Vulnerabilities > CVE-2018-1061

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
python
debian
redhat
canonical
fedoraproject
nessus

Summary

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

Vulnerable Configurations

Part Description Count
Application
Python
315
Application
Redhat
1
OS
Debian
2
OS
Redhat
3
OS
Canonical
4
OS
Fedoraproject
3

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3817-1.NASL
    descriptionIt was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1000030) It was discovered that Python incorrectly handled running external commands in the shutil module. A remote attacker could use this issue to cause Python to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-1000802) It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060, CVE-2018-1061) It was discovered that Python failed to initialize Expat
    last seen2020-06-01
    modified2020-06-02
    plugin id118954
    published2018-11-14
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118954
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : python2.7, python3.4, python3.5 vulnerabilities (USN-3817-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3817-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118954);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2018-1000030", "CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647");
      script_xref(name:"USN", value:"3817-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : python2.7, python3.4, python3.5 vulnerabilities (USN-3817-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that Python incorrectly handled large amounts of
    data. A remote attacker could use this issue to cause Python to crash,
    resulting in a denial of service, or possibly execute arbitrary code.
    This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
    (CVE-2018-1000030)
    
    It was discovered that Python incorrectly handled running external
    commands in the shutil module. A remote attacker could use this issue
    to cause Python to crash, resulting in a denial of service, or
    possibly execute arbitrary code. (CVE-2018-1000802)
    
    It was discovered that Python incorrectly used regular expressions
    vulnerable to catastrophic backtracking. A remote attacker could
    possibly use this issue to cause a denial of service. This issue only
    affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-1060,
    CVE-2018-1061)
    
    It was discovered that Python failed to initialize Expat's hash salt.
    A remote attacker could possibly use this issue to cause hash
    collisions, leading to a denial of service. (CVE-2018-14647).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3817-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.7-minimal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.4-minimal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3.5-minimal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"python2.7", pkgver:"2.7.6-8ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"python2.7-minimal", pkgver:"2.7.6-8ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"python3.4", pkgver:"3.4.3-1ubuntu1~14.04.7")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"python3.4-minimal", pkgver:"3.4.3-1ubuntu1~14.04.7")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"python2.7", pkgver:"2.7.12-1ubuntu0~16.04.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"python2.7-minimal", pkgver:"2.7.12-1ubuntu0~16.04.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"python3.5", pkgver:"3.5.2-2ubuntu0~16.04.5")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"python3.5-minimal", pkgver:"3.5.2-2ubuntu0~16.04.5")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"python2.7", pkgver:"2.7.15~rc1-1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"python2.7-minimal", pkgver:"2.7.15~rc1-1ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python2.7 / python2.7-minimal / python3.4 / python3.4-minimal / etc");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0178_PYTHON3.NASL
    descriptionAn update of the python3 package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121881
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121881
    titlePhoton OS 1.0: Python3 PHSA-2018-1.0-0178
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0178. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(121881);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07");
    
      script_cve_id("CVE-2018-1060", "CVE-2018-1061");
    
      script_name(english:"Photon OS 1.0: Python3 PHSA-2018-1.0-0178");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the python3 package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-178.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10915");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", reference:"python3-3.5.5-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"python3-3.5.5-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"python3-debuginfo-3.5.5-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"python3-debuginfo-3.5.5-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"python3-devel-3.5.5-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"python3-devel-3.5.5-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"python3-libs-3.5.5-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"python3-libs-3.5.5-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"python3-tools-3.5.5-2.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", reference:"python3-tools-3.5.5-2.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4306.NASL
    descriptionMultiple security issues were discovered in Python: ElementTree failed to initialise Expat
    last seen2020-06-01
    modified2020-06-02
    plugin id117812
    published2018-09-28
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117812
    titleDebian DSA-4306-1 : python2.7 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4306. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(117812);
      script_version("1.4");
      script_cvs_date("Date: 2018/12/19 13:21:17");
    
      script_cve_id("CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061", "CVE-2018-14647");
      script_xref(name:"DSA", value:"4306");
    
