Test ID:	1.3.6.1.4.1.25623.1.1.13.2024.080.01
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2024-080-01)
Summary:	The remote host is missing an update for the 'python3' package(s) announced via the SSA:2024-080-01 advisory.
Description:	Summary: The remote host is missing an update for the 'python3' package(s) announced via the SSA:2024-080-01 advisory. Vulnerability Insight: New python3 packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/python3-3.9.19-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: bundled libexpat was updated to 2.6.0. zipfile is now protected from the 'quoted-overlap' zipbomb. tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when working around file system permission errors. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'python3' package(s) on Slackware 15.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-52425 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/ https://github.com/libexpat/libexpat/pull/789 https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html http://www.openwall.com/lists/oss-security/2024/03/20/5 Common Vulnerability Exposure (CVE) ID: CVE-2023-6597 https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25 https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5 https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82 https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b https://github.com/python/cpython/issues/91133 https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/ https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/ Common Vulnerability Exposure (CVE) ID: CVE-2024-0450 https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675 https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b https://github.com/python/cpython/issues/109858 https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ https://www.bamsoftware.com/hacks/zipbomb/
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.