Test ID:	1.3.6.1.4.1.25623.1.1.4.2012.0565.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2012:0565-1)
Summary:	The remote host is missing an update for the 'Python' package(s) announced via the SUSE-SU-2012:0565-1 advisory.
Description:	Summary: The remote host is missing an update for the 'Python' package(s) announced via the SUSE-SU-2012:0565-1 advisory. Vulnerability Insight: The following issues have been fixed in this update: * hash randomization issues (CVE-2012-115) (see below) * SimpleHTTPServer XSS (CVE-2011-1015) * SSL BEAST vulnerability (CVE-2011-3389) The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts hashes. To enable the hash seed randomization you can either use: * pass -R to the python interpreter commandline. * set the environment variable PYTHONHASHSEED=random to enable it for programs. You can also set this environment variable to a fixed hash seed by specifying a integer value between 0 and MAX_UINT. In generally enabling this is only needed when malicious third parties can inject values into your hash tables. Security Issue reference: * CVE-2012-1150 > Affected Software/OS: 'Python' package(s) on SUSE Linux Enterprise Desktop 10-SP4, SUSE Linux Enterprise Server 10-SP4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1015 1025489 http://securitytracker.com/id?1025489 46541 http://www.securityfocus.com/bid/46541 50858 http://secunia.com/advisories/50858 51024 http://secunia.com/advisories/51024 51040 http://secunia.com/advisories/51040 MDVSA-2011:096 http://www.mandriva.com/security/advisories?name=MDVSA-2011:096 USN-1596-1 http://www.ubuntu.com/usn/USN-1596-1 USN-1613-1 http://www.ubuntu.com/usn/USN-1613-1 USN-1613-2 http://www.ubuntu.com/usn/USN-1613-2 [oss-security] 20110223 CVE request: Information disclosure in CGIHTTPServer from Python http://openwall.com/lists/oss-security/2011/02/23/27 [oss-security] 20110224 Re: CVE request: Information disclosure in CGIHTTPServer from Python http://openwall.com/lists/oss-security/2011/02/24/10 http://bugs.python.org/issue2254 http://hg.python.org/cpython/rev/c6c4398293bd/ http://svn.python.org/view?view=revision&revision=71303 https://bugzilla.redhat.com/show_bug.cgi?id=680094 Common Vulnerability Exposure (CVE) ID: CVE-2011-3389 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html BugTraq ID: 49388 http://www.securityfocus.com/bid/49388 BugTraq ID: 49778 http://www.securityfocus.com/bid/49778 Cert/CC Advisory: TA12-010A http://www.us-cert.gov/cas/techalerts/TA12-010A.html CERT/CC vulnerability note: VU#864643 http://www.kb.cert.org/vuls/id/864643 Debian Security Information: DSA-2398 (Google Search) http://www.debian.org/security/2012/dsa-2398 http://security.gentoo.org/glsa/glsa-201203-02.xml http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBMU02742 http://marc.info/?l=bugtraq&m=132872385320240&w=2 HPdes Security Advisory: HPSBMU02797 http://marc.info/?l=bugtraq&m=134254957702612&w=2 HPdes Security Advisory: HPSBMU02799 http://marc.info/?l=bugtraq&m=134254866602253&w=2 HPdes Security Advisory: HPSBMU02900 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862 HPdes Security Advisory: HPSBUX02730 http://marc.info/?l=bugtraq&m=132750579901589&w=2 HPdes Security Advisory: HPSBUX02760 http://marc.info/?l=bugtraq&m=133365109612558&w=2 HPdes Security Advisory: HPSBUX02777 http://marc.info/?l=bugtraq&m=133728004526190&w=2 HPdes Security Advisory: SSRT100710 HPdes Security Advisory: SSRT100740 HPdes Security Advisory: SSRT100805 HPdes Security Advisory: SSRT100854 HPdes Security Advisory: SSRT100867 http://www.mandriva.com/security/advisories?name=MDVSA-2012:058 http://ekoparty.org/2011/juliano-rizzo.php http://eprint.iacr.org/2004/111 http://eprint.iacr.org/2006/136 http://isc.sans.edu/diary/SSL+TLS+part+3+/11635 http://vnhacker.blogspot.com/2011/09/beast.html http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html http://www.insecure.cl/Beast-SSL.rar https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 Microsoft Security Bulletin: MS12-006 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006 http://osvdb.org/74829 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752 http://www.redhat.com/support/errata/RHSA-2011-1384.html http://www.redhat.com/support/errata/RHSA-2012-0006.html RedHat Security Advisories: RHSA-2012:0508 http://rhn.redhat.com/errata/RHSA-2012-0508.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://www.securitytracker.com/id?1025997 http://www.securitytracker.com/id?1026103 http://www.securitytracker.com/id?1026704 http://www.securitytracker.com/id/1029190 http://secunia.com/advisories/45791 http://secunia.com/advisories/47998 http://secunia.com/advisories/48256 http://secunia.com/advisories/48692 http://secunia.com/advisories/48915 http://secunia.com/advisories/48948 http://secunia.com/advisories/49198 http://secunia.com/advisories/55322 http://secunia.com/advisories/55350 http://secunia.com/advisories/55351 SuSE Security Announcement: SUSE-SU-2012:0114 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html SuSE Security Announcement: SUSE-SU-2012:0122 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search) https://hermes.opensuse.org/messages/13154861 SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search) https://hermes.opensuse.org/messages/13155432 SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://www.ubuntu.com/usn/USN-1263-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-1150 51087 http://secunia.com/advisories/51087 51089 http://secunia.com/advisories/51089 APPLE-SA-2013-10-22-3 USN-1592-1 http://www.ubuntu.com/usn/USN-1592-1 USN-1615-1 http://www.ubuntu.com/usn/USN-1615-1 USN-1616-1 http://www.ubuntu.com/usn/USN-1616-1 [oss-security] 20120309 Re: CVE Request: Python Hash DoS (Issue 13703) http://www.openwall.com/lists/oss-security/2012/03/10/3 [python-dev] 20111229 Hash collision security issue (now public) http://mail.python.org/pipermail/python-dev/2011-December/115116.html [python-dev] 20120128 plugging the hash attack http://mail.python.org/pipermail/python-dev/2012-January/115892.html http://bugs.python.org/issue13703 http://python.org/download/releases/2.6.8/ http://python.org/download/releases/2.7.3/ http://python.org/download/releases/3.1.5/ http://python.org/download/releases/3.2.3/ https://bugzilla.redhat.com/show_bug.cgi?id=750555 openSUSE-SU-2020:0086
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.