Vulnerabilities > CVE-2019-9948 - Path Traversal vulnerability in multiple products

047910
CVSS 9.1 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE

Summary

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

Vulnerable Configurations

Part Description Count
Application
Python
191
OS
Opensuse
2
OS
Debian
2
OS
Fedoraproject
2
OS
Canonical
5
OS
Redhat
14

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Relative Path Traversal
    An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
  • Directory Traversal
    An attacker with access to file system resources, either directly or via application logic, will use various file path specification or navigation mechanisms such as ".." in path strings and absolute paths to extend their range of access to inappropriate areas of the file system. The attacker attempts to either explore the file system for recon purposes or access directories and files that are intended to be restricted from their access. Exploring the file system can be achieved through constructing paths presented to directory listing programs, such as "ls" and 'dir', or through specially crafted programs that attempt to explore the file system. The attacker engaging in this type of activity is searching for information that can be used later in a more exploitive attack. Access to restricted directories or files can be achieved through modification of path references utilized by system applications.
  • File System Function Injection, Content Based
    An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
  • Using Slashes and URL Encoding Combined to Bypass Validation Logic
    This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL. An URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1834.NASL
    descriptionMultiple vulnerabilities were discovered in Python, an interactive high-level object-oriented language, including CVE-2018-14647 Python
    last seen2020-06-01
    modified2020-06-02
    plugin id126222
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126222
    titleDebian DLA-1834-1 : python2.7 security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1834-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126222);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2018-14647", "CVE-2019-10160", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-9948");
    
      script_name(english:"Debian DLA-1834-1 : python2.7 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities were discovered in Python, an interactive
    high-level object-oriented language, including 
    
    CVE-2018-14647
    
    Python's elementtree C accelerator failed to initialise Expat's hash
    salt during initialization. This could make it easy to conduct denial
    of service attacks against Expat by constructing an XML document that
    would cause pathological hash collisions in Expat's internal data
    structures, consuming large amounts CPU and RAM.
    
    CVE-2019-5010
    
    NULL pointer dereference using a specially crafted X509 certificate.
    
    CVE-2019-9636
    
    Improper Handling of Unicode Encoding (with an incorrect netloc)
    during NFKC normalization resulting in information disclosure
    (credentials, cookies, etc. that are cached against a given hostname).
    A specially crafted URL could be incorrectly parsed to locate cookies
    or authentication data and send that information to a different host
    than when parsed correctly.
    
    CVE-2019-9740
    
    An issue was discovered in urllib2 where CRLF injection is possible if
    the attacker controls a url parameter, as demonstrated by the first
    argument to urllib.request.urlopen with \r\n (specifically in the
    query string after a ? character) followed by an HTTP header or a
    Redis command.
    
    CVE-2019-9947
    
    An issue was discovered in urllib2 where CRLF injection is possible if
    the attacker controls a url parameter, as demonstrated by the first
    argument to urllib.request.urlopen with \r\n (specifically in the path
    component of a URL that lacks a ? character) followed by an HTTP
    header or a Redis command. This is similar to the CVE-2019-9740 query
    string issue.
    
    CVE-2019-9948
    
    urllib supports the local_file: scheme, which makes it easier for
    remote attackers to bypass protection mechanisms that blacklist file:
    URIs, as demonstrated by triggering a
    urllib.urlopen('local_file:///etc/passwd') call.
    
    CVE-2019-10160
    
    A security regression of CVE-2019-9636 was discovered which still
    allows an attacker to exploit CVE-2019-9636 by abusing the user and
    password parts of a URL. When an application parses user-supplied URLs
    to store cookies, authentication credentials, or other kind of
    information, it is possible for an attacker to provide specially
    crafted URLs to make the application locate host-related information
    (e.g. cookies, authentication data) and send them to a different host
    than where it should, unlike if the URLs had been correctly parsed.
    The result of an attack may vary based on the application.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    2.7.9-2+deb8u3.
    
    We recommend that you upgrade your python2.7 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/python2.7"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9948");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:idle-python2.7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython2.7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython2.7-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython2.7-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython2.7-minimal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython2.7-stdlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpython2.7-testsuite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.7-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.7-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.7-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.7-examples");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python2.7-minimal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"idle-python2.7", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libpython2.7", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libpython2.7-dbg", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libpython2.7-dev", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libpython2.7-minimal", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libpython2.7-stdlib", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libpython2.7-testsuite", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"python2.7", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"python2.7-dbg", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"python2.7-dev", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"python2.7-doc", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"python2.7-examples", reference:"2.7.9-2+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"python2.7-minimal", reference:"2.7.9-2+deb8u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_18ED9650A1D611E99B17FCAA147E860E.NASL
    descriptionPython changelog : bpo-35907: CVE-2019-9948: Avoid file reading by disallowing local-file:// and local_file:// URL schemes in URLopener().open() and URLopener().retrieve() of urllib.request. bpo-36742: Fixes mishandling of pre-normalization characters in urlsplit(). bpo-30458: Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause an http.client.InvalidURL exception to be raised. bpo-36216: Changes urlsplit() to raise ValueError when the URL contains characters that decompose under IDNA encoding (NFKC-normalization) into characters that affect how the URL is parsed. bpo-33529: Prevent fold function used in email header encoding from entering infinite loop when there are too many non-ASCII characters in a header. bpo-35121: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id126534
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126534
    titleFreeBSD : python 3.6 -- multiple vulnerabilities (18ed9650-a1d6-11e9-9b17-fcaa147e860e)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2020 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126534);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2019-9740", "CVE-2019-9948");
    