      script_name(english:"Debian DSA-4306-1 : python2.7 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple security issues were discovered in Python: ElementTree failed
    to initialise Expat's hash salt, two denial of service issues were
    found in difflib and poplib and the shutil module was affected by a
    command injection vulnerability."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/python2.7"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/python2.7"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2018/dsa-4306"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the python2.7 packages.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 2.7.13-2+deb9u3."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/09/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"idle-python2.7", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libpython2.7", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libpython2.7-dbg", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libpython2.7-dev", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libpython2.7-minimal", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libpython2.7-stdlib", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libpython2.7-testsuite", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"python2.7", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"python2.7-dbg", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"python2.7-dev", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"python2.7-doc", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"python2.7-examples", reference:"2.7.13-2+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"python2.7-minimal", reference:"2.7.13-2+deb9u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3554-1.NASL
    descriptionThis update for python, python-base fixes the following issues : Security issues fixed : CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: bsc#1086001: python tarfile uses random order. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118501
    published2018-10-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118501
    titleSUSE SLED12 / SLES12 Security Update : python, python-base (SUSE-SU-2018:3554-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3554-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118501);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/10 13:51:49");
    
      script_cve_id("CVE-2018-1000802", "CVE-2018-1060", "CVE-2018-1061");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : python, python-base (SUSE-SU-2018:3554-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for python, python-base fixes the following issues :
    
    Security issues fixed :
    
    CVE-2018-1000802: Prevent command injection in shutil module
    (make_archive function) via passage of unfiltered user input
    (bsc#1109663).
    
    CVE-2018-1061: Fixed DoS via regular expression backtracking in
    difflib.IS_LINE_JUNK method in difflib (bsc#1088004).
    
    CVE-2018-1060: Fixed DoS via regular expression catastrophic
    backtracking in apop() method in pop3lib (bsc#1088009).
    
    Bug fixes: bsc#1086001: python tarfile uses random order.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1086001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088004"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1088009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1109663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1000802/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1060/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1061/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183554-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3f448a44"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
    SUSE-SLE-WE-12-SP3-2018-2520=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2018-2520=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-2520=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2018-2520=1
    
    SUSE Enterprise Storage 5:zypper in -t patch
    SUSE-Storage-5-2018-2520=1
    
    SUSE CaaS Platform ALL :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    SUSE CaaS Platform 3.0 :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
    SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2520=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython2_7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython2_7-1_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-base-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-curses");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-curses-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-gdbm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-idle");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-tk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-tk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python-xml-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libpython2_7-1_0-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libpython2_7-1_0-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-base-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-base-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-base-debugsource-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-curses-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-curses-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-debugsource-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-demo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-gdbm-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-gdbm-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-idle-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-tk-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-tk-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-xml-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-xml-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libpython2_7-1_0-32bit-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libpython2_7-1_0-debuginfo-32bit-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-32bit-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-base-32bit-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-base-debuginfo-32bit-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"python-debuginfo-32bit-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libpython2_7-1_0-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libpython2_7-1_0-32bit-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libpython2_7-1_0-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libpython2_7-1_0-debuginfo-32bit-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-base-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-base-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-base-debuginfo-32bit-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-base-debugsource-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-curses-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-curses-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-debugsource-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-devel-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-tk-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-tk-debuginfo-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-xml-2.7.13-28.16.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"python-xml-debuginfo-2.7.13-28.16.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-base");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1055.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) - python: Missing salt initialization in _elementtree.c module(CVE-2018-14647) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-02-22
    plugin id122382
    published2019-02-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122382
    titleEulerOS 2.0 SP2 : python (EulerOS-SA-2019-1055)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122382);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2018-1060",
        "CVE-2018-1061",
        "CVE-2018-14647"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : python (EulerOS-SA-2019-1055)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the python packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - python: DOS via regular expression backtracking in
        difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061)
    
      - python: DOS via regular expression catastrophic
        backtracking in apop() method in pop3lib
        (CVE-2018-1060)
    
