ID de Prueba:	1.3.6.1.4.1.25623.1.1.2.2025.1280
Categoría:	Huawei EulerOS Local Security Checks
Título:	Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1280)
Resumen:	The remote host is missing an update for the Huawei EulerOS 'python3' package(s) announced via the EulerOS-SA-2025-1280 advisory.
Descripción:	Summary: The remote host is missing an update for the Huawei EulerOS 'python3' package(s) announced via the EulerOS-SA-2025-1280 advisory. Vulnerability Insight: The 'ipaddress' module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as 'globally reachable' or 'private'. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn't be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.(CVE-2024-4032) A defect was discovered in the Python 'ssl' module where there is a memory race condition with the ssl.SSLContext methods 'cert_store_stats()' and 'get_ca_certs()'. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext,such as during the TLS handshake with a certificate directory configured.This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.(CVE-2024-0397) Affected Software/OS: 'python3' package(s) on Huawei EulerOS V2.0SP9. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-0397 https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524 https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286 https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab https://github.com/python/cpython/issues/114572 https://github.com/python/cpython/pull/114573 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ http://www.openwall.com/lists/oss-security/2024/06/17/2 Common Vulnerability Exposure (CVE) ID: CVE-2024-4032 https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8 https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3 https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906 https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3 https://github.com/python/cpython/issues/113171 https://github.com/python/cpython/pull/113179 https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/ https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml http://www.openwall.com/lists/oss-security/2024/06/17/3
Copyright	Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.