 and 2.5 that could allow context-dependent attackers\n the ability to read portions of memory via special manipulations that\n trigger a buffer over-read due to missing null termination.\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"python on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-05/msg00007.php\");\n script_id(830058);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:099\");\n script_cve_id(\"CVE-2007-2052\");\n script_name( \"Mandriva Update for python MDKSA-2007:099 (python)\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.4\", rpm:\"libpython2.4~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.4-devel\", rpm:\"libpython2.4-devel~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4\", rpm:\"lib64python2.4~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4-devel\", rpm:\"lib64python2.4-devel~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-09T11:39:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052"], "description": "Check for the Version of python", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "id": "OPENVAS:1361412562310830058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830058", "type": "openvas", "title": "Mandriva Update for python MDKSA-2007:099 (python)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python MDKSA-2007:099 (python)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An off-by-one error was discovered in the PyLocale_strxfrm function\n in Python 2.4 and 2.5 that could allow context-dependent attackers\n the ability to read portions of memory via special manipulations that\n trigger a buffer over-read due to missing null termination.\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"python on Mandriva Linux 2007.0,\n Mandriva Linux 2007.0/X86_64,\n Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2007-05/msg00007.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830058\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDKSA\", value: \"2007:099\");\n script_cve_id(\"CVE-2007-2052\");\n script_name( \"Mandriva Update for python MDKSA-2007:099 (python)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.5\", rpm:\"libpython2.5~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.5-devel\", rpm:\"libpython2.5-devel~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5\", rpm:\"lib64python2.5~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.5-devel\", rpm:\"lib64python2.5-devel~2.5~4.1mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2007.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpython2.4\", rpm:\"libpython2.4~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpython2.4-devel\", rpm:\"libpython2.4-devel~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-base\", rpm:\"python-base~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4\", rpm:\"lib64python2.4~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64python2.4-devel\", rpm:\"lib64python2.4-devel~2.4.3~3.2mdv2007.0\", rls:\"MNDK_2007.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-devel\n python\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65615", "href": "http://plugins.openvas.org/nasl.php?oid=65615", "type": "openvas", "title": "SLES9: Security update for Python", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5021454.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Python\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n python-devel\n python\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5021454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65615);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2052\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"SLES9: Security update for Python\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.3.3~88.16\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-04T11:29:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2007-4965"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-585-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "id": "OPENVAS:840265", "href": "http://plugins.openvas.org/nasl.php?oid=840265", "type": "openvas", "title": "Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_585_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Piotr Engelking discovered that strxfrm in Python was not correctly\n calculating the size of the destination buffer. This could lead to small\n information leaks, which might be used by attackers to gain additional\n knowledge about the state of a running Python script. (CVE-2007-2052)\n\n A flaw was discovered in the Python imageop module. If a script using\n the module could be tricked into processing a specially crafted set of\n arguments, a remote attacker could execute arbitrary code, or cause the\n application to crash. (CVE-2007-4965)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-585-1\";\ntag_affected = \"python2.4/2.5 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 6.10 ,\n Ubuntu 7.04 ,\n Ubuntu 7.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-585-1/\");\n script_id(840265);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"USN\", value: \"585-1\");\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-2ubuntu7.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.1-0ubuntu1.1\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-gdbm\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-tk\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.3-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4~c1-0ubuntu1.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5-2ubuntu2.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dbg\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-dev\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-minimal\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dbg\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-dev\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-minimal\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-doc\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.4-examples\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-doc\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"python2.5-examples\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.4\", ver:\"2.4.4-6ubuntu4.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"idle-python2.5\", ver:\"2.5.1-5ubuntu5.1\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2006-7228"], "description": "Check for the Version of python", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:880319", "href": "http://plugins.openvas.org/nasl.php?oid=880319", "type": "openvas", "title": "CentOS Update for python CESA-2007:1077-01 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2007:1077-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated, which\n could possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014500.html\");\n script_id(880319);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1077-01\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_name( \"CentOS Update for python CESA-2007:1077-01 centos2 i386\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2006-7228"], "description": "Check for the Version of python", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:1361412562310870189", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870189", "type": "openvas", "title": "RedHat Update for python RHSA-2007:1077-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2007:1077-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated, which\n could possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00004.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870189\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2007:1077-01\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_name( \"RedHat Update for python RHSA-2007:1077-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2006-7228"], "description": "Check for the Version of python", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "id": "OPENVAS:870189", "href": "http://plugins.openvas.org/nasl.php?oid=870189", "type": "openvas", "title": "RedHat Update for python RHSA-2007:1077-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2007:1077-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated, which\n could possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux AS (Advanced Server) version 2.1,\n Red Hat Enterprise Linux ES version 2.1,\n Red Hat Enterprise Linux WS version 2.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2007-December/msg00004.html\");\n script_id(870189);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2007:1077-01\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_name( \"RedHat Update for python RHSA-2007:1077-01\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_2.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~1.5.2~43.72.2\", rls:\"RHENT_2.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:40:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2006-7228"], "description": "Check for the Version of python", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880319", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880319", "type": "openvas", "title": "CentOS Update for python CESA-2007:1077-01 centos2 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2007:1077-01 centos2 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated, which\n could possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python on CentOS 2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014500.