      - python: Missing salt initialization in _elementtree.c
        module(CVE-2018-14647)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1055
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e7434d4e");
      script_set_attribute(attribute:"solution", value:
    "Update the affected python packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["python-2.7.5-58.h10",
            "python-devel-2.7.5-58.h10",
            "python-libs-2.7.5-58.h10",
            "tkinter-2.7.5-58.h10"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1230.NASL
    descriptionA NULL pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities. (CVE-2019-5010) Python 2.7.16 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636) A flaw was found in the way catastrophic backtracking was implemented in python
    last seen2020-06-01
    modified2020-06-02
    plugin id126383
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126383
    titleAmazon Linux 2 : python (ALAS-2019-1230)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1230.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126383);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2018-1060", "CVE-2018-1061", "CVE-2018-20406", "CVE-2019-5010", "CVE-2019-9636");
      script_xref(name:"ALAS", value:"2019-1230");
    
      script_name(english:"Amazon Linux 2 : python (ALAS-2019-1230)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A NULL pointer dereference vulnerability was found in the certificate
    parsing code in Python. This causes a denial of service to
    applications when parsing specially crafted certificates. This
    vulnerability is unlikely to be triggered if application enables
    SSL/TLS certificate validation and accepts certificates only from
    trusted root certificate authorities. (CVE-2019-5010)
    
    Python 2.7.16 is affected by: Improper Handling of Unicode Encoding
    (with an incorrect netloc) during NFKC normalization. The impact is:
    Information disclosure (credentials, cookies, etc. that are cached
    against a given hostname). The components are: urllib.parse.urlsplit,
    urllib.parse.urlparse. The attack vector is: A specially crafted URL
    could be incorrectly parsed to locate cookies or authentication data
    and send that information to a different host than when parsed
    correctly. (CVE-2019-9636)
    
    A flaw was found in the way catastrophic backtracking was implemented
    in python's pop3lib's apop() method. An attacker could use this flaw
    to cause denial of service. (CVE-2018-1060)
    
    Modules/_pickle.c in Python 2.7.16 has an integer overflow via a large
    LONG_BINPUT value that is mishandled during a 'resize to twice the
    size' attempt. This issue might cause memory exhaustion, but is only
    relevant if the pickle format is used for serializing tens or hundreds
    of gigabytes of data. (CVE-2018-20406)
    
    A flaw was found in the way catastrophic backtracking was implemented
    in python's difflib.IS_LINE_JUNK method. An attacker could use this
    flaw to cause denial of service. (CVE-2018-1061)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1230.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update python' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9636");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", reference:"python-2.7.16-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"python-debug-2.7.16-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"python-debuginfo-2.7.16-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"python-devel-2.7.16-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"python-libs-2.7.16-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"python-test-2.7.16-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"python-tools-2.7.16-1.amzn2.0.1")) flag++;
    if (rpm_check(release:"AL2", reference:"tkinter-2.7.16-1.amzn2.0.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-debug / python-debuginfo / python-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3041.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Python security response team for reporting these issues. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118515
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118515
    titleRHEL 7 : python (RHSA-2018:3041)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3041. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118515);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/24 15:35:45");
    
      script_cve_id("CVE-2018-1060", "CVE-2018-1061");
      script_xref(name:"RHSA", value:"2018:3041");
    
      script_name(english:"RHEL 7 : python (RHSA-2018:3041)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for python is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Python is an interpreted, interactive, object-oriented programming
    language, which includes modules, classes, exceptions, very high level
    dynamic data types and dynamic typing. Python supports interfaces to
    many system calls and libraries, as well as to various windowing
    systems.
    
    Security Fix(es) :
    
    * python: DOS via regular expression backtracking in
    difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061)
    
    * python: DOS via regular expression catastrophic backtracking in
    apop() method in pop3lib (CVE-2018-1060)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Red Hat would like to thank the Python security response team for
    reporting these issues.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 7.6 Release Notes linked from the References section."
      );
      # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3395ff0b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:3041"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1061"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:3041";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-debug-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-debug-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"python-debuginfo-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-devel-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-devel-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"python-libs-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-test-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-test-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-tools-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-tools-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"tkinter-2.7.5-76.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"tkinter-2.7.5-76.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-debug / python-debuginfo / python-devel / etc");
      }
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0086.NASL
    descriptionAn update of 'docker', 'python2', 'strongswan' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id112224
    published2018-08-31
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=112224
    titlePhoton OS 2.0: Docker / Python2 / Strongswan PHSA-2018-2.0-0086 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-2.0-0086. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(112224);
      script_version("1.2");
      script_cvs_date("Date: 2019/02/07 18:59:51");
    
