Test ID:	1.3.6.1.4.1.25623.1.1.18.2.2024.1009.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2024:1009-1)
Summary:	The remote host is missing an update for the 'python39' package(s) announced via the SUSE-SU-2024:1009-1 advisory.
Description:	Summary: The remote host is missing an update for the 'python39' package(s) announced via the SUSE-SU-2024:1009-1 advisory. Vulnerability Insight: This update for python39 fixes the following issues: - CVE-2023-52425: Fixed denial of service (resource consumption) caused by processing large tokens in expat (bsc#1219559). - CVE-2023-6597: Fixed symlink race condition in tempfile.TemporaryDirectory (bsc#1219666). - CVE-2024-0450: Fixed 'quoted-overlap' in zipfile module (bsc#1221854). The following non-security bugs were fixed: - Use the system-wide crypto-policies (bsc#1211301). Affected Software/OS: 'python39' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-52425 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/ https://github.com/libexpat/libexpat/pull/789 https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html http://www.openwall.com/lists/oss-security/2024/03/20/5 Common Vulnerability Exposure (CVE) ID: CVE-2023-6597 https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25 https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5 https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82 https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b https://github.com/python/cpython/issues/91133 https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/ https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/ Common Vulnerability Exposure (CVE) ID: CVE-2024-0450 https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675 https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b https://github.com/python/cpython/issues/109858 https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ https://www.bamsoftware.com/hacks/zipbomb/
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.