Vulnerabilities > CVE-2014-2667 - Race Condition vulnerability in Python
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-16393.NASL description Fixes CVEs 2013-7338 and 2014-2667. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-12-15 plugin id 79940 published 2014-12-15 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79940 title Fedora 20 : python3-3.3.2-19.fc20 (2014-16393) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-16393. # include("compat.inc"); if (description) { script_id(79940); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-7338", "CVE-2014-2667"); script_bugtraq_id(65179, 66521); script_xref(name:"FEDORA", value:"2014-16393"); script_name(english:"Fedora 20 : python3-3.3.2-19.fc20 (2014-16393)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes CVEs 2013-7338 and 2014-2667. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1078014" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1082177" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145903.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?44f67644" ); script_set_attribute( attribute:"solution", value:"Update the affected python3 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"python3-3.3.2-19.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-334.NASL description This python update fixes the following security issue : - bnc#871152: Fixed race condition with umask when creating directories with os.mkdirs (CVE-2014-2667). last seen 2020-06-05 modified 2014-06-13 plugin id 75344 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75344 title openSUSE Security Update : python3 (openSUSE-SU-2014:0596-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-334. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75344); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-2667"); script_name(english:"openSUSE Security Update : python3 (openSUSE-SU-2014:0596-1)"); script_summary(english:"Check for the openSUSE-2014-334 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This python update fixes the following security issue : - bnc#871152: Fixed race condition with umask when creating directories with os.mkdirs (CVE-2014-2667)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=871152" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-05/msg00007.html" ); script_set_attribute( attribute:"solution", value:"Update the affected python3 packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_3m1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_3m1_0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-curses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-curses-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-dbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-dbm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-idle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-testsuite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"libpython3_3m1_0-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libpython3_3m1_0-debuginfo-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-3.3.5-5.8.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-base-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-base-debuginfo-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-base-debugsource-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-curses-3.3.5-5.8.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-curses-debuginfo-3.3.5-5.8.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-dbm-3.3.5-5.8.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-dbm-debuginfo-3.3.5-5.8.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-debuginfo-3.3.5-5.8.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-debugsource-3.3.5-5.8.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-devel-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-devel-debuginfo-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-doc-pdf-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-idle-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-testsuite-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-testsuite-debuginfo-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-tk-3.3.5-5.8.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-tk-debuginfo-3.3.5-5.8.2") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python3-tools-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpython3_3m1_0-32bit-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libpython3_3m1_0-debuginfo-32bit-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python3-32bit-3.3.5-5.8.2") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python3-base-32bit-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python3-base-debuginfo-32bit-3.3.5-5.8.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"python3-debuginfo-32bit-3.3.5-5.8.2") ) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpython3_3m1_0 / libpython3_3m1_0-32bit / etc"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-333.NASL description This python update fixes the following security and non-security issues : - bnc#869222: Fixed DoS when opening malicious archives (CVE-2013-7338). - bnc#863741: Fixed buffer overflow in socket.recvfrom_into (CVE-2014-1912). - bnc#871152: Fixed race condition with umask when creating directories with os.mkdirs (CVE-2014-2667). - bnc#637176: Fixed update multilib patch to handle home install scheme. last seen 2020-06-05 modified 2014-06-13 plugin id 75343 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75343 title openSUSE Security Update : python3 (openSUSE-SU-2014:0597-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-333. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75343); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-7338", "CVE-2014-1912", "CVE-2014-2667"); script_bugtraq_id(65179, 65379, 66521); script_name(english:"openSUSE Security Update : python3 (openSUSE-SU-2014:0597-1)"); script_summary(english:"Check for the openSUSE-2014-333 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This python update fixes the following security and non-security issues : - bnc#869222: Fixed DoS when opening malicious archives (CVE-2013-7338). - bnc#863741: Fixed buffer overflow in socket.recvfrom_into (CVE-2014-1912). - bnc#871152: Fixed race condition with umask when creating directories with os.mkdirs (CVE-2014-2667). - bnc#637176: Fixed update multilib patch to handle home install scheme." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=637176" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=863741" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=869222" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=871152" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html" ); script_set_attribute( attribute:"solution", value:"Update the affected python3 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_3m1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_3m1_0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_3m1_0-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-curses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-curses-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-dbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-dbm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-idle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-testsuite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"libpython3_3m1_0-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"libpython3_3m1_0-debuginfo-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-3.3.0-6.15.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-base-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-base-debuginfo-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-base-debugsource-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-curses-3.3.0-6.15.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-curses-debuginfo-3.3.0-6.15.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-dbm-3.3.0-6.15.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-dbm-debuginfo-3.3.0-6.15.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-debuginfo-3.3.0-6.15.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-debugsource-3.3.0-6.15.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-devel-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-devel-debuginfo-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-doc-pdf-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-idle-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-testsuite-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-testsuite-debuginfo-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-tk-3.3.0-6.15.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-tk-debuginfo-3.3.0-6.15.2") ) flag++; if ( rpm_check(release:"SUSE12.3", reference:"python3-tools-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libpython3_3m1_0-32bit-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"libpython3_3m1_0-debuginfo-32bit-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"python3-32bit-3.3.0-6.15.2") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"python3-base-32bit-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"python3-base-debuginfo-32bit-3.3.0-6.15.1") ) flag++; if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"python3-debuginfo-32bit-3.3.0-6.15.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpython3_3m1_0 / libpython3_3m1_0-32bit / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201503-10.NASL description The remote host is affected by the vulnerability described in GLSA-201503-10 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 82009 published 2015-03-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82009 title GLSA-201503-10 : Python: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201503-10. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(82009); script_version("1.7"); script_cvs_date("Date: 2019/03/21 10:55:56"); script_cve_id("CVE-2013-1752", "CVE-2013-7338", "CVE-2014-1912", "CVE-2014-2667", "CVE-2014-4616", "CVE-2014-7185", "CVE-2014-9365"); script_xref(name:"GLSA", value:"201503-10"); script_name(english:"GLSA-201503-10 : Python: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201503-10 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201503-10" ); script_set_attribute( attribute:"solution", value: "All Python 3.