      script_name(english:"FreeBSD : python 3.6 -- multiple vulnerabilities (18ed9650-a1d6-11e9-9b17-fcaa147e860e)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Python changelog :
    
    bpo-35907: CVE-2019-9948: Avoid file reading by disallowing
    local-file:// and local_file:// URL schemes in URLopener().open() and
    URLopener().retrieve() of urllib.request.
    
    bpo-36742: Fixes mishandling of pre-normalization characters in
    urlsplit().
    
    bpo-30458: Address CVE-2019-9740 by disallowing URL paths with
    embedded whitespace or control characters through into the underlying
    http client request. Such potentially malicious header injection URLs
    now cause an http.client.InvalidURL exception to be raised.
    
    bpo-36216: Changes urlsplit() to raise ValueError when the URL
    contains characters that decompose under IDNA encoding
    (NFKC-normalization) into characters that affect how the URL is
    parsed.
    
    bpo-33529: Prevent fold function used in email header encoding from
    entering infinite loop when there are too many non-ASCII characters in
    a header.
    
    bpo-35121: Don't send cookies of domain A without Domain attribute to
    domain B when domain A is a suffix match of domain B while using a
    cookiejar with http.cookiejar.DefaultCookiePolicy policy. Patch by
    Karthikeyan Singaravelan."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-9-final"
      );
      # https://vuxml.freebsd.org/freebsd/18ed9650-a1d6-11e9-9b17-fcaa147e860e.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1a784875"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:python36");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"python36<3.6.9")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-202003-26.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-202003-26 (Python: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Python. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly perform a CRLF injection attack, obtain sensitive information, trick Python into sending cookies to the wrong domain or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-03-19
    modified2020-03-16
    plugin id134603
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134603
    titleGLSA-202003-26 : Python: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 202003-26.
    #
    # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134603);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/18");
    
      script_cve_id("CVE-2018-20852", "CVE-2019-5010", "CVE-2019-9636", "CVE-2019-9740", "CVE-2019-9947", "CVE-2019-9948");
      script_xref(name:"GLSA", value:"202003-26");
    
