{"id": "RHSA-2011:0492", "hash": "4f47b2373344dc022ddc2b71f75b42e7", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2011:0492) Moderate: python security update", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially-crafted XML file could cause Python applications using the Python\nExpat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own\ninternal copy; therefore, users must have the version of Expat shipped with\nRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\nissue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "published": "2011-05-05T04:00:00", "modified": "2017-09-08T12:10:56", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:0492", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3720", "CVE-2010-3493", "CVE-2011-1015", "CVE-2011-1521"], "lastseen": "2018-12-11T17:42:10", "history": [{"bulletin": {"id": "RHSA-2011:0492", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2011:0492) Moderate: python security update", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially-crafted XML file could cause Python applications using the Python\nExpat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own\ninternal copy; therefore, users must have the version of Expat shipped with\nRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\nissue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "published": "2011-05-05T04:00:00", "modified": "2016-04-04T18:37:48", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:0492", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2010-3493", "CVE-2011-1521", "CVE-2011-1015", "CVE-2009-3720"], "lastseen": "2016-09-04T11:17:43", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"arch": "ia64", "packageFilename": "python-2.4.3-44.el5.ia64.rpm", "OSVersion": "5", "packageName": "python", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "python-2.4.3-44.el5.ppc.rpm", "OSVersion": "5", "packageName": "python", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "python-tools-2.4.3-44.el5.ppc.rpm", "OSVersion": "5", "packageName": "python-tools", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-devel-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "packageName": "python-devel", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "python-devel-2.4.3-44.el5.ppc64.rpm", "OSVersion": "5", "packageName": "python-devel", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "src", "packageFilename": "python-2.4.3-44.el5.src.rpm", "OSVersion": "5", "packageName": "python", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "python-2.4.3-44.el5.s390x.rpm", "OSVersion": "5", "packageName": "python", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390", "packageFilename": "python-devel-2.4.3-44.el5.s390.rpm", "OSVersion": "5", "packageName": "python-devel", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "python-devel-2.4.3-44.el5.s390x.rpm", "OSVersion": "5", "packageName": "python-devel", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "tkinter-2.4.3-44.el5.s390x.rpm", "OSVersion": "5", "packageName": "tkinter", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "tkinter-2.4.3-44.el5.ia64.rpm", "OSVersion": "5", "packageName": "tkinter", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "python-libs-2.4.3-44.el5.s390x.rpm", "OSVersion": "5", "packageName": "python-libs", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "python-tools-2.4.3-44.el5.i386.rpm", "OSVersion": "5", "packageName": "python-tools", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "tkinter-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "packageName": "tkinter", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-tools-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "packageName": "python-tools", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "python-devel-2.4.3-44.el5.ppc.rpm", "OSVersion": "5", "packageName": "python-devel", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "packageName": "python", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "python-libs-2.4.3-44.el5.i386.rpm", "OSVersion": "5", "packageName": "python-libs", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "python-2.4.3-44.el5.i386.rpm", "OSVersion": "5", "packageName": "python", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "python-devel-2.4.3-44.el5.i386.rpm", "OSVersion": "5", "packageName": "python-devel", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-libs-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "packageName": "python-libs", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "tkinter-2.4.3-44.el5.i386.rpm", "OSVersion": "5", "packageName": "tkinter", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "tkinter-2.4.3-44.el5.ppc.rpm", "OSVersion": "5", "packageName": "tkinter", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "python-tools-2.4.3-44.el5.ia64.rpm", "OSVersion": "5", "packageName": "python-tools", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "python-devel-2.4.3-44.el5.ia64.rpm", "OSVersion": "5", "packageName": "python-devel", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "python-libs-2.4.3-44.el5.ia64.rpm", "OSVersion": "5", "packageName": "python-libs", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "python-tools-2.4.3-44.el5.s390x.rpm", "OSVersion": "5", "packageName": "python-tools", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "python-libs-2.4.3-44.el5.ppc.rpm", "OSVersion": "5", "packageName": "python-libs", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "python-libs-2.4.3-44.el5.ppc64.rpm", "OSVersion": "5", "packageName": "python-libs", "operator": "lt", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}]}, "lastseen": "2016-09-04T11:17:43", "differentElements": ["affectedPackage", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2011:0492", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2011:0492) Moderate: python security update", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially-crafted XML file could cause Python applications using the Python\nExpat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own\ninternal copy; therefore, users must have the version of Expat shipped with\nRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\nissue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "published": "2011-05-05T04:00:00", "modified": "2017-07-29T20:40:55", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:0492", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3720", "CVE-2010-3493", "CVE-2011-1015", "CVE-2011-1521"], "lastseen": "2017-08-02T22:57:49", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"arch": "i386", "packageFilename": "python-devel-2.4.3-44.el5.i386.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-devel", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-devel-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-devel", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-libs-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-libs", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-tools-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-tools", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "tkinter-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "tkinter", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}]}, "lastseen": "2017-08-02T22:57:49", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2011:0492", "hash": "584003e7e40ff5d93b8af77b27f5f604", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2011:0492) Moderate: python security update", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially-crafted XML file could cause Python applications using the Python\nExpat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own\ninternal copy; therefore, users must have the version of Expat shipped with\nRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\nissue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "published": "2011-05-05T04:00:00", "modified": "2017-09-08T12:10:56", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:0492", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2009-3720", "CVE-2010-3493", "CVE-2011-1015", "CVE-2011-1521"], "lastseen": "2017-09-09T07:19:55", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"arch": "i386", "packageFilename": "python-2.4.3-44.el5.i386.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "python-libs-2.4.3-44.el5.i386.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-libs", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "python-tools-2.4.3-44.el5.i386.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-tools", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "tkinter-2.4.3-44.el5.i386.rpm", "OSVersion": "5", "operator": "lt", "packageName": "tkinter", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "src", "packageFilename": "python-2.4.3-44.el5.src.