      script_cve_id(
        "CVE-2017-14992",
        "CVE-2018-1060",
        "CVE-2018-1061",
        "CVE-2018-10811"
      );
    
      script_name(english:"Photon OS 2.0: Docker / Python2 / Strongswan PHSA-2018-2.0-0086 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of 'docker', 'python2', 'strongswan' packages of Photon OS
    has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-86");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1060");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:docker");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:strongswan");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "docker-17.06.0-6.ph2",
      "docker-doc-17.06.0-6.ph2",
      "python2-2.7.15-1.ph2",
      "python2-debuginfo-2.7.15-1.ph2",
      "python2-devel-2.7.15-1.ph2",
      "python2-libs-2.7.15-1.ph2",
      "python2-test-2.7.15-1.ph2",
      "python2-tools-2.7.15-1.ph2",
      "strongswan-5.5.2-5.ph2",
      "strongswan-debuginfo-5.5.2-5.ph2"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker / python2 / strongswan");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0178.NASL
    descriptionAn update of 'python2', 'strongswan', 'python3', 'postgresql' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id112221
    published2018-08-31
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=112221
    titlePhoton OS 1.0: Postgresql / Python2 / Python3 / Strongswan PHSA-2018-1.0-0178 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0178. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(112221);
      script_version("1.2");
      script_cvs_date("Date: 2019/02/07 18:59:50");
    
      script_cve_id(
        "CVE-2018-1060",
        "CVE-2018-1061",
        "CVE-2018-10811",
        "CVE-2018-10915",
        "CVE-2018-10925"
      );
    
      script_name(english:"Photon OS 1.0: Postgresql / Python2 / Python3 / Strongswan PHSA-2018-1.0-0178 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of 'python2', 'strongswan', 'python3', 'postgresql' packages
    of Photon OS has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-178");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1060");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:postgresql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:strongswan");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "postgresql-9.6.10-1.ph1",
      "postgresql-debuginfo-9.6.10-1.ph1",
      "postgresql-devel-9.6.10-1.ph1",
      "postgresql-libs-9.6.10-1.ph1",
      "python2-2.7.15-1.ph1",
      "python2-debuginfo-2.7.15-1.ph1",
      "python2-devel-2.7.15-1.ph1",
      "python2-libs-2.7.15-1.ph1",
      "python2-tools-2.7.15-1.ph1",
      "python3-3.5.5-2.ph1",
      "python3-debuginfo-3.5.5-2.ph1",
      "python3-devel-3.5.5-2.ph1",
      "python3-libs-3.5.5-2.ph1",
      "python3-tools-3.5.5-2.ph1",
      "strongswan-5.5.2-3.ph1",
      "strongswan-debuginfo-5.5.2-3.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql / python2 / python3 / strongswan");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3041.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Python security response team for reporting these issues. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118984
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118984
    titleCentOS 7 : python (CESA-2018:3041)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3041 and 
    # CentOS Errata and Security Advisory 2018:3041 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118984);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2018-1060", "CVE-2018-1061");
      script_xref(name:"RHSA", value:"2018:3041");
    
      script_name(english:"CentOS 7 : python (CESA-2018:3041)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for python is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Python is an interpreted, interactive, object-oriented programming
    language, which includes modules, classes, exceptions, very high level
    dynamic data types and dynamic typing. Python supports interfaces to
    many system calls and libraries, as well as to various windowing
    systems.
    
    Security Fix(es) :
    
    * python: DOS via regular expression backtracking in
    difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061)
    