      script_name(english:"GLSA-202003-26 : Python: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-202003-26
    (Python: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Python. Please review
          the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could possibly perform a CRLF injection attack, obtain
          sensitive information, trick Python into sending cookies to the wrong
          domain or cause a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/202003-26"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Python 2.7.x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/python-2.7.17:2.7'
        All Python 3.5.x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/python-3.5.7:3.5/3.5m'
        All Python 3.6.x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/python-3.6.9:3.6/3.6m'
        All Python 3.7x users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-lang/python-3.7.4:3.7/3.7m'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9948");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:python");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-lang/python", unaffected:make_list("ge 2.7.17", "ge 3.5.7", "ge 3.6.9", "ge 3.7.4"), vulnerable:make_list("lt 2.7.17", "lt 3.5.7", "lt 3.6.9", "lt 3.7.4"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Python");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3520.NASL
    descriptionAn update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130548
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130548
    titleRHEL 8 : python3 (RHSA-2019:3520)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-293-01.NASL
    descriptionNew python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130079
    published2019-10-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130079
    titleSlackware 14.0 / 14.1 / 14.2 / current : python (SSA:2019-293-01)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4127-1.NASL
    descriptionIt was discovered that Python incorrectly handled certain pickle files. An attacker could possibly use this issue to consume memory, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20406) It was discovered that Python incorrectly validated the domain when handling cookies. An attacker could possibly trick Python into sending cookies to the wrong domain. (CVE-2018-20852) Jonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly handled Unicode encoding during NFKC normalization. An attacker could possibly use this issue to obtain sensitive information. (CVE-2019-9636, CVE-2019-10160) Colin Read and Nicolas Edet discovered that Python incorrectly handled parsing certain X509 certificates. An attacker could possibly use this issue to cause Python to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-5010) It was discovered that Python incorrectly handled certain urls. A remote attacker could possibly use this issue to perform CRLF injection attacks. (CVE-2019-9740, CVE-2019-9947) Sihoon Lee discovered that Python incorrectly handled the local_file: scheme. A remote attacker could possibly use this issue to bypass blacklist meschanisms. (CVE-2019-9948). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128631
    published2019-09-10
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128631
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.04 : python2.7, python3.5, python3.6, python3.7 vulnerabilities (USN-4127-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0220_PYTHON2.NASL
    descriptionAn update of the python2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id125159
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125159
    titlePhoton OS 1.0: Python2 PHSA-2019-1.0-0220
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0229_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python packages installed that are affected by multiple vulnerabilities: - An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. (CVE-2019-5010) - urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-06-01
    modified2020-06-02
    plugin id132508
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132508
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : python Multiple Vulnerabilities (NS-SA-2019-0229)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-14018-1.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : CVE-2019-9948: Fixed a
    last seen2020-06-01
    modified2020-06-02
    plugin id124084
    published2019-04-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124084
    titleSUSE SLES11 Security Update : python (SUSE-SU-2019:14018-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-9BFB4A3E4B.NASL
    description[Python 3.7.4](https://www.python.org/downloads/release/python-374/) is the fourth and most recent maintenance release of Python 3.7. [Changelog for final](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7- 4-final), [3.7.4 release candidate 2](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-re lease-candidate-2) and [3.7.4 release candidate 1](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-re lease-candidate-1). Contains security fixes for CVE-2019-9948 and CVE-2019-10160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127105
    published2019-07-29
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127105
    titleFedora 30 : python3 / python3-docs (2019-9bfb4a3e4b)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1324.NASL
    descriptionA security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application. (CVE-2019-10160) An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. (CVE-2019-9740) urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-06-01
    modified2020-06-02
    plugin id131244
    published2019-11-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131244
    titleAmazon Linux AMI : python34 (ALAS-2019-1324)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2030.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127651
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127651
    titleRHEL 7 : python (RHSA-2019:2030)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1346.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1346 advisory. - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-07
    plugin id135247
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135247
    titleRHEL 7 : python (RHSA-2020:1346)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1258.NASL
    descriptionA security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160) urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-06-01
    modified2020-06-02
    plugin id127814
    published2019-08-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127814
    titleAmazon Linux AMI : python27 (ALAS-2019-1258)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1434.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python
    last seen2020-06-01
    modified2020-06-02
    plugin id124937
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124937
    titleEulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-60A1DEFCD1.NASL
    description[Python 3.7.4](https://www.python.org/downloads/release/python-374/) is the fourth and most recent maintenance release of Python 3.7. [Changelog for final](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7- 4-final), [3.7.4 release candidate 2](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-re lease-candidate-2) and [3.7.4 release candidate 1](https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-re lease-candidate-1). Contains security fixes for CVE-2019-9948 and CVE-2019-10160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127514
