Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0435)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2021.0435

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2021-0435)

Resumen: The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2021-0435 advisory.

Descripción: Summary:
The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2021-0435 advisory.

Vulnerability Insight:
bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to
avoid a potential race condition.

bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to
get the fix for the CVE-2013-0340 'Billion Laughs' vulnerability. This
copy is most used on Windows and macOS.

bpo-43124: Made the internal putcmd function in smtplib sanitize input for
presence of \r and \n characters to avoid (unlikely) command injection.

bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4
address strings. Leading zeros are ambiguous and interpreted as octal
notation by some libraries. For example the legacy function
socket.inet_aton() treats leading zeros as octal notation. glibc
implementation of modern inet_pton() does not accept any leading zeros.
For a while the ipaddress module used to accept ambiguous leading zeros.

It was discovered that Python incorrectly handled certain RFCs.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 ESM. (CVE-2021-3733)

It was discovered that Python incorrectly handled certain
server responses. An attacker could possibly use this issue to
cause a denial of service. (CVE-2021-3737)

Affected Software/OS:
'python3' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-3733
https://bugs.python.org/issue43075
https://bugzilla.redhat.com/show_bug.cgi?id=1995234
https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb
https://github.com/python/cpython/pull/24391
https://ubuntu.com/security/CVE-2021-3733
https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
Common Vulnerability Exposure (CVE) ID: CVE-2021-3737
https://security.netapp.com/advisory/ntap-20220407-0009/
https://bugs.python.org/issue44022
https://bugzilla.redhat.com/show_bug.cgi?id=1995162
https://github.com/python/cpython/pull/25916
https://github.com/python/cpython/pull/26503
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
https://ubuntu.com/security/CVE-2021-3737
https://www.oracle.com/security-alerts/cpujul2022.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0435
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0435)
Resumen:	The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2021-0435 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2021-0435 advisory. Vulnerability Insight: bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition. bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 'Billion Laughs' vulnerability. This copy is most used on Windows and macOS. bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection. bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros. It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2021-3733) It was discovered that Python incorrectly handled certain server responses. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3737) Affected Software/OS: 'python3' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-3733 https://bugs.python.org/issue43075 https://bugzilla.redhat.com/show_bug.cgi?id=1995234 https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb https://github.com/python/cpython/pull/24391 https://ubuntu.com/security/CVE-2021-3733 https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3737 https://security.netapp.com/advisory/ntap-20220407-0009/ https://bugs.python.org/issue44022 https://bugzilla.redhat.com/show_bug.cgi?id=1995162 https://github.com/python/cpython/pull/25916 https://github.com/python/cpython/pull/26503 https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html https://ubuntu.com/security/CVE-2021-3737 https://www.oracle.com/security-alerts/cpujul2022.html
Copyright	Copyright (C) 2022 Greenbone AG