    * python: DOS via regular expression catastrophic backtracking in
    apop() method in pop3lib (CVE-2018-1060)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Red Hat would like to thank the Python security response team for
    reporting these issues.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 7.6 Release Notes linked from the References section."
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2018-November/005617.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?67220dc7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1060");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tkinter");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-2.7.5-76.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-debug-2.7.5-76.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-devel-2.7.5-76.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-libs-2.7.5-76.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-test-2.7.5-76.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-tools-2.7.5-76.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"tkinter-2.7.5-76.el7")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-debug / python-devel / python-libs / python-test / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1337.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib
    last seen2020-05-06
    modified2019-05-06
    plugin id124623
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124623
    titleEulerOS 2.0 SP3 : python (EulerOS-SA-2019-1337)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3041.NASL
    descriptionFrom Red Hat Security Advisory 2018:3041 : An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Python security response team for reporting these issues. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118763
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118763
    titleOracle Linux 7 : python (ELSA-2018-3041)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1072.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-03-08
    plugin id122695
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122695
    titleEulerOS 2.0 SP5 : python (EulerOS-SA-2019-1072)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0086_PYTHON2.NASL
    descriptionAn update of the python2 package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121985
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121985
    titlePhoton OS 2.0: Python2 PHSA-2018-2.0-0086
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1001.NASL
    descriptionThis update for python3 provides the following fixes : These security issues were fixed : - CVE-2018-1061: Prevent catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could have used this flaw to cause denial of service (bsc#1088004). - CVE-2018-1060: Prevent catastrophic backtracking in pop3lib
    last seen2020-06-05
    modified2018-09-17
    plugin id117516
    published2018-09-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117516
    titleopenSUSE Security Update : python3 (openSUSE-2018-1001)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1246.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way catastrophic backtracking was implemented in python
    last seen2020-03-19
    modified2019-04-04
    plugin id123714
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123714
    titleEulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1246)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-124-01.NASL
    descriptionNew python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109583
    published2018-05-07
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109583
    titleSlackware 14.0 / 14.1 / 14.2 / current : python (SSA:2018-124-01)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2696-1.NASL
    descriptionThis update for python3 provides the following fixes : These security issues were fixed : CVE-2018-1061: Prevent catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could have used this flaw to cause denial of service (bsc#1088004). CVE-2018-1060: Prevent catastrophic backtracking in pop3lib
    last seen2020-06-01
    modified2020-06-02
    plugin id117478
    published2018-09-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117478
    titleSUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2018:2696-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1346.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1346 advisory. - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-07
    plugin id135247
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135247
    titleRHEL 7 : python (RHSA-2020:1346)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1434.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python
    last seen2020-06-01
    modified2020-06-02
    plugin id124937
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124937
    titleEulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0061_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way catastrophic backtracking was implemented in python
    last seen2020-06-01
    modified2020-06-02
    plugin id127255
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127255
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0061)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6E1938A3C5.NASL
    descriptionSecurity update to Python 3.5.7. Security fix for CVE-2019-5010, CVE-2018-20406, CVE-2018-1060, CVE-2018-1061, CVE-2019-9636. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123140
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123140
    titleFedora 29 : python35 (2019-6e1938a3c5)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1003.NASL
    descriptionDOS via regular expression catastrophic backtracking in apop() method in pop3lib A flaw was found in the way catastrophic backtracking was implemented in python
    last seen2020-06-01
    modified2020-06-02
    plugin id109368
    published2018-04-27
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109368
    titleAmazon Linux AMI : python34 / python35,python36,python27 (ALAS-2018-1003)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1520.NASL
    descriptionMultiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CVE-2018-1060 python is vulnerable to catastrophic backtracking in pop3lib
    last seen2020-06-01
    modified2020-06-02
    plugin id117713
    published2018-09-27
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117713
    titleDebian DLA-1520-1 : python3.4 security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3554-2.NASL
    descriptionThis update for python, python-base fixes the following issues : Security issues fixed : CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes: bsc#1086001: python tarfile uses random order. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2018-12-11