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127514
    titleFedora 29 : python3 / python3-docs (2019-60a1defcd1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1866.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160) - urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-05-08
    modified2019-09-17
    plugin id128918
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128918
    titleEulerOS 2.0 SP2 : python (EulerOS-SA-2019-1866)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0009_PYTHON2.NASL
    descriptionAn update of the python2 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126380
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126380
    titlePhoton OS 3.0: Python2 PHSA-2019-3.0-0009
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1338.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Python
    last seen2020-05-06
    modified2019-05-06
    plugin id124624
    published2019-05-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124624
    titleEulerOS 2.0 SP5 : python (EulerOS-SA-2019-1338)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2091.NASL
    descriptionAccording to the version of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-05-03
    modified2019-09-30
    plugin id129450
    published2019-09-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129450
    titleEulerOS 2.0 SP8 : python3 (EulerOS-SA-2019-2091)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1273.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : - CVE-2019-9948: Fixed a
    last seen2020-06-01
    modified2020-06-02
    plugin id124310
    published2019-04-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124310
    titleopenSUSE Security Update : python (openSUSE-2019-1273)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2030.NASL
    descriptionAn update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128333
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128333
    titleCentOS 7 : python (CESA-2019:2030)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1291.NASL
    descriptionurllib in Python 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-06-01
    modified2020-06-02
    plugin id129070
    published2019-09-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129070
    titleAmazon Linux 2 : python (ALAS-2019-1291)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0234-1.NASL
    descriptionThis update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133259
    published2020-01-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133259
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1439-1.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : CVE-2019-9948: Fixed a
    last seen2020-06-01
    modified2020-06-02
    plugin id125764
    published2019-06-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125764
    titleSUSE SLED12 / SLES12 Security Update : python (SUSE-SU-2019:1439-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_PYTHON_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) - python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948)
    last seen2020-03-18
    modified2019-08-27
    plugin id128254
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128254
    titleScientific Linux Security Update : python on SL7.x x86_64 (20190806)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0972-1.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : CVE-2019-9948: Fixed a
    last seen2020-06-01
    modified2020-06-02
    plugin id124149
    published2019-04-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124149
    titleSUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2019:0972-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2019.NASL
    descriptionAccording to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.(CVE-2019-10160) - urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-05-08
    modified2019-09-24
    plugin id129212
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129212
    titleEulerOS 2.0 SP3 : python (EulerOS-SA-2019-2019)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1359.NASL
    descriptionAccording to the version of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(
    last seen2020-06-01
    modified2020-06-02
    plugin id124737
    published2019-05-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124737
    titleEulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1359)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1462.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1462 advisory. - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-14
    plugin id135459
    published2020-04-14
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135459
    titleRHEL 7 : python (RHSA-2020:1462)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A449C604A43A11E9B422FCAA147E860E.NASL
    descriptionPython changelog : bpo-37463: ssl.match_hostname() no longer accepts IPv4 addresses with additional text after the address and only quad-dotted notation without trailing whitespaces. Some inet_aton() implementations ignore whitespace and all data after whitespace, e.g.
    last seen2020-06-01
    modified2020-06-02
    plugin id126667
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126667
    titleFreeBSD : python 3.7 -- multiple vulnerabilities (a449c604-a43a-11e9-b422-fcaa147e860e)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3335.NASL
    descriptionAn update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fix(es) : * numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution (CVE-2019-6446) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) * python-urllib3: CRLF injection due to not encoding the
    last seen2020-05-23
    modified2019-11-06
    plugin id130527
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130527
    titleRHEL 8 : python27:2.7 (RHSA-2019:3335)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1852.NASL
    descriptionThe urllib library in Python ships support for a second, not well known URL scheme for accessing local files (
    last seen2020-06-01
    modified2020-06-02
    plugin id126652
    published2019-07-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126652
    titleDebian DLA-1852-1 : python3.4 security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1268.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1268 advisory. - python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) - python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) - python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) - python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) - python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) - python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135089
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135089
    titleRHEL 7 : python (RHSA-2020:1268)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1580.NASL
    descriptionThis update for python fixes the following issues : Security issues fixed : - CVE-2019-9948: Fixed a
    last seen2020-06-01
    modified2020-06-02
    plugin id126041
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126041
    titleopenSUSE Security Update : python (openSUSE-2019-1580)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0187_PYTHON.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python packages installed that are affected by multiple vulnerabilities: - Python
    last seen2020-06-01
    modified2020-06-02
    plugin id129884
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129884
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : python Multiple Vulnerabilities (NS-SA-2019-0187)