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-libs-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-libs", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-tools-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-tools", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "tkinter-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "tkinter", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "python-2.4.3-44.el5.ppc.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "python-devel-2.4.3-44.el5.ppc.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-devel", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "python-libs-2.4.3-44.el5.ppc.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-libs", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "python-tools-2.4.3-44.el5.ppc.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-tools", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc", "packageFilename": "tkinter-2.4.3-44.el5.ppc.rpm", "OSVersion": "5", "operator": "lt", "packageName": "tkinter", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "python-devel-2.4.3-44.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-devel", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ppc64", "packageFilename": "python-libs-2.4.3-44.el5.ppc64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-libs", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390", "packageFilename": "python-devel-2.4.3-44.el5.s390.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-devel", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "python-2.4.3-44.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "python-devel-2.4.3-44.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-devel", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "python-libs-2.4.3-44.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-libs", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "python-tools-2.4.3-44.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-tools", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "s390x", "packageFilename": "tkinter-2.4.3-44.el5.s390x.rpm", "OSVersion": "5", "operator": "lt", "packageName": "tkinter", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "python-2.4.3-44.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "python-devel-2.4.3-44.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-devel", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "python-libs-2.4.3-44.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-libs", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "python-tools-2.4.3-44.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-tools", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "ia64", "packageFilename": "tkinter-2.4.3-44.el5.ia64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "tkinter", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "i386", "packageFilename": "python-devel-2.4.3-44.el5.i386.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-devel", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}, {"arch": "x86_64", "packageFilename": "python-devel-2.4.3-44.el5.x86_64.rpm", "OSVersion": "5", "operator": "lt", "packageName": "python-devel", "packageVersion": "2.4.3-44.el5", "OS": "RedHat"}]}, "lastseen": "2017-09-09T07:19:55", "differentElements": ["affectedPackage"], "edition": 3}], "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3720", "CVE-2010-3493", "CVE-2011-1015", "CVE-2011-1521"]}, {"type": "openvas", "idList": ["OPENVAS:881282", "OPENVAS:880500", "OPENVAS:1361412562310880500", "OPENVAS:870428", "OPENVAS:1361412562310870428", "OPENVAS:1361412562310122181", "OPENVAS:1361412562310881282", "OPENVAS:1361412562310122171", "OPENVAS:1361412562310870597", "OPENVAS:870597"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0492", "ELSA-2011-0491", "ELSA-2011-0554"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2011-0492.NASL", "CENTOS_RHSA-2011-0492.NASL", "ORACLELINUX_ELSA-2011-0492.NASL", "SL_20110519_PYTHON_ON_SL6_X.NASL", "REDHAT-RHSA-2011-0554.NASL", "CENTOS_RHSA-2011-0491.NASL", "SL_20110505_PYTHON_ON_SL4_X.NASL", "ORACLELINUX_ELSA-2011-0491.NASL", "REDHAT-RHSA-2011-0491.NASL", "UBUNTU_USN-1314-1.NASL"]}, {"type": "centos", "idList": ["CESA-2011:0492", "CESA-2011:0491"]}, {"type": "redhat", "idList": ["RHSA-2011:0554", "RHSA-2011:0491", "RHSA-2010:0002"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11688", "SECURITYVULNS:DOC:26401"]}, {"type": "ubuntu", "idList": ["USN-1314-1", "USN-1613-1", "USN-1596-1", "USN-1613-2"]}, {"type": "f5", "idList": ["SOL15905", "F5:K15905", "F5:K75910138"]}], "modified": "2018-12-11T17:42:10"}, "vulnersScore": 2.1}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "python", "packageVersion": "2.4.3-44.el5", "packageFilename": "python-2.4.3-44.el5.i386.rpm", "operator": "lt"}], "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2017-09-19T13:37:06", "bulletinFamily": "NVD", "description": "Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.", "modified": "2017-09-18T21:31:24", "published": "2010-10-19T16:00:04", "id": "CVE-2010-3493", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3493", "title": "CVE-2010-3493", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:36:40", "bulletinFamily": "NVD", "description": "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.", "modified": "2017-09-18T21:29:44", "published": "2009-11-03T11:30:12", "id": "CVE-2009-3720", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3720", "title": "CVE-2009-3720", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T15:14:15", "bulletinFamily": "NVD", "description": "The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.", "modified": "2014-02-20T23:41:39", "published": "2011-05-24T19:55:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1521", "id": "CVE-2011-1521", "title": "CVE-2011-1521", "type": "cve", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T15:06:36", "bulletinFamily": "NVD", "description": "The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / (slash) character at the beginning of the URI.", "modified": "2013-05-14T23:16:47", "published": "2011-05-09T18:55:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1015", "id": "CVE-2011-1015", "title": "CVE-2011-1015", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2018-01-02T10:57:43", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2017-12-27T00:00:00", "published": "2012-07-30T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881282", "id": "OPENVAS:881282", "title": "CentOS Update for python CESA-2011:0492 centos5 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2011:0492 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n \n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n \n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n \n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n \n This update makes Python use the system Expat library rather than its own\n internal copy; therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"python on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-May/017519.html\");\n script_id(881282);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:15:55 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0492\");\n script_name(\"CentOS Update for python CESA-2011:0492 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:17", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2018-04-06T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880500", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880500", "title": "CentOS Update for python CESA-2011:0492 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2011:0492 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n \n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n \n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n \n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n \n This update makes Python use the system Expat library rather than its own\n internal copy; therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-May/017518.