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880319\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1077-01\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_name( \"CentOS Update for python CESA-2007:1077-01 centos2 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS2\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~1.5.2~43.72.2\", rls:\"CentOS2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:39:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "description": "Check for the Version of python-docs", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:1361412562310880338", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880338", "type": "openvas", "title": "CentOS Update for python-docs CESA-2007:1076 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python-docs CESA-2007:1076 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n An integer overflow flaw was discovered in the way Python's pcre module\n handled certain regular expressions. If a Python application used the pcre\n module to compile and execute untrusted regular expressions, it may be\n possible to cause the application to crash, or allow arbitrary code\n execution with the privileges of the Python interpreter. (CVE-2006-7228)\n \n A flaw was discovered in the strxfrm() function of Python's locale module.\n Strings generated by this function were not properly NULL-terminated. This\n may possibly cause disclosure of data stored in the memory of a Python\n application using this function. (CVE-2007-2052)\n \n Multiple integer overflow flaws were discovered in Python's imageop module.\n If an application written in Python used the imageop module to process\n untrusted images, it could cause the application to crash, enter an\n infinite loop, or possibly execute arbitrary code with the privileges of\n the Python interpreter. (CVE-2007-4965)\n \n Users of Python are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\ntag_affected = \"python-docs on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2007-December/014496.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880338\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:31:09 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2007:1076\");\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_name( \"CentOS Update for python-docs CESA-2007:1076 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python-docs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.2.3~6.8\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-17T14:47:00", "description": "This update fixes an off-by-one error in the PyLocale_strxfrm()\nfunction which can lead to a memory leak. (CVE-2007-2052)", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : python (python-3749)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python-32bit", "p-cpe:/a:novell:opensuse:python", "cpe:/o:novell:opensuse:10.1", "p-cpe:/a:novell:opensuse:python-devel"], "id": "SUSE_PYTHON-3749.NASL", "href": "https://www.tenable.com/plugins/nessus/27408", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update python-3749.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27408);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2052\");\n\n script_name(english:\"openSUSE 10 Security Update : python (python-3749)\");\n script_summary(english:\"Check for the python-3749 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an off-by-one error in the PyLocale_strxfrm()\nfunction which can lead to a memory leak. (CVE-2007-2052)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"python-2.4.2-18.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"python-devel-2.4.2-18.10\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.10\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:47:00", "description": "This update fixes an off-by-one error in the PyLocale_strxfrm()\nfunction which can lead to a memory leak. (CVE-2007-2052)", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : python (ZYPP Patch Number 3750)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_PYTHON-3750.NASL", "href": "https://www.tenable.com/plugins/nessus/29560", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29560);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2052\");\n\n script_name(english:\"SuSE 10 Security Update : python (ZYPP Patch Number 3750)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an off-by-one error in the PyLocale_strxfrm()\nfunction which can lead to a memory leak. (CVE-2007-2052)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-2052.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3750.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-2.4.2-18.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"python-devel-2.4.2-18.10\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-2.4.2-18.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, reference:\"python-devel-2.4.2-18.10\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:1, cpu:\"x86_64\", reference:\"python-32bit-2.4.2-18.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T11:51:43", "description": "An off-by-one error was discovered in the PyLocale_strxfrm function in\nPython 2.4 and 2.5 that could allow context-dependent attackers the\nability to read portions of memory via special manipulations that\ntrigger a buffer over-read due to missing null termination.\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2007-05-10T00:00:00", "title": "Mandrake Linux Security Advisory : python (MDKSA-2007:099)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052"], "modified": "2007-05-10T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64python2.5-devel", "p-cpe:/a:mandriva:linux:tkinter", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:libpython2.5-devel", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:python-docs", "p-cpe:/a:mandriva:linux:python", "p-cpe:/a:mandriva:linux:lib64python2.4", "p-cpe:/a:mandriva:linux:lib64python2.5", "p-cpe:/a:mandriva:linux:libpython2.4", "p-cpe:/a:mandriva:linux:libpython2.4-devel", "p-cpe:/a:mandriva:linux:python-base", "p-cpe:/a:mandriva:linux:libpython2.5", "p-cpe:/a:mandriva:linux:lib64python2.4-devel"], "id": "MANDRAKE_MDKSA-2007-099.NASL", "href": "https://www.tenable.com/plugins/nessus/25190", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:099. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25190);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-2052\");\n script_xref(name:\"MDKSA\", value:\"2007:099\");\n\n script_name(english:\"Mandrake Linux Security Advisory : python (MDKSA-2007:099)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An off-by-one error was discovered in the PyLocale_strxfrm function in\nPython 2.4 and 2.5 that could allow context-dependent attackers the\nability to read portions of memory via special manipulations that\ntrigger a buffer over-read due to missing null termination.\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64python2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython2.4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpython2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/05/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64python2.4-2.4.3-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64python2.4-devel-2.4.3-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libpython2.4-2.4.3-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libpython2.4-devel-2.4.3-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"python-2.4.3-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"python-base-2.4.3-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"python-docs-2.4.3-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", reference:\"tkinter-2.4.3-3.2mdv2007.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64python2.5-2.5-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64python2.5-devel-2.5-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libpython2.5-2.5-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libpython2.5-devel-2.5-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"python-2.5-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"python-base-2.5-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"python-docs-2.5-4.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"tkinter-2.5-4.1mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:47:00", "description": "This update fixes an off-by-one error in the PyLocale_strxfrm()\nfunction which can lead to a memory leak. (CVE-2007-2052)", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : python (python-3478)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052"], "modified": "2007-10-17T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:python-32bit", "p-cpe:/a:novell:opensuse:python", "p-cpe:/a:novell:opensuse:python-devel"], "id": "SUSE_PYTHON-3478.NASL", "href": "https://www.tenable.com/plugins/nessus/27407", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update python-3478.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27407);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2052\");\n\n script_name(english:\"openSUSE 10 Security Update : python (python-3478)\");\n script_summary(english:\"Check for the python-3478 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes an off-by-one error in the PyLocale_strxfrm()\nfunction which can lead to a memory leak. (CVE-2007-2052)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-2.5-19.