Redhat

advisories
  • bugzilla
    id1703600
    titlepython2-devel can't be installed during RHEL 7 to 8 upgrade due to incorrect Obsoletes
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentpython is earlier than 0:2.7.5-86.el7
            ovaloval:com.redhat.rhsa:tst:20192030001
          • commentpython is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554012
        • AND
          • commentpython-libs is earlier than 0:2.7.5-86.el7
            ovaloval:com.redhat.rhsa:tst:20192030003
          • commentpython-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554014
        • AND
          • commentpython-test is earlier than 0:2.7.5-86.el7
            ovaloval:com.redhat.rhsa:tst:20192030005
          • commentpython-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554006
        • AND
          • commentpython-tools is earlier than 0:2.7.5-86.el7
            ovaloval:com.redhat.rhsa:tst:20192030007
          • commentpython-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554008
        • AND
          • commentpython-debug is earlier than 0:2.7.5-86.el7
            ovaloval:com.redhat.rhsa:tst:20192030009
          • commentpython-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20152101008
        • AND
          • commentpython-devel is earlier than 0:2.7.5-86.el7
            ovaloval:com.redhat.rhsa:tst:20192030011
          • commentpython-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554010
        • AND
          • commenttkinter is earlier than 0:2.7.5-86.el7
            ovaloval:com.redhat.rhsa:tst:20192030013
          • commenttkinter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110554004
    rhsa
    idRHSA-2019:2030
    released2019-08-06
    severityModerate
    titleRHSA-2019:2030: python security and bug fix update (Moderate)
  • bugzilla
    id1734126
    titleWith FIPS enabled python2 able to load non-compliant md5 crypto modules
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • commentModule python27:2.7 is enabled
        ovaloval:com.redhat.rhsa:tst:20190981121
      • OR
        • AND
          • commentpython-lxml-debugsource is earlier than 0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335001
          • commentpython-lxml-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193335002
        • AND
          • commentpython-coverage-debugsource is earlier than 0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335003
          • commentpython-coverage-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193335004
        • AND
          • commentnumpy-debugsource is earlier than 1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
            ovaloval:com.redhat.rhsa:tst:20193335005
          • commentnumpy-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193335006
        • AND
          • commentPyYAML-debugsource is earlier than 0:3.12-16.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335007
          • commentPyYAML-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193335008
        • AND
          • commentCython-debugsource is earlier than 0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335009
          • commentCython-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193335010
        • AND
          • commentscipy-debugsource is earlier than 0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
            ovaloval:com.redhat.rhsa:tst:20193335011
          • commentscipy-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193335012
        • AND
          • commentpython2-tools is earlier than 0:2.7.16-12.module+el8.1.0+4148+33a50073
            ovaloval:com.redhat.rhsa:tst:20193335013
          • commentpython2-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981002
        • AND
          • commentpython2-tkinter is earlier than 0:2.7.16-12.module+el8.1.0+4148+33a50073
            ovaloval:com.redhat.rhsa:tst:20193335015
          • commentpython2-tkinter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981004
        • AND
          • commentpython2-test is earlier than 0:2.7.16-12.module+el8.1.0+4148+33a50073
            ovaloval:com.redhat.rhsa:tst:20193335017
          • commentpython2-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981006
        • AND
          • commentpython2-sqlalchemy is earlier than 0:1.3.2-1.module+el8.1.0+2994+98e054d6
            ovaloval:com.redhat.rhsa:tst:20193335019
          • commentpython2-sqlalchemy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981008
        • AND
          • commentpython2-scipy is earlier than 0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
            ovaloval:com.redhat.rhsa:tst:20193335021
          • commentpython2-scipy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981010
        • AND
          • commentpython2-pyyaml is earlier than 0:3.12-16.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335023
          • commentpython2-pyyaml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981012
        • AND
          • commentpython2-pymongo-gridfs is earlier than 0:3.6.1-11.module+el8.1.0+3446+c3d52da3
            ovaloval:com.redhat.rhsa:tst:20193335025
          • commentpython2-pymongo-gridfs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981014
        • AND
          • commentpython2-pymongo is earlier than 0:3.6.1-11.module+el8.1.0+3446+c3d52da3
            ovaloval:com.redhat.rhsa:tst:20193335027
          • commentpython2-pymongo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981016
        • AND
          • commentpython2-psycopg2-tests is earlier than 0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335029
          • commentpython2-psycopg2-tests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981018
        • AND
          • commentpython2-psycopg2-debug is earlier than 0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335031
          • commentpython2-psycopg2-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981020
        • AND
          • commentpython2-psycopg2 is earlier than 0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335033
          • commentpython2-psycopg2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981022
        • AND
          • commentpython2-numpy-f2py is earlier than 1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
            ovaloval:com.redhat.rhsa:tst:20193335035
          • commentpython2-numpy-f2py is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981024
        • AND
          • commentpython2-numpy is earlier than 1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
            ovaloval:com.redhat.rhsa:tst:20193335037
          • commentpython2-numpy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981026
        • AND
          • commentpython2-markupsafe is earlier than 0:0.23-19.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335039
          • commentpython2-markupsafe is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981028
        • AND
          • commentpython2-lxml is earlier than 0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335041
          • commentpython2-lxml is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981030