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880500\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0492\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_name(\"CentOS Update for python CESA-2011:0492 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:19", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2017-07-12T00:00:00", "published": "2011-05-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870428", "id": "OPENVAS:870428", "title": "RedHat Update for python RHSA-2011:0492-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2011:0492-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n \n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n \n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n \n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n \n This update makes Python use the system Expat library rather than its own\n internal copy; therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00006.html\");\n script_id(870428);\n script_version(\"$Revision: 6685 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:44:46 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-06 16:22:00 +0200 (Fri, 06 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:0492-01\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_name(\"RedHat Update for python RHSA-2011:0492-01\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:01:57", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2018-04-06T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881282", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881282", "title": "CentOS Update for python CESA-2011:0492 centos5 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2011:0492 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n \n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n \n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n \n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n \n This update makes Python use the system Expat library rather than its own\n internal copy; therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\n\ntag_affected = \"python on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-May/017519.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881282\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:15:55 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0492\");\n script_name(\"CentOS Update for python CESA-2011:0492 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:24:26", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2011-0492", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122181", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122181", "title": "Oracle Linux Local Check: ELSA-2011-0492", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0492.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122181\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:22 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0492\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0492\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0492.html\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~44.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~44.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~44.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~44.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~44.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:18:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2011-05-06T00:00:00", "id": "OPENVAS:1361412562310870428", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870428", "title": "RedHat Update for python RHSA-2011:0492-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2011:0492-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00006.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870428\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-05-06 16:22:00 +0200 (Fri, 06 May 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:0492-01\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_name(\"RedHat Update for python RHSA-2011:0492-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"python on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n\n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n\n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n\n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n\n This update makes Python use the system Expat library rather than its own\n internal copy; therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n\n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~44.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:35", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880500", "id": "OPENVAS:880500", "title": "CentOS Update for python CESA-2011:0492 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for python CESA-2011:0492 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n \n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n \n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n \n A buffer over-read flaw was found in the way the Python Expat parser\n handled malformed UTF-8 sequences when processing XML files. A\n specially-crafted XML file could cause Python applications using the Python\n Expat parser to crash while parsing the file. (CVE-2009-3720)\n \n This update makes Python use the system Expat library rather than its own\n internal copy; therefore, users must have the version of Expat shipped with\n RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\n issue.\n \n All Python users should upgrade to these updated packages, which contain\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"python on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-May/017518.html\");\n script_id(880500);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0492\");\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_name(\"CentOS Update for python CESA-2011:0492 centos5 i386\");\n\n script_summary(\"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.4.3~44.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:25:24", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2011-0554", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122171", "title": "Oracle Linux Local Check: ELSA-2011-0554", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0554.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122171\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:13 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0554\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0554 - python security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0554\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0554.html\");\n script_cve_id(\"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.6~20.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.6.6~20.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.6.6~2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.6.6~20.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-test\", rpm:\"python-test~2.6.6~20.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-tools\", rpm:\"python-tools~2.6.6~20.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.6.6~20.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:15:49", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-06-06T00:00:00", "id": "OPENVAS:1361412562310870597", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870597", "title": "RedHat Update for python RHSA-2011:0554-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2011:0554-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870597\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:31:24 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:0554-01\");\n script_name(\"RedHat Update for python RHSA-2011:0554-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"python on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n\n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n\n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n\n This erratum also upgrades Python to upstream version 2.6.6, and includes a\n number of bug fixes and enhancements. Documentation for these bug fixes\n and enhancements is available from the Technical Notes document, linked to\n in the References section.\n\n All users of Python are advised to upgrade to these updated packages, which\n correct these issues, and fix the bugs and add the enhancements noted in\n the Technical Notes.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.6~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.6.6~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.6.6~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.6.6~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.6.6~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.6.6~2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:06:55", "bulletinFamily": "scanner", "description": "Check for the Version of python", "modified": "2018-01-10T00:00:00", "published": "2012-06-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870597", "id": "OPENVAS:870597", "title": "RedHat Update for python RHSA-2011:0554-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for python RHSA-2011:0554-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Python is an interpreted, interactive, object-oriented programming\n language.