Test ID:	1.3.6.1.4.1.25623.1.0.840265
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-585-1)
Summary:	The remote host is missing an update for the 'python2.4, python2.5' package(s) announced via the USN-585-1 advisory.
Description:	Summary: The remote host is missing an update for the 'python2.4, python2.5' package(s) announced via the USN-585-1 advisory. Vulnerability Insight: Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script. (CVE-2007-2052) A flaw was discovered in the Python imageop module. If a script using the module could be tricked into processing a specially crafted set of arguments, a remote attacker could execute arbitrary code, or cause the application to crash. (CVE-2007-4965) Affected Software/OS: 'python2.4, python2.5' package(s) on Ubuntu 6.06, Ubuntu 6.10, Ubuntu 7.04, Ubuntu 7.10. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2052 BugTraq ID: 23887 http://www.securityfocus.com/bid/23887 Bugtraq: 20070521 FLEA-2007-0019-1: python (Google Search) http://www.securityfocus.com/archive/1/469294/30/6450/threaded Bugtraq: 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates (Google Search) http://www.securityfocus.com/archive/1/488457/100/0/threaded Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search) http://www.securityfocus.com/archive/1/507985/100/0/threaded Debian Security Information: DSA-1551 (Google Search) http://www.debian.org/security/2008/dsa-1551 Debian Security Information: DSA-1620 (Google Search) http://www.debian.org/security/2008/dsa-1620 http://www.mandriva.com/security/advisories?name=MDKSA-2007:099 http://lists.vmware.com/pipermail/security-announce/2008/000005.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353 http://www.redhat.com/support/errata/RHSA-2007-1076.html http://www.redhat.com/support/errata/RHSA-2007-1077.html http://www.redhat.com/support/errata/RHSA-2008-0629.html http://secunia.com/advisories/25190 http://secunia.com/advisories/25217 http://secunia.com/advisories/25233 http://secunia.com/advisories/25353 http://secunia.com/advisories/25787 http://secunia.com/advisories/28027 http://secunia.com/advisories/28050 http://secunia.com/advisories/29032 http://secunia.com/advisories/29303 http://secunia.com/advisories/29889 http://secunia.com/advisories/31255 http://secunia.com/advisories/31492 http://secunia.com/advisories/37471 SuSE Security Announcement: SUSE-SR:2007:013 (Google Search) http://www.novell.com/linux/security/advisories/2007_13_sr.html http://www.trustix.org/errata/2007/0019/ http://www.ubuntu.com/usn/usn-585-1 http://www.vupen.com/english/advisories/2007/1465 http://www.vupen.com/english/advisories/2008/0637 http://www.vupen.com/english/advisories/2009/3316 XForce ISS Database: python-localemodule-information-disclosure(34060) https://exchange.xforce.ibmcloud.com/vulnerabilities/34060 Common Vulnerability Exposure (CVE) ID: CVE-2007-4965 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html BugTraq ID: 25696 http://www.securityfocus.com/bid/25696 Bugtraq: 20080212 FLEA-2008-0002-1 python (Google Search) http://www.securityfocus.com/archive/1/487990/100/0/threaded Cert/CC Advisory: TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 http://www.mandriva.com/security/advisories?name=MDVSA-2008:013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496 http://secunia.com/advisories/26837 http://secunia.com/advisories/27460 http://secunia.com/advisories/27562 http://secunia.com/advisories/27872 http://secunia.com/advisories/28136 http://secunia.com/advisories/28480 http://secunia.com/advisories/28838 http://secunia.com/advisories/33937 http://secunia.com/advisories/38675 SuSE Security Announcement: SUSE-SR:2008:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://www.vupen.com/english/advisories/2007/3201 http://www.vupen.com/english/advisories/2007/4238 XForce ISS Database: python-imageop-bo(36653) https://exchange.xforce.ibmcloud.com/vulnerabilities/36653
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.