    plugin id119571
    published2018-12-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119571
    titleSUSE SLED12 / SLES12 Security Update : python, python-base (SUSE-SU-2018:3554-2)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181030_PYTHON_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060)
    last seen2020-03-18
    modified2018-11-27
    plugin id119196
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119196
    titleScientific Linux Security Update : python on SL7.x x86_64 (20181030)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1248.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way catastrophic backtracking was implemented in python
    last seen2020-03-19
    modified2019-04-04
    plugin id123716
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123716
    titleEulerOS Virtualization 2.5.4 : python (EulerOS-SA-2019-1248)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0178_PYTHON2.NASL
    descriptionAn update of the python2 package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121880
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121880
    titlePhoton OS 1.0: Python2 PHSA-2018-1.0-0178
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0234-1.NASL
    descriptionThis update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133259
    published2020-01-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133259
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1363.NASL
    descriptionThis update for python, python-base fixes the following issues : Security issues fixed : - CVE-2018-1000802: Prevent command injection in shutil module (make_archive function) via passage of unfiltered user input (bsc#1109663). - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). Bug fixes : - bsc#1086001: python tarfile uses random order. This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2018-11-11
    plugin id118869
    published2018-11-11
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118869
    titleopenSUSE Security Update : python / python-base (openSUSE-2018-1363)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0114-1.NASL
    descriptionThis update for python3 to version 3.6.10 fixes the following issues : CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133036
    published2020-01-17
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133036
    titleSUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-51F1E08207.NASL
    descriptionSecurity update to Python 3.5.7. Security fix for CVE-2019-5010, CVE-2018-20406, CVE-2018-1060, CVE-2018-1061, CVE-2019-9636. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124492
    published2019-05-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124492
    titleFedora 30 : python35 (2019-51f1e08207)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1519.NASL
    descriptionMultiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython (aka Python) is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) CVE-2018-1060 python is vulnerable to catastrophic backtracking in pop3lib
    last seen2020-06-01
    modified2020-06-02
    plugin id117712
    published2018-09-27
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117712
    titleDebian DLA-1519-1 : python2.7 security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1403.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. (CVE-2019-9636) - A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) - python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. (CVE-2018-1061) - python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib
    last seen2020-04-16
    modified2019-05-14
    plugin id124906
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124906
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : python (EulerOS-SA-2019-1403)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-CF725DD20B.NASL
    descriptionSecurity update to Python 3.5.7. Security fix for CVE-2019-5010, CVE-2018-20406, CVE-2018-1060, CVE-2018-1061, CVE-2019-9636. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123480
    published2019-03-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123480
    titleFedora 28 : python35 (2019-cf725dd20b)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-86.NASL
    descriptionThis update for python3 to version 3.6.10 fixes the following issues : - CVE-2017-18207: Fixed a denial of service in Wave_read._read_fmt_chunk() (bsc#1083507). - CVE-2019-16056: Fixed an issue where email parsing could fail for multiple @ (bsc#1149955). - CVE-2019-15903: Fixed a heap-based buffer over-read in libexpat (bsc#1149429). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id133172
    published2020-01-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133172
    titleopenSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8719B9358BAE41AD92BA3C826F651219.NASL
    descriptionpython release notes : Multiple vulnerabilities has been fixed in this release. Please refer to the CVE list for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id109594
    published2018-05-07
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109594
    titleFreeBSD : python 2.7 -- multiple vulnerabilities (8719b935-8bae-41ad-92ba-3c826f651219)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4307.NASL
    descriptionMultiple security issues were discovered in Python: ElementTree failed to initialise Expat
    last seen2020-06-01
    modified2020-06-02
    plugin id117838
    published2018-10-01
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117838
    titleDebian DSA-4307-1 : python3.5 - security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2408-1.NASL
    descriptionThis update for python-base fixes the following issues: Security issues fixed : - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes : - bsc#1086001: python tarfile uses random order. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id112012
    published2018-08-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112012
    titleSUSE SLES11 Security Update : python (SUSE-SU-2018:2408-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1268.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1268 advisory. - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135089
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135089
    titleRHEL 7 : python (RHSA-2020:1268)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1108.NASL
    descriptionA flaw was found in the way catastrophic backtracking was implemented in python
    last seen2020-06-10
    modified2018-12-07
    plugin id119467
    published2018-12-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119467
    titleAmazon Linux AMI : python27 (ALAS-2018-1108)