\n\n A flaw was found in the Python urllib and urllib2 libraries where they\n would not differentiate between different target URLs when handling\n automatic redirects. This caused Python applications using these modules to\n follow any new URL that they understood, including the &quot;file://&quot; URL type.\n This could allow a remote server to force a local Python application to\n read a local file instead of the remote one, possibly exposing local files\n that were not meant to be exposed. (CVE-2011-1521)\n\n A race condition was found in the way the Python smtpd module handled new\n connections. A remote user could use this flaw to cause a Python script\n using the smtpd module to terminate. (CVE-2010-3493)\n\n An information disclosure flaw was found in the way the Python\n CGIHTTPServer module processed certain HTTP GET requests. A remote attacker\n could use a specially-crafted request to obtain the CGI script's source\n code. (CVE-2011-1015)\n\n This erratum also upgrades Python to upstream version 2.6.6, and includes a\n number of bug fixes and enhancements. Documentation for these bug fixes\n and enhancements is available from the Technical Notes document, linked to\n in the References section.\n\n All users of Python are advised to upgrade to these updated packages, which\n correct these issues, and fix the bugs and add the enhancements noted in\n the Technical Notes.\";\n\ntag_affected = \"python on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00016.html\");\n script_id(870597);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:31:24 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:0554-01\");\n script_name(\"RedHat Update for python RHSA-2011:0554-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"python\", rpm:\"python~2.6.6~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-debuginfo\", rpm:\"python-debuginfo~2.6.6~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-devel\", rpm:\"python-devel~2.6.6~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libs\", rpm:\"python-libs~2.6.6~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tkinter\", rpm:\"tkinter~2.6.6~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-docs\", rpm:\"python-docs~2.6.6~2.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:41:31", "bulletinFamily": "unix", "description": "[2.4.3-44]\n- add patch adapted from upstream (patch 208) to add support for building\nagainst system expat; add --with-system-expat to configure invocation; remove\nembedded copy of expat-1.95.8 from the source tree during prep\n- ensure pyexpat.so gets built by explicitly listing all C modules in the\npayload in %files, rather than using dynfiles\nResolves: CVE-2009-3720\n- backport three security fixes to 2.4 (patches 209, 210, 211):\nResolves: CVE-2011-1521\nResolves: CVE-2011-1015\nResolves: CVE-2010-3493", "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "ELSA-2011-0492", "href": "http://linux.oracle.com/errata/ELSA-2011-0492.html", "title": "python security update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:48:07", "bulletinFamily": "unix", "description": "[2.3.4-14.10]\n- add patch adapted from upstream (patch 208) to add support for building\nagainst system expat; add --with-system-expat to configure invocation; remove\nembedded copy of expat 1.95.7 from the source tree during prep\n- ensure pyexpat.so gets built by explicitly listing all C modules in the\npayload in %files, rather than using dynfiles\nRelated: CVE-2009-3720\n- fixes for other security bugs (patches 44, 45, 46, 47, 48)\nResolves: CVE-2010-3493\nResolves: CVE-2011-1015\nResolves: CVE-2011-1521\nResolves: CVE-2010-1634\nResolves: CVE-2010-2089", "modified": "2011-05-05T00:00:00", "published": "2011-05-05T00:00:00", "id": "ELSA-2011-0491", "href": "http://linux.oracle.com/errata/ELSA-2011-0491.html", "title": "python security update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:48:33", "bulletinFamily": "unix", "description": "python:\n[2.6.6-20]\nResolves: CVE-2010-3493\n[2.6.6-19]\nResolves: CVE-2011-1015\n[2.6.6-18]\nResolves: CVE-2011-1521\n[2.6.6-17]\n- recompile against systemtap 1.4\nRelated: rhbz#569695\n[2.6.6-16]\n- recompile against systemtap 1.4\nRelated: rhbz#569695\n[2.6.6-15]\n- fix race condition that sometimes breaks the build with parallel make\nResolves: rhbz#690315\n[2.6.6-14]\n- backport pre-canned ways of salting a password to the 'crypt' module\nResolves: rhbz#681878\n[2.6.6-13]\n- move lib2to3/tests to the python-test subpackage\nRelated: rhbz#625395\n[2.6.6-12]\n- fix a new test in 2.6.6 that was failing on 64-bit big-endian architectures\nResolves: rhbz#677392\n[2.6.6-11]\n- fix incompatibility between 2.6.6 and our non-standard M2Crypto.SSL.SSLTimeoutError\nResolves: rhbz#681811\n[2.6.6-10]\n- add workaround for bug in rhythmbox-0.12 exposed by python 2.6.6\nResolves: rhbz#684991\n[2.6.6-9]\n- prevent tracebacks for the 'py-bt' gdb command on x86_64\nResolves: rhbz#639392\n[2.6.6-8]\n- fix a regression in 2.6.6 relative to 2.6.5 in urllib2\nResolves: rhbz#669847\n[2.6.6-7]\n- add an optional 'timeout' argument to the subprocess module (patch 131)\nResolves: rhbz#567229\n[2.6.6-6]\n- prevent _sqlite3.so being built with a redundant RPATH of _libdir (patch 130)\n- remove DOS batch file 'idle.bat'\n- remove shebang lines from .py files that aren't executable, and remove\nexecutability from .py files that don't have a shebang line\nRelated: rhbz#634944\n- add 'Obsoletes: python-ssl' to core package, as 2.6 contains the ssl module\nResolves: rhbz#529274\n[2.6.6-5]\n- allow the 'no_proxy' environment variable to override 'ftp_proxy' in\nurllib2 (patch 128)\nResolves: rhbz#637895\n- make garbage-collection assertion failures more informative (patch 129)\nResolves: rhbz#614680\n[2.6.6-4]\n- backport subprocess fixes to use the 'poll' system call, rather than 'select'\nResolves: rhbz#650588\n[2.6.6-3]\n- use an ephemeral port for IDLE, enabling multiple instances to be run\nResolves: rhbz#639222\n- add systemtap static markers, tapsets, and example scripts\nResolves: rhbz#569695\n[2.6.6-2]\n- fix dbm.release on ppc64/s390x\nResolves: rhbz#626756\n- fix missing lib2to3 test files\nResolves: rhbz#625395\n- fix test.test_commands SELinux incompatibility\nResolves: rhbz#625393\n- make 'pydoc -k' more robust in the face of broken modules\nResolves: rhbz#603073\n[2.6.6-1]\n- rebase to 2.6.6: (which contains the big whitespace cleanup of r81031)\n http://www.python.org/download/releases/2.6.6/\n - fixup patch 102, patch 11, patch 52, patch 110\n - drop upstreamed patches: patch 113 (CVE-2010-1634), patch 114\n (CVE-2010-2089), patch 115 (CVE-2008-5983), patch 116 (rhbz598564),\n patch 118 (rhbz540518)\n - add fix for upstream bug in test_posix.py introduced in 2.6.6 (patch 120)\nResolves: rhbz#627301\npython-docs:\n[2.6.6-2]\n- rebuild\n[2.6.6-1]\n- rebase to 2.6.6 to track the main python package\nRelated: rhbz#627301", "modified": "2011-05-28T00:00:00", "published": "2011-05-28T00:00:00", "id": "ELSA-2011-0554", "href": "http://linux.oracle.com/errata/ELSA-2011-0554.html", "title": "python security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:12:08", "bulletinFamily": "scanner", "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-11-10T00:00:00", "published": "2011-05-06T00:00:00", "id": "CENTOS_RHSA-2011-0492.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53815", "title": "CentOS 5 : python (CESA-2011:0492)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0492 and \n# CentOS Errata and Security Advisory 2011:0492 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53815);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0492\");\n\n script_name(english:\"CentOS 5 : python (CESA-2011:0492)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017518.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e31c929d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017519.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68bb9ae5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-devel-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:42", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:0492 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2011-0492.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68271", "title": "Oracle Linux 5 : python (ELSA-2011-0492)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0492 and \n# Oracle Linux Security Advisory ELSA-2011-0492 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68271);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0492\");\n\n script_name(english:\"Oracle Linux 5 : python (ELSA-2011-0492)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0492 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-May/002121.