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/python-3.3.5-r1' All Python 2.7 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/python-2.7.9-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:python"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/28"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/python", unaffected:make_list("ge 3.3.5-r1", "ge 2.7.9-r1"), vulnerable:make_list("lt 3.3.5-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Python"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0114-1.NASL description This update for python3 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133036 published 2020-01-17 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133036 title SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0114-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(133036); script_version("1.2"); script_cvs_date("Date: 2020/01/21"); script_cve_id("CVE-2011-3389", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150", "CVE-2013-1752", "CVE-2013-4238", "CVE-2014-2667", "CVE-2014-4650", "CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699", "CVE-2017-18207", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647", "CVE-2018-20406", "CVE-2018-20852", "CVE-2019-10160", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16935", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9947"); script_bugtraq_id(49388, 49778, 51239, 52732, 61738, 63804, 66521, 68147); script_name(english:"SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for python3 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1027282" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1029377" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1029902" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1040164" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1042670" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1070853" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1079761" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1081750" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1083507" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1086001" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1088004" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1088009" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1088573" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1094814" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1107030" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1109663" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1109847" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1120644" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1122191" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1129346" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130840" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133452" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137942" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138459" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1141853" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149121" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149955" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151490" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1153238" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159035" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1159622" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=637176" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=658604" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=673071" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=709442" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=743787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=747125" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=751718" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=754447" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=754677" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=787526" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=809831" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=831629" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=834601" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=871152" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=885662" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=885882" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=917607" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=942751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=951166" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=983582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=984751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=985177" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=985348" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=989523" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-3389/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-4944/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-0845/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-1150/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-1752/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-4238/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-2667/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-4650/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-0772/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1000110/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5636/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-5699/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-18207/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1000802/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1060/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-1061/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-14647/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-20406/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-20852/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-10160/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-15903/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-16056/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-16935/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-5010/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9636/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9947/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200114-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a736fc2" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 : zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-114=1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 : zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-114=1 SUSE Linux Enterprise Module for Development Tools 15-SP1 : zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-114=1 SUSE Linux Enterprise Module for Development Tools 15 : zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2020-114=1 SUSE Linux Enterprise Module for Basesystem 15-SP1 : zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-114=1 SUSE Linux Enterprise Module for Basesystem 15 : zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-114=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython3_6m1_0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-base-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-curses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-curses-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-dbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-dbm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-idle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-testsuite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-testsuite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-tk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-tk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/06"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/17"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0/1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libpython3_6m1_0-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"libpython3_6m1_0-32bit-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"python3-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"python3-32bit-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"python3-base-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"python3-base-32bit-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"python3-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-testsuite-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-testsuite-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-tools-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libpython3_6m1_0-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libpython3_6m1_0-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-base-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-curses-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-curses-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-dbm-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-dbm-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-devel-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-devel-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-idle-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-tk-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-tk-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"libpython3_6m1_0-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"python3-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"python3-base-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-testsuite-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-testsuite-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-tools-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libpython3_6m1_0-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"libpython3_6m1_0-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-base-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-curses-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-curses-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-dbm-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-dbm-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-devel-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-devel-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-idle-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-tk-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"python3-tk-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libpython3_6m1_0-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"libpython3_6m1_0-32bit-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"python3-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"python3-32bit-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"python3-base-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"python3-base-32bit-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"python3-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-testsuite-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-testsuite-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-tools-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libpython3_6m1_0-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libpython3_6m1_0-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-base-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-curses-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-curses-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-dbm-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-dbm-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-devel-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-devel-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-idle-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-tk-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-tk-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"libpython3_6m1_0-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"python3-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"python3-base-32bit-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-testsuite-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-testsuite-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-tools-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libpython3_6m1_0-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"libpython3_6m1_0-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-base-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-base-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-base-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-curses-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-curses-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-dbm-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-dbm-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-debugsource-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-devel-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-devel-debuginfo-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-idle-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-tk-3.6.10-3.42.