        • AND
          • commentpython2-libs is earlier than 0:2.7.16-12.module+el8.1.0+4148+33a50073
            ovaloval:com.redhat.rhsa:tst:20193335043
          • commentpython2-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981032
        • AND
          • commentpython2-devel is earlier than 0:2.7.16-12.module+el8.1.0+4148+33a50073
            ovaloval:com.redhat.rhsa:tst:20193335045
          • commentpython2-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981034
        • AND
          • commentpython2-debugsource is earlier than 0:2.7.16-12.module+el8.1.0+4148+33a50073
            ovaloval:com.redhat.rhsa:tst:20193335047
          • commentpython2-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981036
        • AND
          • commentpython2-debug is earlier than 0:2.7.16-12.module+el8.1.0+4148+33a50073
            ovaloval:com.redhat.rhsa:tst:20193335049
          • commentpython2-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981038
        • AND
          • commentpython2-coverage is earlier than 0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335051
          • commentpython2-coverage is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981040
        • AND
          • commentpython2-bson is earlier than 0:3.6.1-11.module+el8.1.0+3446+c3d52da3
            ovaloval:com.redhat.rhsa:tst:20193335053
          • commentpython2-bson is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981042
        • AND
          • commentpython2-backports is earlier than 0:1.0-15.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335055
          • commentpython2-backports is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981044
        • AND
          • commentpython2-Cython is earlier than 0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335057
          • commentpython2-Cython is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981046
        • AND
          • commentpython2 is earlier than 0:2.7.16-12.module+el8.1.0+4148+33a50073
            ovaloval:com.redhat.rhsa:tst:20193335059
          • commentpython2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981048
        • AND
          • commentpython-pymongo-debugsource is earlier than 0:3.6.1-11.module+el8.1.0+3446+c3d52da3
            ovaloval:com.redhat.rhsa:tst:20193335061
          • commentpython-pymongo-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193335062
        • AND
          • commentpython-psycopg2-doc is earlier than 0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335063
          • commentpython-psycopg2-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981050
        • AND
          • commentpython-psycopg2-debugsource is earlier than 0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335065
          • commentpython-psycopg2-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193335066
        • AND
          • commentpython2-wheel-wheel is earlier than 1:0.31.1-2.module+el8.1.0+3725+aac5cd17
            ovaloval:com.redhat.rhsa:tst:20193335067
          • commentpython2-wheel-wheel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193335068
        • AND
          • commentpython2-wheel is earlier than 1:0.31.1-2.module+el8.1.0+3725+aac5cd17
            ovaloval:com.redhat.rhsa:tst:20193335069
          • commentpython2-wheel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981052
        • AND
          • commentpython2-virtualenv is earlier than 0:15.1.0-19.module+el8.1.0+3507+d69c168d
            ovaloval:com.redhat.rhsa:tst:20193335071
          • commentpython2-virtualenv is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981054
        • AND
          • commentpython2-urllib3 is earlier than 0:1.24.2-1.module+el8.1.0+3280+19512f10
            ovaloval:com.redhat.rhsa:tst:20193335073
          • commentpython2-urllib3 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981056
        • AND
          • commentpython2-six is earlier than 0:1.11.0-5.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335075
          • commentpython2-six is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981058
        • AND
          • commentpython2-setuptools_scm is earlier than 0:1.15.7-6.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335077
          • commentpython2-setuptools_scm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981060
        • AND
          • commentpython2-setuptools-wheel is earlier than 0:39.0.1-11.module+el8.1.0+3446+c3d52da3
            ovaloval:com.redhat.rhsa:tst:20193335079
          • commentpython2-setuptools-wheel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193335080
        • AND
          • commentpython2-setuptools is earlier than 0:39.0.1-11.module+el8.1.0+3446+c3d52da3
            ovaloval:com.redhat.rhsa:tst:20193335081
          • commentpython2-setuptools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981062
        • AND
          • commentpython2-rpm-macros is earlier than 0:3-38.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335083
          • commentpython2-rpm-macros is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981064
        • AND
          • commentpython2-requests is earlier than 0:2.20.0-2.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335085
          • commentpython2-requests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981066
        • AND
          • commentpython2-pytz is earlier than 0:2017.2-12.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335087
          • commentpython2-pytz is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981068
        • AND
          • commentpython2-pytest-mock is earlier than 0:1.9.0-4.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335089
          • commentpython2-pytest-mock is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981070
        • AND
          • commentpython2-pytest is earlier than 0:3.4.2-13.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335091
          • commentpython2-pytest is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981072
        • AND
          • commentpython2-pysocks is earlier than 0:1.6.8-6.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335093
          • commentpython2-pysocks is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981074
        • AND
          • commentpython2-pygments is earlier than 0:2.2.0-20.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335095
          • commentpython2-pygments is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981076
        • AND
          • commentpython2-py is earlier than 0:1.5.3-6.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335097
          • commentpython2-py is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981078
        • AND
          • commentpython2-pluggy is earlier than 0:0.6.0-8.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335099
          • commentpython2-pluggy is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981080
        • AND
          • commentpython2-pip-wheel is earlier than 0:9.0.3-14.module+el8.1.0+3446+c3d52da3
            ovaloval:com.redhat.rhsa:tst:20193335101