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"python-devel-2.5-19.4\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", cpu:\"x86_64\", reference:\"python-32bit-2.5-19.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T06:56:35", "description": "Piotr Engelking discovered that strxfrm in Python was not correctly\ncalculating the size of the destination buffer. This could lead to\nsmall information leaks, which might be used by attackers to gain\nadditional knowledge about the state of a running Python script.\n(CVE-2007-2052)\n\nA flaw was discovered in the Python imageop module. If a script using\nthe module could be tricked into processing a specially crafted set of\narguments, a remote attacker could execute arbitrary code, or cause\nthe application to crash. (CVE-2007-4965).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2008-03-13T00:00:00", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : python2.4/2.5 vulnerabilities (USN-585-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2007-4965"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python2.4-dev", "cpe:/o:canonical:ubuntu_linux:7.10", "p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal", "p-cpe:/a:canonical:ubuntu_linux:python2.4-doc", "p-cpe:/a:canonical:ubuntu_linux:idle-python2.5", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:python2.4", "p-cpe:/a:canonical:ubuntu_linux:python2.5", "p-cpe:/a:canonical:ubuntu_linux:idle-python2.4", "p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal", "p-cpe:/a:canonical:ubuntu_linux:python2.4-examples", "p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dev", "p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg", "p-cpe:/a:canonical:ubuntu_linux:python2.5-doc", "p-cpe:/a:canonical:ubuntu_linux:python2.4-tk", "cpe:/o:canonical:ubuntu_linux:7.04", "p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts", "p-cpe:/a:canonical:ubuntu_linux:python2.5-examples"], "id": "UBUNTU_USN-585-1.NASL", "href": "https://www.tenable.com/plugins/nessus/31461", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-585-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31461);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:33:01\");\n\n script_cve_id(\"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(25696);\n script_xref(name:\"USN\", value:\"585-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : python2.4/2.5 vulnerabilities (USN-585-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Piotr Engelking discovered that strxfrm in Python was not correctly\ncalculating the size of the destination buffer. This could lead to\nsmall information leaks, which might be used by attackers to gain\nadditional knowledge about the state of a running Python script.\n(CVE-2007-2052)\n\nA flaw was discovered in the Python imageop module. If a script using\nthe module could be tricked into processing a specially crafted set of\narguments, a remote attacker could execute arbitrary code, or cause\nthe application to crash. (CVE-2007-4965).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/585-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:idle-python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-gdbm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.4-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python2.5-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|6\\.10|7\\.04|7\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 6.10 / 7.04 / 7.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"idle-python2.4\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-dev\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-doc\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-examples\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-gdbm\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"python2.4-tk\", pkgver:\"2.4.3-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"idle-python2.5\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4~c1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-dbg\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-dev\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-doc\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-examples\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"python2.5-minimal\", pkgver:\"2.5-2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-2ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.4\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"idle-python2.5\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dbg\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-dev\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-doc\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-examples\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.4-minimal\", pkgver:\"2.4.4-6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dbg\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-dev\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-doc\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-examples\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"python2.5-minimal\", pkgver:\"2.5.1-5ubuntu5.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"idle-python2.4 / idle-python2.5 / python2.4 / python2.4-dbg / etc\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-17T13:05:56", "description": "Updated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored\nin the memory of a Python application using this function.\n(CVE-2007-2052)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 28, "published": "2007-12-11T00:00:00", "title": "RHEL 2.1 : python (RHSA-2007:1077)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2006-7228"], "modified": "2007-12-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:python-tools", "p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-devel", "p-cpe:/a:redhat:enterprise_linux:tkinter", "p-cpe:/a:redhat:enterprise_linux:python-docs"], "id": "REDHAT-RHSA-2007-1077.NASL", "href": "https://www.tenable.com/plugins/nessus/29302", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1077. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29302);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\");\n script_bugtraq_id(26462);\n script_xref(name:\"RHSA\", value:\"2007:1077\");\n\n script_name(english:\"RHEL 2.1 : python (RHSA-2007:1077)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored\nin the memory of a Python application using this function.\n(CVE-2007-2052)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1077\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1077\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"python-1.5.2-43.72.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"python-devel-1.5.2-43.72.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"python-docs-1.5.2-43.72.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"python-tools-1.5.2-43.72.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"tkinter-1.5.2-43.72.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:25:13", "description": "Updated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 27, "published": "2007-12-11T00:00:00", "title": "CentOS 3 / 4 : python (CESA-2007:1076)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "modified": "2007-12-11T00:00:00", "cpe": ["p-cpe:/a:centos:centos:tkinter", "p-cpe:/a:centos:centos:python-devel", "p-cpe:/a:centos:centos:python", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:python-docs", "p-cpe:/a:centos:centos:python-tools", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2007-1076.NASL", "href": "https://www.tenable.com/plugins/nessus/29255", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1076 and \n# CentOS Errata and Security Advisory 2007:1076 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29255);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(25696, 26462);\n script_xref(name:\"RHSA\", value:\"2007:1076\");\n\n script_name(english:\"CentOS 3 / 4 : python (CESA-2007:1076)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014491.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5dd3561f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014493.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16e67ad6\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014496.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?843fac9d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-December/014497.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d2aaf882\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"python-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"python-devel-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"python-docs-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"python-tools-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"tkinter-2.2.3-6.8\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"python-2.3.4-14.4.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"python-devel-2.3.4-14.4.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"python-docs-2.3.4-14.4.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"python-tools-2.3.4-14.4.c4.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"tkinter-2.3.4-14.4.c4.