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"python3-tk-debuginfo-3.6.10-3.42.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3"); }NASL family Fedora Local Security Checks NASL id FEDORA_2014-16479.NASL description Fixes CVEs 2013-7338 and 2014-2667. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-01-06 plugin id 80368 published 2015-01-06 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80368 title Fedora 19 : python3-3.3.2-11.fc19 (2014-16479) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-16479. # include("compat.inc"); if (description) { script_id(80368); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-7338", "CVE-2014-2667"); script_bugtraq_id(65179, 66521); script_xref(name:"FEDORA", value:"2014-16479"); script_name(english:"Fedora 19 : python3-3.3.2-11.fc19 (2014-16479)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes CVEs 2013-7338 and 2014-2667. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1078014" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1082177" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147646.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d412ef4b" ); script_set_attribute( attribute:"solution", value:"Update the affected python3 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"python3-3.3.2-11.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-86.NASL description This update for python3 to version 3.6.10 fixes the following issues : - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 133172 published 2020-01-22 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133172 title openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2020-86. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(133172); script_version("1.2"); script_cvs_date("Date: 2020/01/24"); script_cve_id("CVE-2011-3389", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-1150", "CVE-2013-1752", "CVE-2013-4238", "CVE-2014-2667", "CVE-2014-4650", "CVE-2016-0772", "CVE-2016-1000110", "CVE-2016-5636", "CVE-2016-5699", "CVE-2017-18207", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647", "CVE-2018-20406", "CVE-2018-20852", "CVE-2019-10160", "CVE-2019-15903", "CVE-2019-16056", "CVE-2019-16935", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9947"); script_name(english:"openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)"); script_summary(english:"Check for the openSUSE-2020-86 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for python3 to version 3.6.10 fixes the following issues : - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1027282" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1029377" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1029902" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1040164" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1042670" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1070853" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1079761" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1081750" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1083507" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086001" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088004" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088009" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1088573" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094814" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1107030" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109663" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109847" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1120644" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1122191" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1129346" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1130840" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1133452" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137942" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1138459" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1141853" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149121" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149792" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149955" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1151490" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1153238" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1159035" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1159622" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=637176" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=658604" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=673071" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=709442" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=743787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=747125" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=751718" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=754447" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=754677" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=787526" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=809831" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=831629" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=834601" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=871152" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=885662" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=885882" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=917607" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=942751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=951166" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=983582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984751" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=985177" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=985348" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=989523" ); script_set_attribute( attribute:"solution", value:"Update the affected python3 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_6m1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_6m1_0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_6m1_0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpython3_6m1_0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-base-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-curses"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-curses-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-dbm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-dbm-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-idle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-testsuite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-testsuite-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tk-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/09/06"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/22"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"libpython3_6m1_0-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libpython3_6m1_0-debuginfo-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-base-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-base-debuginfo-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-base-debugsource-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-curses-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-curses-debuginfo-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-dbm-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-dbm-debuginfo-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-debuginfo-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-debugsource-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-devel-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-devel-debuginfo-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-idle-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-testsuite-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-testsuite-debuginfo-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-tk-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-tk-debuginfo-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"python3-tools-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libpython3_6m1_0-32bit-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libpython3_6m1_0-32bit-debuginfo-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"python3-32bit-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"python3-32bit-debuginfo-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"python3-base-32bit-3.6.10-lp151.6.7.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"python3-base-32bit-debuginfo-3.6.10-lp151.6.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpython3_6m1_0 / libpython3_6m1_0-debuginfo / python3-base / etc"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-076.NASL description Updated python3 packages fix security vulnerabilities : ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips (CVE-2013-7338). A vulnerability was reported in Python last seen 2020-06-01 modified 2020-06-02 plugin id 82329 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82329 title Mandriva Linux Security Advisory : python3 (MDVSA-2015:076) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:076. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(82329); script_version("1.5"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2013-7338", "CVE-2014-1912", "CVE-2014-2667", "CVE-2014-4616", "CVE-2014-4650"); script_xref(name:"MDVSA", value:"2015:076"); script_name(english:"Mandriva Linux Security Advisory : python3 (MDVSA-2015:076)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated python3 packages fix security vulnerabilities : ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips (CVE-2013-7338). A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912). It was reported that a patch added to Python 3.2 caused a race condition where a file created could be created with world read/write permissions instead of the permissions dictated by the original umask of the process. This could allow a local attacker that could win the race to view and edit files created by a program using this call. Note that prior versions of Python, including 2.x, do not include the vulnerable _get_masked_mode() function that is used by os.makedirs() when exist_ok is set to True (CVE-2014-2667). Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616). The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root (CVE-2014-4650)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0085.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0140.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0216.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0285.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64python3.3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:python3-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tkinter3-apps"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64python3-devel-3.3.2-14.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64python3.3-3.3.2-14.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"python3-3.3.2-14.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", reference:"python3-docs-3.3.2-14.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"tkinter3-3.3.2-14.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"tkinter3-apps-3.3.2-14.1.mbs2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://bugs.python.org/issue21082
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00007.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
- http://www.openwall.com/lists/oss-security/2014/03/28/15
- http://www.openwall.com/lists/oss-security/2014/03/29/5
- http://www.openwall.com/lists/oss-security/2014/03/30/4
- https://security.gentoo.org/glsa/201503-10