Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0249)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2020.0249

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2020-0249)

Zusammenfassung: The remote host is missing an update for the 'python-typed-ast' package(s) announced via the MGASA-2020-0249 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'python-typed-ast' package(s) announced via the MGASA-2020-0249 advisory.

Vulnerability Insight:
Updated python-typed-ast package fixes security vulnerabilities:

typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds
read. An attacker with the ability to cause a Python interpreter to
parse Python source (but not necessarily execute it) may be able to crash
the interpreter process. This could be a concern, for example, in a
web-based service that parses (but does not execute) Python code
(CVE-2019-19274).

typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An
attacker with the ability to cause a Python interpreter to parse Python
source but not necessarily execute it) may be able to crash the
interpreter process. This could be a concern, for example, in a web-based
service that parses (but does not execute) Python code (CVE-2019-19275).

Affected Software/OS:
'python-typed-ast' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-19274
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA/
https://bugs.python.org/issue36495
https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e
https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c
https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce
https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b
Common Vulnerability Exposure (CVE) ID: CVE-2019-19275

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0249
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0249)
Zusammenfassung:	The remote host is missing an update for the 'python-typed-ast' package(s) announced via the MGASA-2020-0249 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'python-typed-ast' package(s) announced via the MGASA-2020-0249 advisory. Vulnerability Insight: Updated python-typed-ast package fixes security vulnerabilities: typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code (CVE-2019-19274). typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code (CVE-2019-19275). Affected Software/OS: 'python-typed-ast' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-19274 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LG5H4Q6LFVRX7SFXLBEJMNQFI4T5SCEA/ https://bugs.python.org/issue36495 https://github.com/python/cpython/commit/a4d78362397fc3bced6ea80fbc7b5f4827aec55e https://github.com/python/cpython/commit/dcfcd146f8e6fc5c2fc16a4c192a0c5f5ca8c53c https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b Common Vulnerability Exposure (CVE) ID: CVE-2019-19275
Copyright	Copyright (C) 2022 Greenbone AG