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:44:04", "description": "From Red Hat Security Advisory 2007:1076 :\n\nUpdated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 : python (ELSA-2007-1076)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:tkinter", "p-cpe:/a:oracle:linux:python", "p-cpe:/a:oracle:linux:python-docs", "p-cpe:/a:oracle:linux:python-tools", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:python-devel", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2007-1076.NASL", "href": "https://www.tenable.com/plugins/nessus/67614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:1076 and \n# Oracle Linux Security Advisory ELSA-2007-1076 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67614);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(25696, 26462);\n script_xref(name:\"RHSA\", value:\"2007:1076\");\n\n script_name(english:\"Oracle Linux 3 / 4 : python (ELSA-2007-1076)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:1076 :\n\nUpdated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-December/000441.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-December/000443.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"python-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"python-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"python-devel-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"python-devel-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"python-tools-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"python-tools-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"tkinter-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"tkinter-2.2.3-6.8\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"python-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"python-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"python-devel-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"python-devel-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"python-docs-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"python-docs-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"python-tools-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"python-tools-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"tkinter-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"tkinter-2.3.4-14.4.el4_6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:43:49", "description": "An integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : python on SL4.x, SL3.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20071210_PYTHON_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60327", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60327);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n\n script_name(english:\"Scientific Linux Security Update : python on SL4.x, SL3.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0712&L=scientific-linux-errata&T=0&P=1527\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f442abf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"python-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"python-devel-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"python-docs-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"python-tools-2.2.3-6.8\")) flag++;\nif (rpm_check(release:\"SL3\", reference:\"tkinter-2.2.3-6.8\")) flag++;\n\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"python-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"python-2.3.4-14.4.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"python-devel-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"python-devel-2.3.4-14.4.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"python-docs-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"python-docs-2.3.4-14.4.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"python-tools-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"python-tools-2.3.4-14.4.el4.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"i386\", reference:\"tkinter-2.3.4-14.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", cpu:\"x86_64\", reference:\"tkinter-2.3.4-14.4.el4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:05:56", "description": "Updated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 28, "published": "2007-12-11T00:00:00", "title": "RHEL 3 / 4 : python (RHSA-2007:1076)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "modified": "2007-12-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:python-tools", "p-cpe:/a:redhat:enterprise_linux:python", "p-cpe:/a:redhat:enterprise_linux:python-devel", "p-cpe:/a:redhat:enterprise_linux:tkinter", "p-cpe:/a:redhat:enterprise_linux:python-docs", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2007-1076.NASL", "href": "https://www.tenable.com/plugins/nessus/29301", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:1076. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29301);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-7228\", \"CVE-2007-2052\", \"CVE-2007-4965\");\n script_bugtraq_id(25696, 26462);\n script_xref(name:\"RHSA\", value:\"2007:1076\");\n\n script_name(english:\"RHEL 3 / 4 : python (RHSA-2007:1076)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nAn integer overflow flaw was discovered in the way Python's pcre\nmodule handled certain regular expressions. If a Python application\nused the pcre module to compile and execute untrusted regular\nexpressions, it may be possible to cause the application to crash, or\nallow arbitrary code execution with the privileges of the Python\ninterpreter. (CVE-2006-7228)\n\nA flaw was discovered in the strxfrm() function of Python's locale\nmodule. Strings generated by this function were not properly\nNULL-terminated. This may possibly cause disclosure of data stored in\nthe memory of a Python application using this function.\n(CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop\nmodule. If an application written in Python used the imageop module to\nprocess untrusted images, it could cause the application to crash,\nenter an infinite loop, or possibly execute arbitrary code with the\nprivileges of the Python interpreter. (CVE-2007-4965)\n\nUsers of Python are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-7228\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-2052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-4965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:1076\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:1076\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"python-2.2.3-6.8\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"python-devel-2.2.3-6.8\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"python-tools-2.2.3-6.8\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"tkinter-2.2.3-6.8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-2.3.4-14.4.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-devel-2.3.4-14.4.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-docs-2.3.4-14.4.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-tools-2.3.4-14.4.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"tkinter-2.3.4-14.4.el4_6.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:31:46", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2052", "CVE-2007-4965"], "description": "Piotr Engelking discovered that strxfrm in Python was not correctly \ncalculating the size of the destination buffer. This could lead to small \ninformation leaks, which might be used by attackers to gain additional \nknowledge about the state of a running Python script. (CVE-2007-2052)\n\nA flaw was discovered in the Python imageop module. If a script using \nthe module could be tricked into processing a specially crafted set of \narguments, a remote attacker could execute arbitrary code, or cause the \napplication to crash. (CVE-2007-4965)", "edition": 5, "modified": "2008-03-11T00:00:00", "published": "2008-03-11T00:00:00", "id": "USN-585-1", "href": "https://ubuntu.com/security/notices/USN-585-1", "title": "Python vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:22", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2052", "CVE-2006-7228"], "description": "**CentOS Errata and Security Advisory** CESA-2007:1077-01\n\n\nPython is an interpreted, interactive, object-oriented programming\r\nlanguage.\r\n\r\nAn integer overflow flaw was discovered in the way Python's pcre module\r\nhandled certain regular expressions. If a Python application used the pcre\r\nmodule to compile and execute untrusted regular expressions, it may be\r\npossible to cause the application to crash, or allow arbitrary code\r\nexecution with the privileges of the Python interpreter. (CVE-2006-7228)\r\n\r\nA flaw was discovered in the strxfrm() function of Python's locale module.\r\nStrings generated by this function were not properly NULL-terminated, which\r\ncould possibly cause disclosure of data stored in the memory of a Python\r\napplication using this function. (CVE-2007-2052)\r\n\r\nUsers of Python are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/026538.html\n\n**Affected packages:**\npython\npython-devel\npython-docs\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 5, "modified": "2007-12-11T01:22:44", "published": "2007-12-11T01:22:44", "href": "http://lists.centos.org/pipermail/centos-announce/2007-December/026538.html", "id": "CESA-2007:1077-01", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-17T03:31:17", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "description": "**CentOS Errata and Security Advisory** CESA-2007:1076\n\n\nPython is an interpreted, interactive, object-oriented programming\r\nlanguage.