Test ID:	1.3.6.1.4.1.25623.1.1.10.2018.0495
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2018-0495)
Summary:	The remote host is missing an update for the 'python' package(s) announced via the MGASA-2018-0495 advisory.
Description:	Summary: The remote host is missing an update for the 'python' package(s) announced via the MGASA-2018-0495 advisory. Vulnerability Insight: Possible denial of service vulnerability due to a missing check in Lib/wave.py to verify that at least one channel is provided (CVE-2017-18207). Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM (CVE-2018-14647). It was discovered that the shutil module of python does not properly sanitize input when creating a zip file on Windows. An attacker could use this flaw to cause a denial of service or add unintended files to the generated archive (CVE-2018-1000802). Affected Software/OS: 'python' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-18207 https://bugs.python.org/issue32056 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html Common Vulnerability Exposure (CVE) ID: CVE-2018-1000802 Debian Security Information: DSA-4306 (Google Search) https://www.debian.org/security/2018/dsa-4306 https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html https://lists.debian.org/debian-lts-announce/2018/09/msg00031.html https://usn.ubuntu.com/3817-1/ https://usn.ubuntu.com/3817-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-14647 BugTraq ID: 105396 http://www.securityfocus.com/bid/105396 Debian Security Information: DSA-4307 (Google Search) https://www.debian.org/security/2018/dsa-4307 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBJCB2HWOJLP3L7CUQHJHNBHLSVOXJE5/ https://bugs.python.org/issue34623 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html https://lists.debian.org/debian-lts-announce/2019/06/msg00023.html RedHat Security Advisories: RHSA-2019:1260 https://access.redhat.com/errata/RHSA-2019:1260 RedHat Security Advisories: RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:2030 RedHat Security Advisories: RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3725 http://www.securitytracker.com/id/1041740
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.