Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0435)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2021.0435

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2021-0435)

Zusammenfassung: The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2021-0435 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2021-0435 advisory.

Vulnerability Insight:
bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to
avoid a potential race condition.

bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to
get the fix for the CVE-2013-0340 'Billion Laughs' vulnerability. This
copy is most used on Windows and macOS.

bpo-43124: Made the internal putcmd function in smtplib sanitize input for
presence of \r and \n characters to avoid (unlikely) command injection.

bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4
address strings. Leading zeros are ambiguous and interpreted as octal
notation by some libraries. For example the legacy function
socket.inet_aton() treats leading zeros as octal notation. glibc
implementation of modern inet_pton() does not accept any leading zeros.
For a while the ipaddress module used to accept ambiguous leading zeros.

It was discovered that Python incorrectly handled certain RFCs.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 ESM. (CVE-2021-3733)

It was discovered that Python incorrectly handled certain
server responses. An attacker could possibly use this issue to
cause a denial of service. (CVE-2021-3737)

Affected Software/OS:
'python3' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2021-3733
https://bugs.python.org/issue43075
https://bugzilla.redhat.com/show_bug.cgi?id=1995234
https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb
https://github.com/python/cpython/pull/24391
https://ubuntu.com/security/CVE-2021-3733
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-3737
https://security.netapp.com/advisory/ntap-20220407-0009/
https://bugs.python.org/issue44022
https://bugzilla.redhat.com/show_bug.cgi?id=1995162
https://github.com/python/cpython/pull/25916
https://github.com/python/cpython/pull/26503
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
https://ubuntu.com/security/CVE-2021-3737
https://www.oracle.com/security-alerts/cpujul2022.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0435
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0435)
Zusammenfassung:	The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2021-0435 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2021-0435 advisory. Vulnerability Insight: bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 'Billion Laughs' vulnerability. This copy is most used on Windows and macOS. bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2021-3733) It was discovered that Python incorrectly handled certain server responses. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3737) Affected Software/OS: 'python3' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3733 https://bugs.python.org/issue43075 https://bugzilla.redhat.com/show_bug.cgi?id=1995234 https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb https://github.com/python/cpython/pull/24391 https://ubuntu.com/security/CVE-2021-3733 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3737 https://security.netapp.com/advisory/ntap-20220407-0009/ https://bugs.python.org/issue44022 https://bugzilla.redhat.com/show_bug.cgi?id=1995162 https://github.com/python/cpython/pull/25916 https://github.com/python/cpython/pull/26503 https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html https://ubuntu.com/security/CVE-2021-3737 https://www.oracle.com/security-alerts/cpujul2022.html
Copyright	Copyright (C) 2022 Greenbone AG