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"python-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"python-devel-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-libs / python-tools / tkinter\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:12:08", "bulletinFamily": "scanner", "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-11-26T00:00:00", "published": "2011-05-06T00:00:00", "id": "REDHAT-RHSA-2011-0492.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53821", "title": "RHEL 5 : python (RHSA-2011:0492)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0492. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53821);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2018/11/26 11:02:14\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0492\");\n\n script_name(english:\"RHEL 5 : python (RHSA-2011:0492)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0492\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0492\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"python-devel-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-libs / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:14:25", "bulletinFamily": "scanner", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nThis erratum also upgrades Python to upstream version 2.6.6, and\nincludes a number of bug fixes and enhancements. Documentation for\nthese bug fixes and enhancements is available from the Technical Notes\ndocument, linked to in the References section.\n\nAll users of Python are advised to upgrade to these updated packages,\nwhich correct these issues, and fix the bugs and add the enhancements\nnoted in the Technical Notes.", "modified": "2018-12-31T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20110519_PYTHON_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61046", "title": "Scientific Linux Security Update : python on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61046);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n\n script_name(english:\"Scientific Linux Security Update : python on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nThis erratum also upgrades Python to upstream version 2.6.6, and\nincludes a number of bug fixes and enhancements. Documentation for\nthese bug fixes and enhancements is available from the Technical Notes\ndocument, linked to in the References section.\n\nAll users of Python are advised to upgrade to these updated packages,\nwhich correct these issues, and fix the bugs and add the enhancements\nnoted in the Technical Notes.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=660\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e9be180\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"python-2.6.6-20.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-devel-2.6.6-20.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-libs-2.6.6-20.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-test-2.6.6-20.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-tools-2.6.6-20.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"tkinter-2.6.6-20.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:12:10", "bulletinFamily": "scanner", "description": "Updated python packages that fix three security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nThis erratum also upgrades Python to upstream version 2.6.6, and\nincludes a number of bug fixes and enhancements. Documentation for\nthese bug fixes and enhancements is available from the Technical Notes\ndocument, linked to in the References section.\n\nAll users of Python are advised to upgrade to these updated packages,\nwhich correct these issues, and fix the bugs and add the enhancements\nnoted in the Technical Notes.", "modified": "2018-12-20T00:00:00", "published": "2011-05-20T00:00:00", "id": "REDHAT-RHSA-2011-0554.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=54592", "title": "RHEL 6 : python (RHSA-2011:0554)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0554. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(54592);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0554\");\n\n script_name(english:\"RHEL 6 : python (RHSA-2011:0554)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix three security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise\nLinux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nThis erratum also upgrades Python to upstream version 2.6.6, and\nincludes a number of bug fixes and enhancements. Documentation for\nthese bug fixes and enhancements is available from the Technical Notes\ndocument, linked to in the References section.\n\nAll users of Python are advised to upgrade to these updated packages,\nwhich correct these issues, and fix the bugs and add the enhancements\nnoted in the Technical Notes.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1521\"\n );\n # http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?056c0c27\"\n );\n # http://www.python.org/download/releases/2.6.6/NEWS.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.python.org/download/releases/2.6.6/NEWS.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0554\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0554\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-debuginfo-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-debuginfo-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-debuginfo-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-devel-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-devel-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-devel-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"python-docs-2.6.6-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-libs-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-libs-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-libs-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-test-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-test-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-test-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-tools-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-tools-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-tools-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"tkinter-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"tkinter-2.6.6-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"tkinter-2.6.6-20.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-debuginfo / python-devel / python-docs / etc\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:14:25", "bulletinFamily": "scanner", "description": "A flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)", "modified": "2018-12-31T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20110505_PYTHON_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61033", "title": "Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61033);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n\n script_name(english:\"Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1105&L=scientific-linux-errata&T=0&P=474\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?acadd092\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"python-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-devel-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-libs-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"python-tools-2.4.3-44.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"tkinter-2.4.3-44.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:12:08", "bulletinFamily": "scanner", "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-11-10T00:00:00", "published": "2011-05-06T00:00:00", "id": "CENTOS_RHSA-2011-0491.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53814", "title": "CentOS 4 : python (CESA-2011:0491)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0491 and \n# CentOS Errata and Security Advisory 2011:0491 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53814);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0491\");\n\n script_name(english:\"CentOS 4 : python (CESA-2011:0491)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017520.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f668285\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-May/017521.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44c69a2a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:16:42", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:0491 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2011-0491.