Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2014.25
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-25-1)
Summary:	The remote host is missing an update for the Debian 'python2.6' package(s) announced via the DLA-25-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'python2.6' package(s) announced via the DLA-25-1 advisory. Vulnerability Insight: A regression has been identified in the python2.6 update of DLA-25-1, which may cause python applications to abort if they were running during the upgrade but they had not already imported the 'os' module, and do so after the upgrade. This update fixes this upgrade scenario. For reference, the original advisory text follows. Multiple vulnerabilities were discovered in python2.6. The more relevant are: CVE-2013-4238 Incorrect handling of NUL bytes in certificate hostnames may allow server spoofing via specially-crafted certificates signed by a trusted Certification Authority. CVE-2014-1912 Buffer overflow in socket.recvfrom_into leading to application crash and possibly code execution. For Debian 6 Squeeze, these issues have been fixed in python2.6 version 2.6.6-8+deb6u2 Affected Software/OS: 'python2.6' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1015 1025489 http://securitytracker.com/id?1025489 46541 http://www.securityfocus.com/bid/46541 50858 http://secunia.com/advisories/50858 51024 http://secunia.com/advisories/51024 51040 http://secunia.com/advisories/51040 MDVSA-2011:096 http://www.mandriva.com/security/advisories?name=MDVSA-2011:096 USN-1596-1 http://www.ubuntu.com/usn/USN-1596-1 USN-1613-1 http://www.ubuntu.com/usn/USN-1613-1 USN-1613-2 http://www.ubuntu.com/usn/USN-1613-2 [oss-security] 20110223 CVE request: Information disclosure in CGIHTTPServer from Python http://openwall.com/lists/oss-security/2011/02/23/27 [oss-security] 20110224 Re: CVE request: Information disclosure in CGIHTTPServer from Python http://openwall.com/lists/oss-security/2011/02/24/10 http://bugs.python.org/issue2254 http://hg.python.org/cpython/rev/c6c4398293bd/ http://svn.python.org/view?view=revision&revision=71303 https://bugzilla.redhat.com/show_bug.cgi?id=680094 Common Vulnerability Exposure (CVE) ID: CVE-2011-1521 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://openwall.com/lists/oss-security/2011/03/24/5 http://openwall.com/lists/oss-security/2011/03/28/2 http://openwall.com/lists/oss-security/2011/09/11/1 http://openwall.com/lists/oss-security/2011/09/13/2 http://openwall.com/lists/oss-security/2011/09/15/5 http://securitytracker.com/id?1025488 SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.ubuntu.com/usn/USN-1592-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-4940 54083 http://www.securityfocus.com/bid/54083 JVN#51176027 http://jvn.jp/en/jp/JVN51176027/index.html JVNDB-2012-000063 http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063 USN-1592-1 http://bugs.python.org/issue11442 https://bugzilla.redhat.com/show_bug.cgi?id=803500 Common Vulnerability Exposure (CVE) ID: CVE-2011-4944 51087 http://secunia.com/advisories/51087 51089 http://secunia.com/advisories/51089 APPLE-SA-2013-10-22-3 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html USN-1615-1 http://www.ubuntu.com/usn/USN-1615-1 USN-1616-1 http://www.ubuntu.com/usn/USN-1616-1 [oss-security] 20120327 CVE request: distutils creates ~/.pypirc insecurely http://www.openwall.com/lists/oss-security/2012/03/27/2 [oss-security] 20120327 Re: CVE request: distutils creates ~/.pypirc insecurely http://www.openwall.com/lists/oss-security/2012/03/27/10 http://www.openwall.com/lists/oss-security/2012/03/27/5 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555 http://bugs.python.org/file23824/pypirc-secure.diff http://bugs.python.org/issue13512 https://bugzilla.redhat.com/show_bug.cgi?id=758905 openSUSE-SU-2020:0086 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html Common Vulnerability Exposure (CVE) ID: CVE-2012-0845 http://www.openwall.com/lists/oss-security/2012/02/13/4 http://www.securitytracker.com/id?1026689 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) Common Vulnerability Exposure (CVE) ID: CVE-2012-1150 [oss-security] 20120309 Re: CVE Request: Python Hash DoS (Issue 13703) http://www.openwall.com/lists/oss-security/2012/03/10/3 [python-dev] 20111229 Hash collision security issue (now public) http://mail.python.org/pipermail/python-dev/2011-December/115116.html [python-dev] 20120128 plugging the hash attack http://mail.python.org/pipermail/python-dev/2012-January/115892.html http://bugs.python.org/issue13703 http://python.org/download/releases/2.6.8/ http://python.org/download/releases/2.7.3/ http://python.org/download/releases/3.1.5/ http://python.org/download/releases/3.2.3/ https://bugzilla.redhat.com/show_bug.cgi?id=750555 Common Vulnerability Exposure (CVE) ID: CVE-2013-4238 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities http://seclists.org/fulldisclosure/2014/Dec/23 http://www.securityfocus.com/archive/1/534161/100/0/threaded DSA-2880 http://www.debian.org/security/2014/dsa-2880 RHSA-2013:1582 http://rhn.redhat.com/errata/RHSA-2013-1582.html USN-1982-1 http://www.ubuntu.com/usn/USN-1982-1 http://bugs.python.org/issue18709 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=996381 openSUSE-SU-2013:1437 http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html openSUSE-SU-2013:1438 http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html openSUSE-SU-2013:1439 http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html openSUSE-SU-2013:1440 http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html openSUSE-SU-2013:1462 http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html openSUSE-SU-2013:1463 http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1912 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html BugTraq ID: 65379 http://www.securityfocus.com/bid/65379 Debian Security Information: DSA-2880 (Google Search) http://www.exploit-db.com/exploits/31875 https://security.gentoo.org/glsa/201503-10 http://pastebin.com/raw.php?i=GHXSmNEg https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/ http://www.openwall.com/lists/oss-security/2014/02/12/16 RedHat Security Advisories: RHSA-2015:1064 http://rhn.redhat.com/errata/RHSA-2015-1064.html RedHat Security Advisories: RHSA-2015:1330 http://rhn.redhat.com/errata/RHSA-2015-1330.html http://www.securitytracker.com/id/1029831 SuSE Security Announcement: openSUSE-SU-2014:0518 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html SuSE Security Announcement: openSUSE-SU-2014:0597 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html http://www.ubuntu.com/usn/USN-2125-1
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.