\r\n\r\nAn integer overflow flaw was discovered in the way Python's pcre module\r\nhandled certain regular expressions. If a Python application used the pcre\r\nmodule to compile and execute untrusted regular expressions, it may be\r\npossible to cause the application to crash, or allow arbitrary code\r\nexecution with the privileges of the Python interpreter. (CVE-2006-7228)\r\n\r\nA flaw was discovered in the strxfrm() function of Python's locale module.\r\nStrings generated by this function were not properly NULL-terminated. This\r\nmay possibly cause disclosure of data stored in the memory of a Python\r\napplication using this function. (CVE-2007-2052)\r\n\r\nMultiple integer overflow flaws were discovered in Python's imageop module.\r\nIf an application written in Python used the imageop module to process\r\nuntrusted images, it could cause the application to crash, enter an\r\ninfinite loop, or possibly execute arbitrary code with the privileges of\r\nthe Python interpreter. (CVE-2007-4965)\r\n\r\nUsers of Python are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/026529.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/026531.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/026534.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/026535.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/026543.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/026544.html\n\n**Affected packages:**\npython\npython-devel\npython-docs\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1076.html", "edition": 6, "modified": "2007-12-11T09:58:15", "published": "2007-12-10T19:37:17", "href": "http://lists.centos.org/pipermail/centos-announce/2007-December/026529.html", "id": "CESA-2007:1076", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:24:11", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1176\n\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to disclose sensitive information, crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored in\nthe memory of a Python application using this function. (CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028088.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028089.html\n\n**Affected packages:**\npython\npython-devel\npython-tools\ntkinter\n\n**Upstream details at:**\n", "edition": 3, "modified": "2009-07-29T17:31:50", "published": "2009-07-29T17:31:50", "href": "http://lists.centos.org/pipermail/centos-announce/2009-July/028088.html", "id": "CESA-2009:1176", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:38", "bulletinFamily": "unix", "cvelist": ["CVE-2006-7228", "CVE-2007-2052"], "description": "Python is an interpreted, interactive, object-oriented programming\r\nlanguage.\r\n\r\nAn integer overflow flaw was discovered in the way Python's pcre module\r\nhandled certain regular expressions. If a Python application used the pcre\r\nmodule to compile and execute untrusted regular expressions, it may be\r\npossible to cause the application to crash, or allow arbitrary code\r\nexecution with the privileges of the Python interpreter. (CVE-2006-7228)\r\n\r\nA flaw was discovered in the strxfrm() function of Python's locale module.\r\nStrings generated by this function were not properly NULL-terminated, which\r\ncould possibly cause disclosure of data stored in the memory of a Python\r\napplication using this function. (CVE-2007-2052)\r\n\r\nUsers of Python are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "modified": "2018-03-14T19:26:10", "published": "2007-12-10T05:00:00", "id": "RHSA-2007:1077", "href": "https://access.redhat.com/errata/RHSA-2007:1077", "type": "redhat", "title": "(RHSA-2007:1077) Moderate: python security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:44:39", "bulletinFamily": "unix", "cvelist": ["CVE-2006-7228", "CVE-2007-2052", "CVE-2007-4965"], "description": "Python is an interpreted, interactive, object-oriented programming\r\nlanguage.\r\n\r\nAn integer overflow flaw was discovered in the way Python's pcre module\r\nhandled certain regular expressions. If a Python application used the pcre\r\nmodule to compile and execute untrusted regular expressions, it may be\r\npossible to cause the application to crash, or allow arbitrary code\r\nexecution with the privileges of the Python interpreter. (CVE-2006-7228)\r\n\r\nA flaw was discovered in the strxfrm() function of Python's locale module.\r\nStrings generated by this function were not properly NULL-terminated. This\r\nmay possibly cause disclosure of data stored in the memory of a Python\r\napplication using this function. (CVE-2007-2052)\r\n\r\nMultiple integer overflow flaws were discovered in Python's imageop module.\r\nIf an application written in Python used the imageop module to process\r\nuntrusted images, it could cause the application to crash, enter an\r\ninfinite loop, or possibly execute arbitrary code with the privileges of\r\nthe Python interpreter. (CVE-2007-4965)\r\n\r\nUsers of Python are advised to upgrade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "modified": "2017-09-08T12:13:48", "published": "2007-12-10T05:00:00", "id": "RHSA-2007:1076", "href": "https://access.redhat.com/errata/RHSA-2007:1076", "type": "redhat", "title": "(RHSA-2007:1076) Moderate: python security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:33", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2052", "CVE-2007-4965", "CVE-2008-1721", "CVE-2008-1887", "CVE-2008-2315", "CVE-2008-3142", "CVE-2008-3143", "CVE-2008-3144", "CVE-2008-4864", "CVE-2008-5031"], "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nWhen the assert() system call was disabled, an input sanitization flaw was\nrevealed in the Python string object implementation that led to a buffer\noverflow. The missing check for negative size values meant the Python\nmemory allocator could allocate less memory than expected. This could\nresult in arbitrary code execution with the Python interpreter's\nprivileges. (CVE-2008-1887)\n\nMultiple buffer and integer overflow flaws were found in the Python Unicode\nstring processing and in the Python Unicode and string object\nimplementations. An attacker could use these flaws to cause a denial of\nservice (Python application crash). (CVE-2008-3142, CVE-2008-5031)\n\nMultiple integer overflow flaws were found in the Python imageop module. If\na Python application used the imageop module to process untrusted images,\nit could cause the application to disclose sensitive information, crash or,\npotentially, execute arbitrary code with the Python interpreter's\nprivileges. (CVE-2007-4965, CVE-2008-4864)\n\nMultiple integer underflow and overflow flaws were found in the Python\nsnprintf() wrapper implementation. An attacker could use these flaws to\ncause a denial of service (memory corruption). (CVE-2008-3144)\n\nMultiple integer overflow flaws were found in various Python modules. An\nattacker could use these flaws to cause a denial of service (Python\napplication crash). (CVE-2008-2315, CVE-2008-3143)\n\nAn integer signedness error, leading to a buffer overflow, was found\nin the Python zlib extension module. If a Python application requested\nthe negative byte count be flushed for a decompression stream, it could\ncause the application to crash or, potentially, execute arbitrary code\nwith the Python interpreter's privileges. (CVE-2008-1721)\n\nA flaw was discovered in the strxfrm() function of the Python locale\nmodule. Strings generated by this function were not properly\nNULL-terminated, which could possibly cause disclosure of data stored in\nthe memory of a Python application using this function. (CVE-2007-2052)\n\nRed Hat would like to thank David Remahl of the Apple Product Security team\nfor responsibly reporting the CVE-2008-2315 issue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "modified": "2017-09-08T12:10:58", "published": "2009-07-27T04:00:00", "id": "RHSA-2009:1176", "href": "https://access.redhat.com/errata/RHSA-2009:1176", "type": "redhat", "title": "(RHSA-2009:1176) Moderate: python security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "description": "This release corrects several security vulnerabilities in components\nshipped as part of the Red Hat Network Satellite Server Solaris client. In\na typical operating environment, these components are not used by the\nSatellite Server in a vulnerable manner. These security updates will reduce\nrisk should these components be used by other applications.\n\nSeveral flaws in Zlib were discovered. An attacker could create a\ncarefully-crafted compressed stream that would cause an application to\ncrash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers()\nutility function. An attacker could send a list of ciphers to an\napplication that used this function and overrun a buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client application\nused OpenSSL to create an SSLv2 connection to a malicious server, that\nserver could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA\nkey with exponent 3 was used an attacker could, potentially, forge a PKCS\n#1 v1.5 signature that would be incorrectly verified by implementations\nthat do not check for excess data in the RSA exponentiation result of the\nsignature. This issue affected applications that use OpenSSL to verify\nX.