Test ID:	1.3.6.1.4.1.25623.1.1.10.2016.0230
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2016-0230)
Summary:	The remote host is missing an update for the 'python, python3' package(s) announced via the MGASA-2016-0230 advisory.
Description:	Summary: The remote host is missing an update for the 'python, python3' package(s) announced via the MGASA-2016-0230 advisory. Vulnerability Insight: Updated python and python3 packages fixes security vulnerability: - Heap overflow in zipimporter module (CVE-2016-5636). - HTTP header injection in urrlib2/urllib/httplib/http.client (CVE-2016-5699). - smtplib StartTLS stripping attack (CVE-2016-0772). Affected Software/OS: 'python, python3' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-0772 91225 http://www.securityfocus.com/bid/91225 GLSA-201701-18 https://security.gentoo.org/glsa/201701-18 RHSA-2016:1626 http://rhn.redhat.com/errata/RHSA-2016-1626.html RHSA-2016:1627 http://rhn.redhat.com/errata/RHSA-2016-1627.html RHSA-2016:1628 http://rhn.redhat.com/errata/RHSA-2016-1628.html RHSA-2016:1629 http://rhn.redhat.com/errata/RHSA-2016-1629.html RHSA-2016:1630 http://rhn.redhat.com/errata/RHSA-2016-1630.html [debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html [oss-security] 20160614 Python CVE-2016-0772: smtplib StartTLS stripping attack http://www.openwall.com/lists/oss-security/2016/06/14/9 http://www.splunk.com/view/SP-CAAAPSV http://www.splunk.com/view/SP-CAAAPUE https://bugzilla.redhat.com/show_bug.cgi?id=1303647 https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5 https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2 https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS https://hg.python.org/cpython/rev/b3ce713fb9be https://hg.python.org/cpython/rev/d590114c2394 openSUSE-SU-2020:0086 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html Common Vulnerability Exposure (CVE) ID: CVE-2016-5636 BugTraq ID: 91247 http://www.securityfocus.com/bid/91247 http://www.openwall.com/lists/oss-security/2016/06/15/15 http://www.openwall.com/lists/oss-security/2016/06/16/1 RedHat Security Advisories: RHSA-2016:2586 http://rhn.redhat.com/errata/RHSA-2016-2586.html http://www.securitytracker.com/id/1038138 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2016-5699 91226 http://www.securityfocus.com/bid/91226 [oss-security] 20160614 CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client http://www.openwall.com/lists/oss-security/2016/06/14/7 [oss-security] 20160615 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client http://www.openwall.com/lists/oss-security/2016/06/15/12 [oss-security] 20160616 Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client http://www.openwall.com/lists/oss-security/2016/06/16/2 http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-4 https://hg.python.org/cpython/raw-file/v2.7.10/Misc/NEWS https://hg.python.org/cpython/rev/1c45047c5102 https://hg.python.org/cpython/rev/bf3e1c9b80e9
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.