          • commentpython2-pip-wheel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193335102
        • AND
          • commentpython2-pip is earlier than 0:9.0.3-14.module+el8.1.0+3446+c3d52da3
            ovaloval:com.redhat.rhsa:tst:20193335103
          • commentpython2-pip is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981082
        • AND
          • commentpython2-numpy-doc is earlier than 1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
            ovaloval:com.redhat.rhsa:tst:20193335105
          • commentpython2-numpy-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981084
        • AND
          • commentpython2-nose is earlier than 0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335107
          • commentpython2-nose is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981086
        • AND
          • commentpython2-mock is earlier than 0:2.0.0-13.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335109
          • commentpython2-mock is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981088
        • AND
          • commentpython2-jinja2 is earlier than 0:2.10-8.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335111
          • commentpython2-jinja2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981090
        • AND
          • commentpython2-ipaddress is earlier than 0:1.0.18-6.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335113
          • commentpython2-ipaddress is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981092
        • AND
          • commentpython2-idna is earlier than 0:2.5-7.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335115
          • commentpython2-idna is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981094
        • AND
          • commentpython2-funcsigs is earlier than 0:1.0.2-13.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335117
          • commentpython2-funcsigs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981096
        • AND
          • commentpython2-docutils is earlier than 0:0.14-12.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335119
          • commentpython2-docutils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981098
        • AND
          • commentpython2-docs-info is earlier than 0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335121
          • commentpython2-docs-info is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981100
        • AND
          • commentpython2-docs is earlier than 0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335123
          • commentpython2-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981102
        • AND
          • commentpython2-dns is earlier than 0:1.15.0-10.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335125
          • commentpython2-dns is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981104
        • AND
          • commentpython2-chardet is earlier than 0:3.0.4-10.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335127
          • commentpython2-chardet is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981106
        • AND
          • commentpython2-backports-ssl_match_hostname is earlier than 0:3.5.0.1-11.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335129
          • commentpython2-backports-ssl_match_hostname is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981108
        • AND
          • commentpython2-babel is earlier than 0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335131
          • commentpython2-babel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981110
        • AND
          • commentpython2-attrs is earlier than 0:17.4.0-10.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335133
          • commentpython2-attrs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981112
        • AND
          • commentpython2-PyMySQL is earlier than 0:0.8.0-10.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335135
          • commentpython2-PyMySQL is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981114
        • AND
          • commentpython-sqlalchemy-doc is earlier than 0:1.3.2-1.module+el8.1.0+2994+98e054d6
            ovaloval:com.redhat.rhsa:tst:20193335137
          • commentpython-sqlalchemy-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981116
        • AND
          • commentpython-nose-docs is earlier than 0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335139
          • commentpython-nose-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981118
        • AND
          • commentbabel is earlier than 0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
            ovaloval:com.redhat.rhsa:tst:20193335141
          • commentbabel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190981120
    rhsa
    idRHSA-2019:3335
    released2019-11-05
    severityModerate
    titleRHSA-2019:3335: python27:2.7 security and bug fix update (Moderate)
  • bugzilla
    id1760106
    titleFAIL_RETURN_IN_FIPS_MODE() patch breaks mod_wsgi: ValueError: unsupported hash type blake2b
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentpython3-debugsource is earlier than 0:3.6.8-15.1.el8
            ovaloval:com.redhat.rhsa:tst:20193520001
          • commentpython3-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997008
        • AND
          • commentpython3-test is earlier than 0:3.6.8-15.1.el8
            ovaloval:com.redhat.rhsa:tst:20193520003
          • commentpython3-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997006
        • AND
          • commentpython3-libs is earlier than 0:3.6.8-15.1.el8
            ovaloval:com.redhat.rhsa:tst:20193520005
          • commentpython3-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997002
        • AND
          • commentplatform-python is earlier than 0:3.6.8-15.1.el8
            ovaloval:com.redhat.rhsa:tst:20193520007
          • commentplatform-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997004
        • AND
          • commentpython3-tkinter is earlier than 0:3.6.8-15.1.el8
            ovaloval:com.redhat.rhsa:tst:20193520009
          • commentpython3-tkinter is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997016
        • AND
          • commentpython3-idle is earlier than 0:3.6.8-15.1.el8
            ovaloval:com.redhat.rhsa:tst:20193520011
          • commentpython3-idle is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997014
        • AND
          • commentplatform-python-devel is earlier than 0:3.6.8-15.1.el8
            ovaloval:com.redhat.rhsa:tst:20193520013
          • commentplatform-python-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997010
        • AND
          • commentplatform-python-debug is earlier than 0:3.6.8-15.1.el8
            ovaloval:com.redhat.rhsa:tst:20193520015
          • commentplatform-python-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20190997012
    rhsa
    idRHSA-2019:3520
    released2019-11-05
    severityModerate
    titleRHSA-2019:3520: python3 security and bug fix update (Moderate)
  • rhsa
    idRHSA-2019:1700
rpms
  • python27-python-0:2.7.16-6.el6
  • python27-python-0:2.7.16-6.el7
  • python27-python-debug-0:2.7.16-6.el6