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. It is enabled in most servers\nthat use OpenSSL to provide support for SSL and TLS. This work-around was\nvulnerable to a man-in-the-middle attack which allowed a remote user to\nforce an SSL connection to use SSL 2.0, rather than a stronger protocol,\nsuch as SSL 3.0 or TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures, an error\ncondition was mishandled. This could result in an infinite loop which\nconsumed system memory (CVE-2006-2937).\n\nCertain public key types could take disproportionate amounts of time to\nprocess in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the Python repr() function's handling of\nUTF-32/UCS-4 strings. If an application used the repr() function on\nuntrusted data, this could lead to a denial of service or, possibly, allow\nthe execution of arbitrary code with the privileges of the application\nusing the flawed function. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale module.\nStrings generated by this function were not properly NULL-terminated. This\ncould, potentially, cause disclosure of data stored in the memory of an\napplication using this function. (CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module.\nIf an application used the imageop module to process untrusted images, it\ncould cause the application to crash, enter an infinite loop, or, possibly,\nexecute arbitrary code with the privileges of the Python interpreter.\n(CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python interpreter,\nwhich could allow a local user to gain privileges by running a script with\na long name from the current working directory. (CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these updated\npackages, which contain backported patches to correct these issues.", "modified": "2019-03-22T23:44:55", "published": "2008-08-13T04:00:00", "id": "RHSA-2008:0629", "href": "https://access.redhat.com/errata/RHSA-2008:0629", "type": "redhat", "title": "(RHSA-2008:0629) Moderate: Red Hat Network Satellite Server Solaris client security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:01", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "description": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server Solaris\nclient. In a typical operating environment, these components are not used\nby the Satellite Server in a vulnerable manner. These security updates will\nreduce risk should these components be used by other applications.\n\nSeveral flaws in Zlib was discovered. An attacker could create a\ncarefully-crafted compressed stream that would cause an application to\ncrash if the stream is opened by a user. (CVE-2005-2096). An attacker\ncould create a carefully crafted compressed stream that would cause an\napplication to crash if the stream is opened by a user. (CVE-2005-1849)\n\nA buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers()\nutility function. An attacker could send a list of ciphers to an\napplication that used this function and overrun a buffer (CVE-2006-3738).\n\nA flaw in the SSLv2 client code was discovered. If a client application\nused OpenSSL to create an SSLv2 connection to a malicious server, that\nserver could cause the client to crash. (CVE-2006-4343)\n\nAn attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA\nkey with exponent 3 is used it may be possible for an attacker to forge a\nPKCS #1 v1.5 signature that would be incorrectly verified by\nimplementations that do not check for excess data in the RSA exponentiation\nresult of the signature. This issue affected applications that use OpenSSL\nto verify X.509 certificates as well as other uses of PKCS #1 v1.5.\n(CVE-2006-4339)\n\nOpenSSL contained a software work-around for a bug in SSL handling in\nMicrosoft Internet Explorer version 3.0.2. It is enabled in most servers\nthat use OpenSSL to provide support for SSL and TLS. This work-around could\nallow an attacker, acting as a \"man in the middle\" to force an SSL\nconnection to use SSL 2.0 rather than a stronger protocol, such as SSL 3.0\nor TLS 1.0. (CVE-2005-2969)\n\nDuring OpenSSL parsing of certain invalid ASN.1 structures an error\ncondition was mishandled. This can result in an infinite loop which\nconsumed system memory (CVE-2006-2937). \n\nCertain public key types can take disproportionate amounts of time to\nprocess in OpenSSL, leading to a denial of service. (CVE-2006-2940)\n\nA flaw was discovered in the way that the Python repr() function handled\nUTF-32/UCS-4 strings. If an application written in Python used the repr()\nfunction on untrusted data, this could lead to a denial of service or\npossibly allow the execution of arbitrary code with the privileges of the\nPython application. (CVE-2006-4980)\n\nA flaw was discovered in the strxfrm() function of Python's locale module.\nStrings generated by this function were not properly NULL-terminated. This\nmay possibly cause disclosure of data stored in the memory of a Python\napplication using this function. (CVE-2007-2052)\n\nMultiple integer overflow flaws were discovered in Python's imageop module.\nIf an application written in Python used the imageop module to process\nuntrusted images, it could cause the application to crash, enter an\ninfinite loop, or possibly execute arbitrary code with the privileges of\nthe Python interpreter. (CVE-2007-4965)\n\nA stack-based buffer overflow was discovered in the Python interpreter,\nwhich could allow a local user to gain privileges by running a script with\na long name from the current working directory. (CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server should upgrade to these updated\npackages, which contain backported patches to correct these issues. ", "modified": "2019-03-22T23:44:30", "published": "2008-06-30T04:00:00", "id": "RHSA-2008:0525", "href": "https://access.redhat.com/errata/RHSA-2008:0525", "type": "redhat", "title": "(RHSA-2008:0525) Moderate: Red Hat Network Satellite Server Solaris client security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:12", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1849", "CVE-2005-2096", "CVE-2005-2969", "CVE-2006-1542", "CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-4980", "CVE-2007-2052", "CVE-2007-4965"], "description": "This release corrects several security vulnerabilities in various\ncomponents shipped as part of the Red Hat Network Satellite Server Solaris\nclient. In a typical operating environment, these components are not used\nby the Satellite Server in a vulnerable manner. These security updates will\nreduce risk should these components be used by other applications.\n\nTwo denial-of-service flaws were fixed in ZLib. (CVE-2005-2096,\nCVE-2005-1849)\n\nMultiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339,\nCVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969)\n\nMultiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052,\nCVE-2006-4980, CVE-2006-1542)\n\nUsers of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to\n5.0.2, which resolves these issues.", "modified": "2019-03-22T23:44:35", "published": "2008-05-20T04:00:00", "id": "RHSA-2008:0264", "href": "https://access.redhat.com/errata/RHSA-2008:0264", "type": "redhat", "title": "(RHSA-2008:0264) Moderate: Red Hat Network Satellite Server Solaris client security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:14", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965"], "description": " [2.2.3-6.8]\n \n - Fix possible integer overflow in image ops\n - Fix off by one strxfrm malloc\n - Fix pypcre bugs\n - Resolves: 392031 ", "edition": 4, "modified": "2007-12-10T00:00:00", "published": "2007-12-10T00:00:00", "id": "ELSA-2007-1076", "href": "http://linux.oracle.com/errata/ELSA-2007-1076.html", "title": "Moderate: python security update ", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:25", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2008-3143", "CVE-2008-4864", "CVE-2007-4965", "CVE-2008-3144", "CVE-2008-3142", "CVE-2008-2315", "CVE-2008-1887", "CVE-2008-5031"], "description": "[2.4.3-24.el5_3.6]\n- Fix all of the low priority security bugs:\n- Resolves: rhbz#486351\n- Multiple integer overflows in python core (CVE-2008-2315)\n- Resolves: 455008\n- PyString_FromStringAndSize does not check for negative size values (CVE-2008-1887)\n- Resolves: 443810\n- Multiple integer overflows discovered by Google (CVE-2008-3143)\n- Resolves: 455013\n- Multiple buffer overflows in unicode processing (CVE-2008-3142)\n- Resolves: 454990\n- Potential integer underflow and overflow in the PyOS_vsnprintf C API function (CVE-2008-3144)\n- Resolves: 455018\n- imageop module multiple integer overflows (CVE-2008-4864)\n- Resolves: 469656\n- stringobject, unicodeobject integer overflows (CVE-2008-5031) \n- Resolves: 470915\n- integer signedness error in the zlib extension module (CVE-2008-1721)\n- Resolves: 442005\n- off-by-one locale.strxfrm() (possible memory disclosure) (CVE-2007-2052)\n- Resolves: 235093\n- imageop module heap corruption (CVE-2007-4965)\n- Resolves: 295971 ", "edition": 4, "modified": "2009-07-27T00:00:00", "published": "2009-07-27T00:00:00", "id": "ELSA-2009-1176", "href": "http://linux.oracle.com/errata/ELSA-2009-1176.html", "title": "python security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:18:32", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2007-4965", "CVE-2008-1679", "CVE-2008-1887"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1551-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nApril 19, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : python2.4\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887\n\nSeveral vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-2052\n\n Piotr Engelking discovered that the strxfrm() function of the locale\n module miscalculates the length of an internal buffer, which may\n result in a minor information disclosure.