English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2024.6928.1
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-6928-1)
Summary:The remote host is missing an update for the 'python3.8, python3.10' package(s) announced via the USN-6928-1 advisory.
Description:Summary:
The remote host is missing an update for the 'python3.8, python3.10' package(s) announced via the USN-6928-1 advisory.

Vulnerability Insight:
It was discovered that the Python ssl module contained a memory race
condition when handling the APIs to obtain the CA certificates and
certificate store statistics. This could possibly result in applications
obtaining wrong results, leading to various SSL issues. (CVE-2024-0397)

It was discovered that the Python ipaddress module contained incorrect
information about which IP address ranges were considered 'private' or
'globally reachable'. This could possibly result in applications applying
incorrect security policies. (CVE-2024-4032)

Affected Software/OS:
'python3.8, python3.10' package(s) on Ubuntu 20.04, Ubuntu 22.04.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2024-0397
https://github.com/python/cpython/commit/01c37f1d0714f5822d34063ca7180b595abf589d
https://github.com/python/cpython/commit/29c97287d205bf2f410f4895ebce3f43b5160524
https://github.com/python/cpython/commit/37324b421b72b7bc9934e27aba85d48d4773002e
https://github.com/python/cpython/commit/542f3272f56f31ed04e74c40635a913fbc12d286
https://github.com/python/cpython/commit/b228655c227b2ca298a8ffac44d14ce3d22f6faa
https://github.com/python/cpython/commit/bce693111bff906ccf9281c22371331aaff766ab
https://github.com/python/cpython/issues/114572
https://github.com/python/cpython/pull/114573
https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/
http://www.openwall.com/lists/oss-security/2024/06/17/2
Common Vulnerability Exposure (CVE) ID: CVE-2024-4032
https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8
https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f
https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3
https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb
https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906
https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3
https://github.com/python/cpython/issues/113171
https://github.com/python/cpython/pull/113179
https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
http://www.openwall.com/lists/oss-security/2024/06/17/3
CopyrightCopyright (C) 2024 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.