Test ID:	1.3.6.1.4.1.25623.1.0.123902
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2012-0745)
Summary:	The remote host is missing an update for the 'python' package(s) announced via the ELSA-2012-0745 advisory.
Description:	Summary: The remote host is missing an update for the 'python' package(s) announced via the ELSA-2012-0745 advisory. Vulnerability Insight: [2.4.3-46.el5_8.2] - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 [2.4.3-46.el5_8.1] - distutils.commands.register: create ~ /.pypirc securely Resolves: CVE-2011-4944 - send encoding in SimpleHTTPServer.list_directory to protect IE7 against potential XSS attacks Resolves: CVE-2011-4940 - oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types Resolves: CVE-2012-1150 Affected Software/OS: 'python' package(s) on Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4940 50858 http://secunia.com/advisories/50858 51024 http://secunia.com/advisories/51024 51040 http://secunia.com/advisories/51040 54083 http://www.securityfocus.com/bid/54083 JVN#51176027 http://jvn.jp/en/jp/JVN51176027/index.html JVNDB-2012-000063 http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063 USN-1592-1 http://www.ubuntu.com/usn/USN-1592-1 USN-1596-1 http://www.ubuntu.com/usn/USN-1596-1 USN-1613-1 http://www.ubuntu.com/usn/USN-1613-1 USN-1613-2 http://www.ubuntu.com/usn/USN-1613-2 http://bugs.python.org/issue11442 https://bugzilla.redhat.com/show_bug.cgi?id=803500 Common Vulnerability Exposure (CVE) ID: CVE-2011-4944 51087 http://secunia.com/advisories/51087 51089 http://secunia.com/advisories/51089 APPLE-SA-2013-10-22-3 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html USN-1615-1 http://www.ubuntu.com/usn/USN-1615-1 USN-1616-1 http://www.ubuntu.com/usn/USN-1616-1 [oss-security] 20120327 CVE request: distutils creates ~/.pypirc insecurely http://www.openwall.com/lists/oss-security/2012/03/27/2 [oss-security] 20120327 Re: CVE request: distutils creates ~/.pypirc insecurely http://www.openwall.com/lists/oss-security/2012/03/27/10 http://www.openwall.com/lists/oss-security/2012/03/27/5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555 http://bugs.python.org/file23824/pypirc-secure.diff http://bugs.python.org/issue13512 https://bugzilla.redhat.com/show_bug.cgi?id=758905 openSUSE-SU-2020:0086 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html Common Vulnerability Exposure (CVE) ID: CVE-2012-1150 [oss-security] 20120309 Re: CVE Request: Python Hash DoS (Issue 13703) http://www.openwall.com/lists/oss-security/2012/03/10/3 [python-dev] 20111229 Hash collision security issue (now public) http://mail.python.org/pipermail/python-dev/2011-December/115116.html [python-dev] 20120128 plugging the hash attack http://mail.python.org/pipermail/python-dev/2012-January/115892.html http://bugs.python.org/issue13703 http://python.org/download/releases/2.6.8/ http://python.org/download/releases/2.7.3/ http://python.org/download/releases/3.1.5/ http://python.org/download/releases/3.2.3/ https://bugzilla.redhat.com/show_bug.cgi?id=750555
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.