Test ID:	1.3.6.1.4.1.25623.1.0.844197
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4151-1)
Summary:	The remote host is missing an update for the 'python2.7, python3.5, python3.6, python3.7' package(s) announced via the USN-4151-1 advisory.
Description:	Summary: The remote host is missing an update for the 'python2.7, python3.5, python3.6, python3.7' package(s) announced via the USN-4151-1 advisory. Vulnerability Insight: It was discovered that Python incorrectly parsed certain email addresses. A remote attacker could possibly use this issue to trick Python applications into accepting email addresses that should be denied. (CVE-2019-16056) It was discovered that the Python documentation XML-RPC server incorrectly handled certain fields. A remote attacker could use this issue to execute a cross-site scripting (XSS) attack. (CVE-2019-16935) Affected Software/OS: 'python2.7, python3.5, python3.6, python3.7' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.04. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-16056 https://security.netapp.com/advisory/ntap-20190926-0005/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K7HNVIFMETMFWWWUNTB72KYJYXCZOS5V/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QP46PQSUKYPGWTADQ67NOV3BUN6JM34Z/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E2HP37NUVLQSBW3J735A2DQDOZ4ZGBLY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K4KZEFP6E4YPYB52AF4WXCUDSGQOTF37/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NF3DRDGMVIRYNZMSLJIHNW47HOUQYXVG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ER6LONC2B2WYIO56GBQUDU6QTWZDPUNQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBTGPBUABGXZ7WH7677OEM3NSP6ZEA76/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/COATURTCY7G67AYI6UDV5B2JZTBCKIDX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QASRD4E2G65GGEHYKVHYCXB2XWAGTNL4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDQQ56P7ZZR64XV5DUVWNSNXKKEXUG2J/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M34WOYCDKTDE5KLUACE2YIEH7D37KHRX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCPGLTTOBB3QEARDX4JOYURP6ELNNA2V/ https://bugs.python.org/issue34155 https://github.com/python/cpython/commit/8cb65d1381b027f0b09ee36bfed7f35bb4dec9a9 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/09/msg00018.html https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html RedHat Security Advisories: RHSA-2019:3725 https://access.redhat.com/errata/RHSA-2019:3725 RedHat Security Advisories: RHSA-2019:3948 https://access.redhat.com/errata/RHSA-2019:3948 SuSE Security Announcement: openSUSE-SU-2019:2389 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00062.html SuSE Security Announcement: openSUSE-SU-2019:2393 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html SuSE Security Announcement: openSUSE-SU-2019:2438 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:2453 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00021.html SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://usn.ubuntu.com/4151-1/ https://usn.ubuntu.com/4151-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-16935 https://security.netapp.com/advisory/ntap-20191017-0004/ https://bugs.python.org/issue38243 https://github.com/python/cpython/blob/35c0809158be7feae4c4f877a08b93baea2d8291/Lib/xmlrpc/server.py#L897 https://github.com/python/cpython/blob/e007860b8b3609ce0bc62b1780efaa06241520bd/Lib/DocXMLRPCServer.py#L213 https://github.com/python/cpython/pull/16373 https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.