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68270", "title": "Oracle Linux 4 : python (ELSA-2011-0491)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0491 and \n# Oracle Linux Security Advisory ELSA-2011-0491 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68270);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0491\");\n\n script_name(english:\"Oracle Linux 4 : python (ELSA-2011-0491)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0491 :\n\nUpdated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-May/002122.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"python-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:12:08", "bulletinFamily": "scanner", "description": "Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "modified": "2018-12-20T00:00:00", "published": "2011-05-06T00:00:00", "id": "REDHAT-RHSA-2011-0491.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=53820", "title": "RHEL 4 : python (RHSA-2011:0491)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0491. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53820);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2009-3720\", \"CVE-2010-1634\", \"CVE-2010-2089\", \"CVE-2010-3493\", \"CVE-2011-1015\", \"CVE-2011-1521\");\n script_bugtraq_id(36097, 40370, 40863, 44533, 46541, 47024);\n script_xref(name:\"RHSA\", value:\"2011:0491\");\n\n script_name(english:\"RHEL 4 : python (RHSA-2011:0491)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these\nmodules to follow any new URL that they understood, including the\n'file://' URL type. This could allow a remote server to force a local\nPython application to read a local file instead of the remote one,\npossibly exposing local files that were not meant to be exposed.\n(CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying\ncertain inputs could cause the audioop module to crash or, possibly,\nexecute arbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled\nnew connections. A remote user could use this flaw to cause a Python\nscript using the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote\nattacker could use a specially crafted request to obtain the CGI\nscript's source code. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially crafted XML file could cause Python applications using the\nPython Expat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its\nown internal copy; therefore, users must have the version of Expat\nshipped with RHSA-2009:1625 installed, or a later version, to resolve\nthe CVE-2009-3720 issue.\n\nAll Python users should upgrade to these updated packages, which\ncontain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-3493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-1521\"\n );\n # https://rhn.redhat.com/errata/RHSA-2009-1625.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0491\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:tkinter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0491\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"python-2.3.4-14.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-devel-2.3.4-14.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-docs-2.3.4-14.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"python-tools-2.3.4-14.10.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"tkinter-2.3.4-14.10.el4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python / python-devel / python-docs / python-tools / tkinter\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:12:56", "bulletinFamily": "scanner", "description": "Giampaolo Rodola discovered that the smtpd module in Python 3 did not\nproperly handle certain error conditions. A remote attacker could\nexploit this to cause a denial of service via daemon outage. This\nissue only affected Ubuntu 10.04 LTS. (CVE-2010-3493)\n\nNiels Heinen discovered that the urllib module in Python 3 would\nprocess Location headers that specify a file:// URL. A remote attacker\ncould use this to obtain sensitive information or cause a denial of\nservice via resource consumption. (CVE-2011-1521).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-12-01T00:00:00", "published": "2011-12-20T00:00:00", "id": "UBUNTU_USN-1314-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57345", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : python3.1, python3.2 vulnerabilities (USN-1314-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1314-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57345);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2010-3493\", \"CVE-2011-1521\");\n script_bugtraq_id(44533, 47024);\n script_xref(name:\"USN\", value:\"1314-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : python3.1, python3.2 vulnerabilities (USN-1314-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Giampaolo Rodola discovered that the smtpd module in Python 3 did not\nproperly handle certain error conditions. A remote attacker could\nexploit this to cause a denial of service via daemon outage. This\nissue only affected Ubuntu 10.04 LTS. (CVE-2010-3493)\n\nNiels Heinen discovered that the urllib module in Python 3 would\nprocess Location headers that specify a file:// URL. A remote attacker\ncould use this to obtain sensitive information or cause a denial of\nservice via resource consumption. (CVE-2011-1521).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1314-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected python3.1-minimal and / or python3.2-minimal\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.1-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3.2-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"python3.1-minimal\", pkgver:\"3.1.2-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"python3.1-minimal\", pkgver:\"3.1.2+20100915-0ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"python3.1-minimal\", pkgver:\"3.1.3-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"python3.2-minimal\", pkgver:\"3.2-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3.1-minimal / python3.2-minimal\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:53", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:0492\n\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially-crafted XML file could cause Python applications using the Python\nExpat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own\ninternal copy; therefore, users must have the version of Expat shipped with\nRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\nissue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/017518.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/017519.html\n\n**Affected packages:**\npython\npython-devel\npython-libs\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0492.html", "modified": "2011-05-05T16:50:48", "published": "2011-05-05T16:50:48", "href": "http://lists.centos.org/pipermail/centos-announce/2011-May/017518.html", "id": "CESA-2011:0492", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-10-03T18:24:43", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:0491\n\n\nPython is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying certain\ninputs could cause the audioop module to crash or, possibly, execute\narbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially-crafted XML file could cause Python applications using the Python\nExpat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own\ninternal copy; therefore, users must have the version of Expat shipped with\nRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\nissue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/017520.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-May/017521.html\n\n**Affected packages:**\npython\npython-devel\npython-docs\npython-tools\ntkinter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0491.html", "modified": "2011-05-05T17:37:03", "published": "2011-05-05T17:37:02", "href": "http://lists.centos.org/pipermail/centos-announce/2011-May/017520.html", "id": "CESA-2011:0491", "title": "python, tkinter security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:27", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nThis erratum also upgrades Python to upstream version 2.6.6, and includes a\nnumber of bug fixes and enhancements. Documentation for these bug fixes\nand enhancements is available from the Technical Notes document, linked to\nin the References section.\n\nAll users of Python are advised to upgrade to these updated packages, which\ncorrect these issues, and fix the bugs and add the enhancements noted in\nthe Technical Notes.\n", "modified": "2018-06-06T20:24:06", "published": "2011-05-19T04:00:00", "id": "RHSA-2011:0554", "href": "https://access.redhat.com/errata/RHSA-2011:0554", "type": "redhat", "title": "(RHSA-2011:0554) Moderate: python security, bug fix, and enhancement update", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:40:59", "bulletinFamily": "unix", "description": "Python is an interpreted, interactive, object-oriented programming\nlanguage.