Redhat

advisories
  • bugzilla
    id1579432
    title process mapping.
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentpython-devel is earlier than 0:2.7.5-76.el7
            ovaloval:com.redhat.rhsa:tst:20183041001
          • commentpython-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554010
        • AND
          • commentpython-libs is earlier than 0:2.7.5-76.el7
            ovaloval:com.redhat.rhsa:tst:20183041003
          • commentpython-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554014
        • AND
          • commentpython is earlier than 0:2.7.5-76.el7
            ovaloval:com.redhat.rhsa:tst:20183041005
          • commentpython is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554012
        • AND
          • commentpython-debug is earlier than 0:2.7.5-76.el7
            ovaloval:com.redhat.rhsa:tst:20183041007
          • commentpython-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20152101008
        • AND
          • commentpython-test is earlier than 0:2.7.5-76.el7
            ovaloval:com.redhat.rhsa:tst:20183041009
          • commentpython-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554006
        • AND
          • commenttkinter is earlier than 0:2.7.5-76.el7
            ovaloval:com.redhat.rhsa:tst:20183041011
          • commenttkinter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554004
        • AND
          • commentpython-tools is earlier than 0:2.7.5-76.el7
            ovaloval:com.redhat.rhsa:tst:20183041013
          • commentpython-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554008
    rhsa
    idRHSA-2018:3041
    released2018-10-30
    severityModerate
    titleRHSA-2018:3041: python security and bug fix update (Moderate)
  • rhsa
    idRHBA-2019:0327
  • rhsa
    idRHSA-2018:3505
  • rhsa
    idRHSA-2019:1260
  • rhsa
    idRHSA-2019:3725
rpms
  • python-0:2.7.5-76.el7
  • python-debug-0:2.7.5-76.el7
  • python-debuginfo-0:2.7.5-76.el7
  • python-devel-0:2.7.5-76.el7
  • python-libs-0:2.7.5-76.el7
  • python-test-0:2.7.5-76.el7
  • python-tools-0:2.7.5-76.el7
  • tkinter-0:2.7.5-76.el7
  • python27-python-0:2.7.16-4.el6
  • python27-python-0:2.7.16-4.el7
  • python27-python-debug-0:2.7.16-4.el6
  • python27-python-debug-0:2.7.16-4.el7
  • python27-python-debuginfo-0:2.7.16-4.el6
  • python27-python-debuginfo-0:2.7.16-4.el7
  • python27-python-devel-0:2.7.16-4.el6
  • python27-python-devel-0:2.7.16-4.el7
  • python27-python-jinja2-0:2.6-12.el6
  • python27-python-jinja2-0:2.6-15.el7
  • python27-python-libs-0:2.7.16-4.el6
  • python27-python-libs-0:2.7.16-4.el7
  • python27-python-test-0:2.7.16-4.el6
  • python27-python-test-0:2.7.16-4.el7
  • python27-python-tools-0:2.7.16-4.el6
  • python27-python-tools-0:2.7.16-4.el7
  • python27-tkinter-0:2.7.16-4.el6
  • python27-tkinter-0:2.7.16-4.el7
  • rh-python36-python-0:3.6.9-2.el6
  • rh-python36-python-0:3.6.9-2.el7
  • rh-python36-python-debug-0:3.6.9-2.el6
  • rh-python36-python-debug-0:3.6.9-2.el7
  • rh-python36-python-debuginfo-0:3.6.9-2.el6
  • rh-python36-python-debuginfo-0:3.6.9-2.el7
  • rh-python36-python-devel-0:3.6.9-2.el6
  • rh-python36-python-devel-0:3.6.9-2.el7
  • rh-python36-python-libs-0:3.6.9-2.el6
  • rh-python36-python-libs-0:3.6.9-2.el7
  • rh-python36-python-test-0:3.6.9-2.el6
  • rh-python36-python-test-0:3.6.9-2.el7
  • rh-python36-python-tkinter-0:3.6.9-2.el6
  • rh-python36-python-tkinter-0:3.6.9-2.el7
  • rh-python36-python-tools-0:3.6.9-2.el6
  • rh-python36-python-tools-0:3.6.9-2.el7
  • python-0:2.7.5-74.el7_5
  • python-debug-0:2.7.5-74.el7_5
  • python-debuginfo-0:2.7.5-74.el7_5
  • python-devel-0:2.7.5-74.el7_5
  • python-libs-0:2.7.5-74.el7_5
  • python-test-0:2.7.5-74.el7_5
  • python-tools-0:2.7.5-74.el7_5
  • tkinter-0:2.7.5-74.el7_5
  • python-0:2.7.5-63.el7_4
  • python-debug-0:2.7.5-63.el7_4
  • python-debuginfo-0:2.7.5-63.el7_4
  • python-devel-0:2.7.5-63.el7_4
  • python-libs-0:2.7.5-63.el7_4
  • python-test-0:2.7.5-63.el7_4
  • python-tools-0:2.7.5-63.el7_4
  • tkinter-0:2.7.5-63.el7_4

References