  • python27-python-debug-0:2.7.16-6.el7
  • python27-python-debuginfo-0:2.7.16-6.el6
  • python27-python-debuginfo-0:2.7.16-6.el7
  • python27-python-devel-0:2.7.16-6.el6
  • python27-python-devel-0:2.7.16-6.el7
  • python27-python-libs-0:2.7.16-6.el6
  • python27-python-libs-0:2.7.16-6.el7
  • python27-python-test-0:2.7.16-6.el6
  • python27-python-test-0:2.7.16-6.el7
  • python27-python-tools-0:2.7.16-6.el6
  • python27-python-tools-0:2.7.16-6.el7
  • python27-tkinter-0:2.7.16-6.el6
  • python27-tkinter-0:2.7.16-6.el7
  • python-0:2.7.5-86.el7
  • python-debug-0:2.7.5-86.el7
  • python-debuginfo-0:2.7.5-86.el7
  • python-devel-0:2.7.5-86.el7
  • python-libs-0:2.7.5-86.el7
  • python-test-0:2.7.5-86.el7
  • python-tools-0:2.7.5-86.el7
  • tkinter-0:2.7.5-86.el7
  • Cython-debugsource-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • PyYAML-debugsource-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • babel-0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
  • numpy-debugsource-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python-coverage-debugsource-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python-lxml-debugsource-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python-nose-docs-0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-debugsource-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-psycopg2-doc-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python-pymongo-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python-pymongo-debugsource-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python-sqlalchemy-doc-0:1.3.2-1.module+el8.1.0+2994+98e054d6
  • python2-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-Cython-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • python2-Cython-debuginfo-0:0.28.1-7.module+el8.1.0+3111+de3f2d8e
  • python2-PyMySQL-0:0.8.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-attrs-0:17.4.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-babel-0:2.5.1-9.module+el8.1.0+3111+de3f2d8e
  • python2-backports-0:1.0-15.module+el8.1.0+3111+de3f2d8e
  • python2-backports-ssl_match_hostname-0:3.5.0.1-11.module+el8.1.0+3111+de3f2d8e
  • python2-bson-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-bson-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-chardet-0:3.0.4-10.module+el8.1.0+3111+de3f2d8e
  • python2-coverage-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python2-coverage-debuginfo-0:4.5.1-4.module+el8.1.0+3111+de3f2d8e
  • python2-debug-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-debuginfo-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-debugsource-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-devel-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-dns-0:1.15.0-10.module+el8.1.0+3111+de3f2d8e
  • python2-docs-0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
  • python2-docs-info-0:2.7.16-2.module+el8.1.0+3111+de3f2d8e
  • python2-docutils-0:0.14-12.module+el8.1.0+3111+de3f2d8e
  • python2-funcsigs-0:1.0.2-13.module+el8.1.0+3111+de3f2d8e
  • python2-idna-0:2.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-ipaddress-0:1.0.18-6.module+el8.1.0+3111+de3f2d8e
  • python2-jinja2-0:2.10-8.module+el8.1.0+3111+de3f2d8e
  • python2-libs-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-lxml-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python2-lxml-debuginfo-0:4.2.3-3.module+el8.1.0+3111+de3f2d8e
  • python2-markupsafe-0:0.23-19.module+el8.1.0+3111+de3f2d8e
  • python2-mock-0:2.0.0-13.module+el8.1.0+3111+de3f2d8e
  • python2-nose-0:1.3.7-30.module+el8.1.0+3111+de3f2d8e
  • python2-numpy-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-debuginfo-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-doc-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-numpy-f2py-1:1.14.2-13.module+el8.1.0+3323+7ac3e00f
  • python2-pip-0:9.0.3-14.module+el8.1.0+3446+c3d52da3
  • python2-pip-wheel-0:9.0.3-14.module+el8.1.0+3446+c3d52da3
  • python2-pluggy-0:0.6.0-8.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debug-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debug-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-debuginfo-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-psycopg2-tests-0:2.7.5-7.module+el8.1.0+3111+de3f2d8e
  • python2-py-0:1.5.3-6.module+el8.1.0+3111+de3f2d8e
  • python2-pygments-0:2.2.0-20.module+el8.1.0+3111+de3f2d8e
  • python2-pymongo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pymongo-debuginfo-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pymongo-gridfs-0:3.6.1-11.module+el8.1.0+3446+c3d52da3
  • python2-pysocks-0:1.6.8-6.module+el8.1.0+3111+de3f2d8e
  • python2-pytest-0:3.4.2-13.module+el8.1.0+3111+de3f2d8e
  • python2-pytest-mock-0:1.9.0-4.module+el8.1.0+3111+de3f2d8e
  • python2-pytz-0:2017.2-12.module+el8.1.0+3111+de3f2d8e
  • python2-pyyaml-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • python2-pyyaml-debuginfo-0:3.12-16.module+el8.1.0+3111+de3f2d8e
  • python2-requests-0:2.20.0-2.module+el8.1.0+3111+de3f2d8e
  • python2-rpm-macros-0:3-38.module+el8.1.0+3111+de3f2d8e
  • python2-scipy-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • python2-scipy-debuginfo-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • python2-setuptools-0:39.0.1-11.module+el8.1.0+3446+c3d52da3
  • python2-setuptools-wheel-0:39.0.1-11.module+el8.1.0+3446+c3d52da3
  • python2-setuptools_scm-0:1.15.7-6.module+el8.1.0+3111+de3f2d8e
  • python2-six-0:1.11.0-5.module+el8.1.0+3111+de3f2d8e
  • python2-sqlalchemy-0:1.3.2-1.module+el8.1.0+2994+98e054d6
  • python2-test-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-tkinter-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-tools-0:2.7.16-12.module+el8.1.0+4148+33a50073
  • python2-urllib3-0:1.24.2-1.module+el8.1.0+3280+19512f10
  • python2-virtualenv-0:15.1.0-19.module+el8.1.0+3507+d69c168d
  • python2-wheel-1:0.31.1-2.module+el8.1.0+3725+aac5cd17
  • python2-wheel-wheel-1:0.31.1-2.module+el8.1.0+3725+aac5cd17
  • scipy-debugsource-0:1.0.0-20.module+el8.1.0+3323+7ac3e00f
  • platform-python-0:3.6.8-15.1.el8
  • platform-python-debug-0:3.6.8-15.1.el8
  • platform-python-devel-0:3.6.8-15.1.el8
  • python3-debuginfo-0:3.6.8-15.1.el8
  • python3-debugsource-0:3.6.8-15.1.el8
  • python3-idle-0:3.6.8-15.1.el8
  • python3-libs-0:3.6.8-15.1.el8
  • python3-test-0:3.6.8-15.1.el8
  • python3-tkinter-0:3.6.8-15.1.el8
  • python-0:2.7.5-74.el7_5
  • python-debug-0:2.7.5-74.el7_5
  • python-debuginfo-0:2.7.5-74.el7_5
  • python-devel-0:2.7.5-74.el7_5
  • python-libs-0:2.7.5-74.el7_5
  • python-test-0:2.7.5-74.el7_5
  • python-tools-0:2.7.5-74.el7_5
  • tkinter-0:2.7.5-74.el7_5
  • python-0:2.7.5-63.el7_4
  • python-debug-0:2.7.5-63.el7_4
  • python-debuginfo-0:2.7.5-63.el7_4
  • python-devel-0:2.7.5-63.el7_4
  • python-libs-0:2.7.5-63.el7_4
  • python-test-0:2.7.5-63.el7_4
  • python-tools-0:2.7.5-63.el7_4
  • tkinter-0:2.7.5-63.el7_4
  • python-0:2.7.5-83.el7_6
  • python-debug-0:2.7.5-83.el7_6
  • python-debuginfo-0:2.7.5-83.el7_6
  • python-devel-0:2.7.5-83.el7_6
  • python-libs-0:2.7.5-83.el7_6
  • python-test-0:2.7.5-83.el7_6
  • python-tools-0:2.7.5-83.el7_6
  • tkinter-0:2.7.5-83.el7_6

References