\n\nA flaw was found in the Python urllib and urllib2 libraries where they\nwould not differentiate between different target URLs when handling\nautomatic redirects. This caused Python applications using these modules to\nfollow any new URL that they understood, including the \"file://\" URL type.\nThis could allow a remote server to force a local Python application to\nread a local file instead of the remote one, possibly exposing local files\nthat were not meant to be exposed. (CVE-2011-1521)\n\nMultiple flaws were found in the Python audioop module. Supplying certain\ninputs could cause the audioop module to crash or, possibly, execute\narbitrary code. (CVE-2010-1634, CVE-2010-2089)\n\nA race condition was found in the way the Python smtpd module handled new\nconnections. A remote user could use this flaw to cause a Python script\nusing the smtpd module to terminate. (CVE-2010-3493)\n\nAn information disclosure flaw was found in the way the Python\nCGIHTTPServer module processed certain HTTP GET requests. A remote attacker\ncould use a specially-crafted request to obtain the CGI script's source\ncode. (CVE-2011-1015)\n\nA buffer over-read flaw was found in the way the Python Expat parser\nhandled malformed UTF-8 sequences when processing XML files. A\nspecially-crafted XML file could cause Python applications using the Python\nExpat parser to crash while parsing the file. (CVE-2009-3720)\n\nThis update makes Python use the system Expat library rather than its own\ninternal copy; therefore, users must have the version of Expat shipped with\nRHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720\nissue.\n\nAll Python users should upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "modified": "2017-09-08T12:06:59", "published": "2011-05-05T04:00:00", "id": "RHSA-2011:0491", "href": "https://access.redhat.com/errata/RHSA-2011:0491", "type": "redhat", "title": "(RHSA-2011:0491) Moderate: python security update", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-11T17:42:51", "bulletinFamily": "unix", "description": "PyXML provides XML libraries for Python. The distribution contains a\nvalidating XML parser, an implementation of the SAX and DOM programming\ninterfaces, and an interface to the Expat parser.\n\nA buffer over-read flaw was found in the way PyXML's Expat parser handled\nmalformed UTF-8 sequences when processing XML files. A specially-crafted\nXML file could cause Python applications using PyXML's Expat parser to\ncrash while parsing the file. (CVE-2009-3720)\n\nThis update makes PyXML use the system Expat library rather than its own\ninternal copy; therefore, users must install the RHSA-2009:1625 expat\nupdate together with this PyXML update to resolve the CVE-2009-3720 issue.\n\nAll PyXML users should upgrade to this updated package, which changes PyXML\nto use the system Expat library. After installing this update along with\nRHSA-2009:1625, applications using the PyXML library must be restarted for\nthe update to take effect.", "modified": "2017-09-08T12:08:27", "published": "2010-01-04T05:00:00", "id": "RHSA-2010:0002", "href": "https://access.redhat.com/errata/RHSA-2010:0002", "type": "redhat", "title": "(RHSA-2010:0002) Moderate: PyXML security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:42", "bulletinFamily": "software", "description": "Source code leakage in CGIHTTPServer, local files acces in urllib.", "modified": "2011-05-25T00:00:00", "published": "2011-05-25T00:00:00", "id": "SECURITYVULNS:VULN:11688", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11688", "title": "python security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2011:096\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : python\r\n Date : May 22, 2011\r\n Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities have been identified and fixed in python:\r\n \r\n The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module\r\n in Python 2.5, 2.6, and 3.0 allows remote attackers to read script\r\n source code via an HTTP GET request that lacks a / &#40;slash&#41; character\r\n at the beginning of the URI &#40;CVE-2011-1015&#41;.\r\n \r\n A flaw was found in the Python urllib and urllib2 libraries where\r\n they would not differentiate between different target URLs when\r\n handling automatic redirects. This caused Python applications using\r\n these modules to follow any new URL that they understood, including\r\n the file:// URL type. This could allow a remote server to force a\r\n local Python application to read a local file instead of the remote\r\n one, possibly exposing local files that were not meant to be exposed\r\n &#40;CVE-2011-1521&#41;.\r\n \r\n Packages for 2009.0 are provided as of the Extended Maintenance\r\n Program. Please visit this link to learn more:\r\n http://store.mandriva.com/product_info.php?cPath=149&amp;amp;products_id=490\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n 71a60b6ca82c16cfa81779f586aa2c0a 2009.0/i586/libpython2.5-2.5.2-5.10mdv2009.0.i586.rpm\r\n 2138c57ad81a8beaf0c1eb999fd08818 2009.0/i586/libpython2.5-devel-2.5.2-5.10mdv2009.0.i586.rpm\r\n 6c9a3ffe4bc52ed61e77a77c374ad2c4 2009.0/i586/python-2.5.2-5.10mdv2009.0.i586.rpm\r\n 0d31faceacbae7dc06f844d1214e2d16 2009.0/i586/python-base-2.5.2-5.10mdv2009.0.i586.rpm\r\n 49b78565dcb28d01e5c691b0f2bcd3af 2009.0/i586/python-docs-2.5.2-5.10mdv2009.0.i586.rpm\r\n 1ffd2e9dd42735800a7f6ad7d941a5ac 2009.0/i586/tkinter-2.5.2-5.10mdv2009.0.i586.rpm\r\n cdafb079c8e76379949c49c3cb1ef4b2 2009.0/i586/tkinter-apps-2.5.2-5.10mdv2009.0.i586.rpm \r\n 5cb94b684ff22b2eda7e04753bdce16d 2009.0/SRPMS/python-2.5.2-5.10mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n e04c68e9eb21516ce89484751ded4332 2009.0/x86_64/lib64python2.5-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n 92622926645273db1a646a736ea2a432 \r\n2009.0/x86_64/lib64python2.5-devel-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n c427548e0873e70318b9c945a09bba83 2009.0/x86_64/python-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n 03f147cad7afa130c07920fe93426bc3 2009.0/x86_64/python-base-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n 70162d5fe5b7808212243660f9e54241 2009.0/x86_64/python-docs-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n a86197e50c1c75c0256f7e40cab56a34 2009.0/x86_64/tkinter-2.5.2-5.10mdv2009.0.x86_64.rpm\r\n 926914ec91cb07fc4e796dc9f9245f3f 2009.0/x86_64/tkinter-apps-2.5.2-5.10mdv2009.0.x86_64.rpm \r\n 5cb94b684ff22b2eda7e04753bdce16d 2009.0/SRPMS/python-2.5.2-5.10mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2010.1:\r\n 53d5109e8564c4532d5dedef2ac043f4 2010.1/i586/libpython2.6-2.6.5-2.3mdv2010.2.i586.rpm\r\n 023b47ab6db33ddcd14b69a3b7d9b6f8 2010.1/i586/libpython2.6-devel-2.6.5-2.3mdv2010.2.i586.rpm\r\n ca24b1ba72889504816ff01f8296dad7 2010.1/i586/python-2.6.5-2.3mdv2010.2.i586.rpm\r\n 9f951c32522a8d4a20dc6218d7f5b977 2010.1/i586/python-docs-2.6.5-2.3mdv2010.2.i586.rpm\r\n 17194376e65542d2a94c650ac3b4d895 2010.1/i586/tkinter-2.6.5-2.3mdv2010.2.i586.rpm\r\n 7cbc356feff956567b2f5ab6d64f3600 2010.1/i586/tkinter-apps-2.6.5-2.3mdv2010.2.i586.rpm \r\n 31ecbe18b9a10119e03ef380a913db1e 2010.1/SRPMS/python-2.6.5-2.3mdv2010.2.src.rpm\r\n\r\n Mandriva Linux 2010.1/X86_64:\r\n 81b99d093052e70a8a53085917e4afb3 2010.1/x86_64/lib64python2.6-2.6.5-2.3mdv2010.2.x86_64.rpm\r\n fcc80b83b1fdce270e712f2657fbb8ca \r\n2010.1/x86_64/lib64python2.6-devel-2.6.5-2.3mdv2010.2.x86_64.rpm\r\n f3c02fbd937c6100b4a65e334055e7fa 2010.1/x86_64/python-2.6.5-2.3mdv2010.2.x86_64.rpm\r\n 1043662e88b55abe675a263082ce82c2 2010.1/x86_64/python-docs-2.6.5-2.3mdv2010.2.x86_64.rpm\r\n 93ba6c063614368421de9e4b4bdbbb6a 2010.1/x86_64/tkinter-2.6.5-2.3mdv2010.2.x86_64.rpm\r\n cf0decdce784a86d5307dd19b6914a8e 2010.1/x86_64/tkinter-apps-2.6.5-2.3mdv2010.2.x86_64.rpm \r\n 31ecbe18b9a10119e03ef380a913db1e 2010.1/SRPMS/python-2.6.5-2.3mdv2010.2.src.rpm\r\n\r\n Corporate 4.0:\r\n 198c6a033fc80b0355e065a14f644696 \r\ncorporate/4.0/i586/libpython2.4-2.4.5-0.8.20060mlcs4.i586.rpm\r\n c0616f9351989ea9d7033d958a5eafd8 \r\ncorporate/4.0/i586/libpython2.4-devel-2.4.5-0.8.20060mlcs4.i586.rpm\r\n e1becc70b0a76ca8ae6ceb1697705171 corporate/4.0/i586/python-2.4.5-0.8.20060mlcs4.i586.rpm\r\n 1e43557301ab20d6ef1deaee5095987f corporate/4.0/i586/python-base-2.4.5-0.8.20060mlcs4.i586.rpm\r\n ad1797a8ded8c1ef1eaa4ff94f0a090e corporate/4.0/i586/python-docs-2.4.5-0.8.20060mlcs4.i586.rpm\r\n 1e086c1a3d1074363f2d5e8d9c396e4e corporate/4.0/i586/tkinter-2.4.5-0.8.20060mlcs4.i586.rpm \r\n cc3e848102354412fe99da194af47f39 corporate/4.0/SRPMS/python-2.4.5-0.8.