\n\nCVE-2007-4965\n\n It was discovered that several integer overflows in the imageop\n module may lead to the execution of arbitrary code, if a user is\n tricked into processing malformed images. This issue is also\n tracked as CVE-2008-1679 due to an initially incomplete patch.\n\nCVE-2008-1721\n \n Justin Ferguson discovered that a buffer overflow in the zlib\n module may lead to the execution of arbitrary code.\n\nCVE-2008-1887\n\n Justin Ferguson discovered that insufficient input validation in\n PyString_FromStringAndSize() may lead to the execution of arbitrary\n code.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.4.4-3+etch1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.5-2.\n\nWe recommend that you upgrade your python2.4 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian 4.0 (stable)\n- -------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.diff.gz\n Size/MD5 checksum: 195434 8b86b3dc4c5a86a9ad8682fee56f30ca\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz\n Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.dsc\n Size/MD5 checksum: 1201 585773fd24634e05bb56b8cc85215c65\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch1_all.deb\n Size/MD5 checksum: 589642 63092c4cd1ea78c0993345be25a162b8\n http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch1_all.deb\n Size/MD5 checksum: 60864 21664a3f029087144046b6c175e88736\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_alpha.deb\n Size/MD5 checksum: 2968890 60a29f058a96e21d278a738fbb8067bf\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_alpha.deb\n Size/MD5 checksum: 1848176 ddb7c47970f277baa00e6c080e4530bd\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_alpha.deb\n Size/MD5 checksum: 5226532 5aa6daa859acdfdfcb7445586f4a0eb6\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_alpha.deb\n Size/MD5 checksum: 963606 38c08ee31ae6189631e503ad3d76fa87\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_amd64.deb\n Size/MD5 checksum: 2967058 6f06a90e94a6068b126413111185aff5\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_amd64.deb\n Size/MD5 checksum: 1635936 d5f98666609c652224b5552f5bb6b7a9\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_amd64.deb\n Size/MD5 checksum: 966196 7436b29b52acd99872d79b595f489ace\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_amd64.deb\n Size/MD5 checksum: 5587046 82444f4d11055f259d0899a0f8574b37\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_arm.deb\n Size/MD5 checksum: 2881272 408ac2b8cd6180975109364b26ae1c95\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_arm.deb\n Size/MD5 checksum: 901442 88d59caa6744da5c62a802124087d09c\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_arm.deb\n Size/MD5 checksum: 1500512 3113ad3590f5969703ce426a23ca67dd\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_arm.deb\n Size/MD5 checksum: 5351974 4f77de8e3dd9c12aa1e06a57cee82dac\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_hppa.deb\n Size/MD5 checksum: 3073066 1b4498c26a825c27c6d9765ed8a2e33e\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_hppa.deb\n Size/MD5 checksum: 5521834 68a5524fdb007cacc29a38865a43781d\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_hppa.deb\n Size/MD5 checksum: 1798220 6c9ce4754c024fbd1674a63c5ba0f06a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_hppa.deb\n Size/MD5 checksum: 1017646 b8dd6490a43da08aa36c43712c360ff8\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_i386.deb\n Size/MD5 checksum: 2849512 2598cb802b7f5e1aac6404b801a0a7f0\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_i386.deb\n Size/MD5 checksum: 1508782 b8ffe50ecf5dfe173765dc5b263b7737\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_i386.deb\n Size/MD5 checksum: 5176966 f6892dc5e598f1811bfc32ea81a863d6\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_i386.deb\n Size/MD5 checksum: 900670 7956a1cf96b4b59de2d9e4972e04fff2\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_ia64.deb\n Size/MD5 checksum: 3371938 88e170459b0762e1db775753f6d69bb5\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_ia64.deb\n Size/MD5 checksum: 2269496 2c1ef318f92b9d4b1c202ad77c8c4462\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_ia64.deb\n Size/MD5 checksum: 1289496 d6fba2d2ea64736cf614b0b3b1ced9bf\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_ia64.deb\n Size/MD5 checksum: 6059106 e1008e68d3d775590b2a29bd7bec7b6c\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mips.deb\n Size/MD5 checksum: 2906992 e6e43c336e1095e3fe7f5985e500bf55\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mips.deb\n Size/MD5 checksum: 1725610 a9e2b6b11b1d9185885a9f99ed2d03b8\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mips.deb\n Size/MD5 checksum: 5646190 5c420d1aa984c190b121c8494c6fca5a\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mips.deb\n Size/MD5 checksum: 956712 4949e953435f72cf9d06bb8684170175\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mipsel.deb\n Size/MD5 checksum: 1717120 30986065ecf6810f46294c8ca196b538\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mipsel.deb\n Size/MD5 checksum: 939320 89571b10c2635774f65921083344a911\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mipsel.deb\n Size/MD5 checksum: 5507492 a06d9728ef16072ee50b3a1fcf7d08a8\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mipsel.deb\n Size/MD5 checksum: 2863620 90b6a4b2c498acb4a46e205d36cf8ec9\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_powerpc.deb\n Size/MD5 checksum: 1639780 4b7c83795b6d07c3a4050d5db977c577\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_powerpc.deb\n Size/MD5 checksum: 5778968 7e97b8f62daf0f91e48bf6af20552b51\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_powerpc.deb\n Size/MD5 checksum: 2956174 8e55e492ee8aa6e4787e77b161a245e5\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_powerpc.deb\n Size/MD5 checksum: 978078 9212e583942704f71a07478baa4d6446\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_s390.deb\n Size/MD5 checksum: 973904 3cc580a21934a7f5fac203235386e250\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_s390.deb\n Size/MD5 checksum: 2976776 efb7a2dc81b69a45ead47986d3b8fce5\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_s390.deb\n Size/MD5 checksum: 1646932 146ee8341c514308b15ca151753b3ca8\n http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_s390.deb\n Size/MD5 checksum: 5667818 9b4543d9a0e5f51e8d9b790f6c3b43c8\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2008-04-19T16:45:23", "published": "2008-04-19T16:45:23", "id": "DEBIAN:DSA-1551-1:41B8A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00122.html", "title": "[SECURITY] [DSA 1551-1] New python2.4 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-11T13:20:24", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2052", "CVE-2008-1721", "CVE-2007-4965", "CVE-2008-1679", "CVE-2008-1887"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1620-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 27, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : python2.5\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887\n\nSeveral vulnerabilities have been discovered in the interpreter for the\nPython language. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2007-2052\n\n Piotr Engelking discovered that the strxfrm() function of the locale\n module miscalculates the length of an internal buffer, which may\n result in a minor information disclosure.\n\nCVE-2007-4965\n\n It was discovered that several integer overflows in the imageop\n module may lead to the execution of arbitrary code, if a user is\n tricked into processing malformed images. This issue is also\n tracked as CVE-2008-1679 due to an initially incomplete patch.\n\nCVE-2008-1721\n \n Justin Ferguson discovered that a buffer overflow in the zlib\n module may lead to the execution of arbitrary code.\n\nCVE-2008-1887\n\n Justin Ferguson discovered that insufficient input validation in\n PyString_FromStringAndSize() may lead to the execution of arbitrary\n code.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 2.5-5+etch1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.5.2-3.