ID de Prueba:	1.3.6.1.4.1.25623.1.0.882919
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for python CESA-2018:2123 centos7
Resumen:	Check the version of python
Descripción:	Summary: Check the version of python Vulnerability Insight: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note: This update modifies the Python ssl module to disable 3DES cipher suites by default. Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters. Affected Software/OS: python on CentOS 7 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2183 1036696 http://www.securitytracker.com/id/1036696 20161207 [security bulletin] HPSBHF03674 rev.1 HPE Comware 5 and Comware 7 Network Products using SSL/TLS, Remote Disclosure of Information http://www.securityfocus.com/archive/1/539885/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/539885/100/0/threaded 20170214 [security bulletin] HPESBGN03697 rev.1 - HPE Business Service Management (BSM), Remote Disclosure of Information http://www.securityfocus.com/archive/1/archive/1/540129/100/0/threaded 20170329 [security bulletin] HPESBUX03725 rev.1 - HPE HP-UX Web Server Suite running Apache, Multiple Vulnerabilities http://www.securityfocus.com/archive/1/540341/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/540341/100/0/threaded 20170529 SSD Advisory - IBM Informix Dynamic Server and Informix Open Admin Tool Multiple Vulnerabilities http://seclists.org/fulldisclosure/2017/May/105 20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities http://seclists.org/fulldisclosure/2017/Jul/31 20170831 [security bulletin] HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information http://www.securityfocus.com/archive/1/541104/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/541104/100/0/threaded 20180510 [security bulletin] MFSBGN03805 - HP Service Manager, Remote Disclosure of Information http://www.securityfocus.com/archive/1/542005/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/542005/100/0/threaded 20181113 [security bulletin] MFSBGN03831 rev. - Service Management Automation, remote disclosure of information https://seclists.org/bugtraq/2018/Nov/21 42091 https://www.exploit-db.com/exploits/42091/ 92630 http://www.securityfocus.com/bid/92630 95568 http://www.securityfocus.com/bid/95568 DSA-3673 http://www.debian.org/security/2016/dsa-3673 GLSA-201612-16 https://security.gentoo.org/glsa/201612-16 GLSA-201701-65 https://security.gentoo.org/glsa/201701-65 GLSA-201707-01 https://security.gentoo.org/glsa/201707-01 RHSA-2017:0336 http://rhn.redhat.com/errata/RHSA-2017-0336.html RHSA-2017:0337 http://rhn.redhat.com/errata/RHSA-2017-0337.html RHSA-2017:0338 http://rhn.redhat.com/errata/RHSA-2017-0338.html RHSA-2017:0462 http://rhn.redhat.com/errata/RHSA-2017-0462.html RHSA-2017:1216 https://access.redhat.com/errata/RHSA-2017:1216 RHSA-2017:2708 https://access.redhat.com/errata/RHSA-2017:2708 RHSA-2017:2709 https://access.redhat.com/errata/RHSA-2017:2709 RHSA-2017:2710 https://access.redhat.com/errata/RHSA-2017:2710 RHSA-2017:3113 https://access.redhat.com/errata/RHSA-2017:3113 RHSA-2017:3114 https://access.redhat.com/errata/RHSA-2017:3114 RHSA-2017:3239 https://access.redhat.com/errata/RHSA-2017:3239 RHSA-2017:3240 https://access.redhat.com/errata/RHSA-2017:3240 RHSA-2018:2123 https://access.redhat.com/errata/RHSA-2018:2123 RHSA-2019:1245 https://access.redhat.com/errata/RHSA-2019:1245 RHSA-2019:2859 https://access.redhat.com/errata/RHSA-2019:2859 RHSA-2020:0451 https://access.redhat.com/errata/RHSA-2020:0451 SUSE-SU-2016:2387 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html SUSE-SU-2016:2394 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html SUSE-SU-2016:2458 http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html SUSE-SU-2016:2468 http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html SUSE-SU-2016:2469 http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html SUSE-SU-2016:2470 http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html SUSE-SU-2017:0346 http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00068.html SUSE-SU-2017:0460 http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00023.html SUSE-SU-2017:0490 http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00028.html SUSE-SU-2017:1444 http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00076.html SUSE-SU-2017:2699 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html SUSE-SU-2017:2700 http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html USN-3087-1 http://www.ubuntu.com/usn/USN-3087-1 USN-3087-2 http://www.ubuntu.com/usn/USN-3087-2 USN-3179-1 http://www.ubuntu.com/usn/USN-3179-1 USN-3194-1 http://www.ubuntu.com/usn/USN-3194-1 USN-3198-1 http://www.ubuntu.com/usn/USN-3198-1 USN-3270-1 http://www.ubuntu.com/usn/USN-3270-1 USN-3372-1 http://www.ubuntu.com/usn/USN-3372-1 [tls] 20091120 RC4+3DES rekeying - long-lived TLS connections https://www.ietf.org/mail-archive/web/tls/current/msg04560.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697 http://www-01.ibm.com/support/docview.wss?uid=swg21991482 http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html http://www.splunk.com/view/SP-CAAAPSV http://www.splunk.com/view/SP-CAAAPUE https://access.redhat.com/articles/2548661 https://access.redhat.com/security/cve/cve-2016-2183 https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/ https://bto.bluecoat.com/security-advisory/sa133 https://bugzilla.redhat.com/show_bug.cgi?id=1369383 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05302448 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369403 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05369415 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05385680 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390722 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c05390849 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 https://kc.mcafee.com/corporate/index?page=content&id=SB10171 https://kc.mcafee.com/corporate/index?page=content&id=SB10186 https://kc.mcafee.com/corporate/index?page=content&id=SB10197 https://kc.mcafee.com/corporate/index?page=content&id=SB10215 https://kc.mcafee.com/corporate/index?page=content&id=SB10310 https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/ https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ https://security.netapp.com/advisory/ntap-20160915-0001/ https://security.netapp.com/advisory/ntap-20170119-0001/ https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158613 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03286178 https://support.f5.com/csp/article/K13167034 https://sweet32.info/ https://wiki.opendaylight.org/view/Security_Advisories https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24 https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/ https://www.openssl.org/blog/blog/2016/08/24/sweet32/ https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.sigsac.org/ccs/CCS2016/accepted-papers/ https://www.tenable.com/security/tns-2016-16 https://www.tenable.com/security/tns-2016-20 https://www.tenable.com/security/tns-2016-21 https://www.tenable.com/security/tns-2017-09 https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue openSUSE-SU-2016:2391 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html openSUSE-SU-2016:2407 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html openSUSE-SU-2016:2496 http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html openSUSE-SU-2016:2537 http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html openSUSE-SU-2017:0374 http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00003.html openSUSE-SU-2017:0513 http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00032.html openSUSE-SU-2018:0458 http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Copyright	Copyright (C) 2018 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.