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n da20c277e2ff0776b7499287096702ac \r\ncorporate/4.0/x86_64/lib64python2.4-2.4.5-0.8.20060mlcs4.x86_64.rpm\r\n d0075eb6df5b520c04eb936f10a73c32 \r\ncorporate/4.0/x86_64/lib64python2.4-devel-2.4.5-0.8.20060mlcs4.x86_64.rpm\r\n b491194cce5942ad249ba283c52954b0 corporate/4.0/x86_64/python-2.4.5-0.8.20060mlcs4.x86_64.rpm\r\n 13d75957e66ce76d338e9326cad6cdff \r\ncorporate/4.0/x86_64/python-base-2.4.5-0.8.20060mlcs4.x86_64.rpm\r\n f7896e57d5b843f3f7ff7dd4b3eebe03 \r\ncorporate/4.0/x86_64/python-docs-2.4.5-0.8.20060mlcs4.x86_64.rpm\r\n 70586950943cc3dafce38ac09a0ff83d \r\ncorporate/4.0/x86_64/tkinter-2.4.5-0.8.20060mlcs4.x86_64.rpm \r\n cc3e848102354412fe99da194af47f39 corporate/4.0/SRPMS/python-2.4.5-0.8.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n d28940e4700e46457096fcc2a13307cc mes5/i586/libpython2.5-2.5.2-5.10mdvmes5.2.i586.rpm\r\n bcf1487a2fae5458d9ab0ac34a5a307a mes5/i586/libpython2.5-devel-2.5.2-5.10mdvmes5.2.i586.rpm\r\n 38c26a661f8858439a1cc2df1bd41df5 mes5/i586/python-2.5.2-5.10mdvmes5.2.i586.rpm\r\n 9b13e52c7ef8e8d0795d7fdc6808b2b8 mes5/i586/python-base-2.5.2-5.10mdvmes5.2.i586.rpm\r\n 5002cd05dd26292cb2cee766a6555865 mes5/i586/python-docs-2.5.2-5.10mdvmes5.2.i586.rpm\r\n 36426ccd627743116fad029322e53dd3 mes5/i586/tkinter-2.5.2-5.10mdvmes5.2.i586.rpm\r\n fa420530fd85947a87b3f45eeff156f3 mes5/i586/tkinter-apps-2.5.2-5.10mdvmes5.2.i586.rpm \r\n 95e5e9d7cf268894a9d520de0ce560d0 mes5/SRPMS/python-2.5.2-5.10mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 23d67a8f9b6d8815dca9b8bd4664f40a mes5/x86_64/lib64python2.5-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n d64356213d58f79800d4948880c5eeb6 \r\nmes5/x86_64/lib64python2.5-devel-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n 75a6f96e22760d4fdcc2ae46a512b260 mes5/x86_64/python-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n efcf39cf6b3bcc1d78fd35be60215b59 mes5/x86_64/python-base-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n fba99d4b5b1ff39ab9521a543d7c6ec8 mes5/x86_64/python-docs-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n 68763e27ed0848ca8f9d2d30f31b02d9 mes5/x86_64/tkinter-2.5.2-5.10mdvmes5.2.x86_64.rpm\r\n 5ee0e3d48de97f70edd16ff8dc13615e mes5/x86_64/tkinter-apps-2.5.2-5.10mdvmes5.2.x86_64.rpm \r\n 95e5e9d7cf268894a9d520de0ce560d0 mes5/SRPMS/python-2.5.2-5.10mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFN2PFImqjQ0CJFipgRAiU/AJ4r8U479TGDL2Y/y8pnigz1WmCxMgCgsARl\r\nAYo6vcjj/qwevAUXSbsysc8=\r\n=oy4t\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-05-25T00:00:00", "published": "2011-05-25T00:00:00", "id": "SECURITYVULNS:DOC:26401", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26401", "title": "[ MDVSA-2011:096 ] python", "type": "securityvulns", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:06", "bulletinFamily": "unix", "description": "Giampaolo Rodola discovered that the smtpd module in Python 3 did not properly handle certain error conditions. A remote attacker could exploit this to cause a denial of service via daemon outage. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-3493)\n\nNiels Heinen discovered that the urllib module in Python 3 would process Location headers that specify a file:// URL. A remote attacker could use this to obtain sensitive information or cause a denial of service via resource consumption. (CVE-2011-1521)", "modified": "2011-12-19T00:00:00", "published": "2011-12-19T00:00:00", "id": "USN-1314-1", "href": "https://usn.ubuntu.com/1314-1/", "title": "Python 3 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T00:09:23", "bulletinFamily": "unix", "description": "It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148)", "modified": "2012-10-17T00:00:00", "published": "2012-10-17T00:00:00", "id": "USN-1613-1", "href": "https://usn.ubuntu.com/1613-1/", "title": "Python 2.5 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:42", "bulletinFamily": "unix", "description": "It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 11.04. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. This issue only affected Ubuntu 11.04. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This update adds the \u2018-R\u2019 command line option and honors setting the PYTHONHASHSEED environment variable to \u2018random\u2019 to salt str and datetime objects with an unpredictable value. (CVE-2012-1150)", "modified": "2012-10-04T00:00:00", "published": "2012-10-04T00:00:00", "id": "USN-1596-1", "href": "https://usn.ubuntu.com/1596-1/", "title": "Python 2.6 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:34", "bulletinFamily": "unix", "description": "USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4.\n\nOriginal advisory details:\n\nIt was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983)\n\nIt was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089)\n\nGiampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493)\n\nIt was discovered that the CGIHTTPServer module did not properly perform input validation on certain HTTP GET requests. A remote attacker could potentially obtain access to CGI script source files. (CVE-2011-1015)\n\nNiels Heinen discovered that the urllib and urllib2 modules would process Location headers that specify a redirection to file: URLs. A remote attacker could exploit this to obtain sensitive information or cause a denial of service. (CVE-2011-1521)\n\nIt was discovered that SimpleHTTPServer did not use a charset parameter in the Content-Type HTTP header. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 users. (CVE-2011-4940)\n\nIt was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)\n\nIt was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. (CVE-2012-0845)\n\nIt was discovered that the Expat module in Python 2.5 computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876)\n\nTim Boddy discovered that the Expat module in Python 2.5 did not properly handle memory reallocation when processing XML files. If a user or application using pyexpat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. (CVE-2012-1148)", "modified": "2012-10-17T00:00:00", "published": "2012-10-17T00:00:00", "id": "USN-1613-2", "href": "https://usn.ubuntu.com/1613-2/", "title": "Python 2.4 vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2016-11-09T00:09:44", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable **column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2016-07-01T00:00:00", "published": "2014-12-11T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/900/sol15905.html", "id": "SOL15905", "title": "SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-06-08T02:18:15", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 242353 (BIG-IP) and ID 491424 (F5 WebSafe) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth>) may list Heuristic H495544 on the **Diagnostics** &gt; **Identified** &gt; **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP AAM| None| 11.4.0 - 11.6.0| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| None \nBIG-IP APM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP ASM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP Edge Gateway| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP GTM| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP Link Controller| 10.1.0| 11.0.0 - 11.6.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP PEM| None| 11.3.0 - 11.6.0| None \nBIG-IP PSM| 10.1.0| 11.0.0 - 11.4.1 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP WebAccelerator| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nBIG-IP WOM| 10.1.0| 11.0.0 - 11.3.0 \n10.2.0 - 10.2.4| XML Parsing \nARX| None| 6.2.0 - 6.4.0| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.4.0| None \nBIG-IQ Device| None| 4.2.0 - 4.4.0| None \nBIG-IQ Security| None| 4.0.0 - 4.4.0| None \nLineRate| None| 2.4.0 - 2.5.0 \n1.6.0 - 1.6.4| None \nF5 WebSafe| None| 1.0.0| None\n\nIf the previous table lists a version in the **Versions known to be not vulnerable **column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2017-03-17T20:01:00", "published": "2014-12-12T01:48:00", "id": "F5:K15905", "href": "https://support.f5.com/csp/article/K15905", "title": "Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-16T14:39:25", "bulletinFamily": "software", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "modified": "2018-09-12T00:17:00", "published": "2018-09-12T00:17:00", "id": "F5:K75910138", "href": "https://support.f5.com/csp/article/K75910138", "title": "Python vulnerabilities CVE-2011-1521, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, and CVE-2012-1150", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}]}