\n\nWe recommend that you upgrade your python2.5 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1.dsc\n Size/MD5 checksum: 1304 1849941ac328ba0bccc45535c5878d4d\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5.orig.tar.gz\n Size/MD5 checksum: 11010528 2ce301134620012ad6dafb27bbcab7eb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1.diff.gz\n Size/MD5 checksum: 266589 dfbdc5caf7a95e68f68e0351228284d4\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-examples_2.5-5+etch1_all.deb\n Size/MD5 checksum: 643494 f922c5e48339e5b535a1f23f6e061700\n http://security.debian.org/pool/updates/main/p/python2.5/idle-python2.5_2.5-5+etch1_all.deb\n Size/MD5 checksum: 63258 4add97730079e7894abbbca4ba5659d4\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_alpha.deb\n Size/MD5 checksum: 849132 28c76f70110314eab90c8ea31d0da51e\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_alpha.deb\n Size/MD5 checksum: 2065734 270d593f08cdd06cbe55bdb804a5dc43\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_alpha.deb\n Size/MD5 checksum: 3596900 64d12cc349030683dc125901dff56feb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_alpha.deb\n Size/MD5 checksum: 6079808 4105398688a96f54fb7e043a3bd536d7\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_amd64.deb\n Size/MD5 checksum: 6432058 b7e802bf4a19edfaddc28ebc06bed279\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_amd64.deb\n Size/MD5 checksum: 3589530 9bbd2cea36b04746fa5437d984147f99\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_amd64.deb\n Size/MD5 checksum: 1806598 98bfee87311a8950462a9ab78c7d5719\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_amd64.deb\n Size/MD5 checksum: 849650 a95eeb3b45a0a3f74e314084d581fbd6\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_arm.deb\n Size/MD5 checksum: 1656006 8e8d3d3b991f317384fc1646139712d4\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_arm.deb\n Size/MD5 checksum: 781358 fbb5adac7469048405b2585475393475\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_arm.deb\n Size/MD5 checksum: 3447404 4a10cad96ef0aefc9ba916a39677b826\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_arm.deb\n Size/MD5 checksum: 6017500 f727562323c21bfb371e17ef9691f8e3\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_hppa.deb\n Size/MD5 checksum: 1984570 b083e1afffe4a93dd79ae4b8a7dca474\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_hppa.deb\n Size/MD5 checksum: 3679122 cb5aa4f840a12ee13094089323f0b4f9\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_hppa.deb\n Size/MD5 checksum: 887774 9cc756ce52e5380650ea754c4104c6ca\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_hppa.deb\n Size/MD5 checksum: 6204820 65d3c59dcb56277d838b776f0b2d5176\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_i386.deb\n Size/MD5 checksum: 5989758 79d6a1ed26f230a5b092603346cd31e3\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_i386.deb\n Size/MD5 checksum: 1676014 5d7353787ab562d03bb967732cd7bf46\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_i386.deb\n Size/MD5 checksum: 3445750 4b7b6629d5ee48d8413bd2ee7289726c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_i386.deb\n Size/MD5 checksum: 784320 f49d7ccf7cb106d200559169c4c013f2\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_ia64.deb\n Size/MD5 checksum: 1176036 fbc3971fbbcc8a37b2feec8570a4fa34\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_ia64.deb\n Size/MD5 checksum: 6966656 ca0fe43224b9f329afac2673379ad958\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_ia64.deb\n Size/MD5 checksum: 4037758 3be3cf7835a7e69b3189025edcdca799\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_ia64.deb\n Size/MD5 checksum: 2477104 a5cafad9926f58504c44f980d490d979\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_mips.deb\n Size/MD5 checksum: 819064 263a7a9496d171874461654ecc7db26f\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_mips.deb\n Size/MD5 checksum: 1907220 2175a2f625925e95be148d62f279c210\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_mips.deb\n Size/MD5 checksum: 3525088 a257c17981d12f9f0eb0a86fde85ca71\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_mips.deb\n Size/MD5 checksum: 6507214 8306549937264c9f1cf57288ae7e738b\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_mipsel.deb\n Size/MD5 checksum: 3456110 1a7675c9de9abd3671786d36d3ea263f\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_mipsel.deb\n Size/MD5 checksum: 817730 1a656308b4c158a6d0594f08132f8e16\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_mipsel.deb\n Size/MD5 checksum: 6336980 a01b93c916c6c658747effa637bbb58d\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_mipsel.deb\n Size/MD5 checksum: 1896534 b2b39e4d4e79b6afa13b24beccc5ab7c\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_powerpc.deb\n Size/MD5 checksum: 3590820 f419e6c0b439e8391ce118a22f66179e\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_powerpc.deb\n Size/MD5 checksum: 843170 ae9e553f9c5e278f42bb6bc2bef215aa\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_powerpc.deb\n Size/MD5 checksum: 6648508 512e75472dcb919d7987472f7ea1c57c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_powerpc.deb\n Size/MD5 checksum: 1809928 1f43ae54d0b5836abbbfc59083d60bb4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_s390.deb\n Size/MD5 checksum: 841474 9e0a8a5eaf9100fb03caa3ac77aa2d63\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_s390.deb\n Size/MD5 checksum: 1816794 a718f4d0c010ca9686068e0bbd8ec919\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_s390.deb\n Size/MD5 checksum: 6535426 4aa0738ecf30b99614440f134a2096fb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_s390.deb\n Size/MD5 checksum: 3614770 6fdb0e38779312a7a66d57e373c38a38\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dev_2.5-5+etch1_sparc.deb\n Size/MD5 checksum: 1759842 5897eefdb79bfeb3cc470959e04dcb7c\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-dbg_2.5-5+etch1_sparc.deb\n Size/MD5 checksum: 5995652 13848fd47c5a9047172d246c12dee03e\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5_2.5-5+etch1_sparc.deb\n Size/MD5 checksum: 3493896 d327f5fc4dbd282db977eade02c9b7eb\n http://security.debian.org/pool/updates/main/p/python2.5/python2.5-minimal_2.5-5+etch1_sparc.deb\n Size/MD5 checksum: 778284 bd2ad97592529526e7c08862baf28cdc\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 3, "modified": "2008-07-27T13:13:43", "published": "2008-07-27T13:13:43", "id": "DEBIAN:DSA-1620-1:7CA52", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00205.html", "title": "[SECURITY] [DSA 1620-1] New python2.5 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "vmware": [{"lastseen": "2019-11-06T16:05:53", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2052", "CVE-2006-7228", "CVE-2007-4965", "CVE-2007-4308", "CVE-2007-6015"], "description": "I Updated ESX driver\n", "edition": 4, "modified": "2008-04-15T00:00:00", "published": "2008-02-04T00:00:00", "id": "VMSA-2008-0003", "href": "https://www.vmware.com/security/advisories/VMSA-2008-0003.html", "title": "Updated aacraid driver and Samba and Python service console updates", "type": "vmware", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-06T16:05:47", "bulletinFamily": "unix", "cvelist": ["CVE-2007-5342", "CVE-2007-2052", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-2670", "CVE-2009-1895", "CVE-2009-2692", "CVE-2009-1099", "CVE-2009-2716", "CVE-2009-2417", "CVE-2008-1721", "CVE-2009-1097", "CVE-2008-3143", "CVE-2009-2414", "CVE-2008-4864", "CVE-2009-1385", "CVE-2008-5700", "CVE-2008-3528", "CVE-2009-0033", "CVE-2009-2723", "CVE-2009-2718", "CVE-2007-5333", "CVE-2009-0675", "CVE-2009-0747", "CVE-2009-0787", "CVE-2009-2416", "CVE-2008-4307", "CVE-2009-0696", "CVE-2009-2722", "CVE-2007-4965", "CVE-2009-0746", "CVE-2009-0580", "CVE-2009-2698", "CVE-2009-0028", "CVE-2009-2720", "CVE-2009-0781", "CVE-2008-5515", "CVE-2009-2625", "CVE-2008-1947", "CVE-2009-0778", "CVE-2009-2673", "CVE-2009-1100", "CVE-2008-3144", "CVE-2009-1072", "CVE-2009-0322", "CVE-2009-0159", "CVE-2009-0676", "CVE-2009-1192", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-0745", "CVE-2007-5461", "CVE-2008-3142", "CVE-2009-2407", "CVE-2009-1106", "CVE-2009-1337", "CVE-2009-1103", "CVE-2007-5966", "CVE-2009-1388", "CVE-2009-0783", "CVE-2009-0269", "CVE-2007-6286", "CVE-2009-2724", "CVE-2009-1389", "CVE-2008-2370", "CVE-2009-0834", "CVE-2009-1633", "CVE-2008-2315", "CVE-2009-0748", "CVE-2009-1101", "CVE-2009-2406", "CVE-2009-1439", "CVE-2009-1336", "CVE-2009-2848", "CVE-2009-1252", "CVE-2008-1887", "CVE-2009-1107", "CVE-2009-2671", "CVE-2008-1232", "CVE-2008-5031", "CVE-2009-1102", "CVE-2009-1630", "CVE-2009-2672", "CVE-2009-2847", "CVE-2009-2719", "CVE-2009-2676", "CVE-2009-1105", "CVE-2009-2721", "CVE-2009-2675", "CVE-2008-0002"], "description": "a. JRE Security Update \n \nJRE update to version 1.5.0_20, which addresses multiple security \nissues that existed in earlier releases of JRE. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the following names to the security issues fixed in \nJRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, \nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, \nCVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, \nCVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the following names to the security issues fixed in \nJRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, \nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, \nCVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, \nCVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. \nThe following table lists what action remediates the vulnerability \n(column 4) if a solution is available. \n\n", "edition": 4, "modified": "2010-03-29T00:00:00", "published": "2009-11-20T00:00:00", "id": "VMSA-2009-0016", "href": "https://www.vmware.com/security/advisories/VMSA-2009-0016.html", "title": "VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.", "type": "vmware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}