Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:13614125623114202307241HistoryMar 28, 2023 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2023:0724-1)
2023-03-2800:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
4
suse-su-2023:0724-1
python package
cve-2023-24329
cve-2022-45061
non-security bug
suse caas platform 4.0
suse enterprise storage 7
suse linux enterprise high-performance computing 15-sp1
suse linux enterprise high-performance computing 15-sp2
suse linux enterprise high-performance computing 15-sp3
suse linux enterprise real time 15-sp3
suse linux enterprise server 15-sp1
suse linux enterprise server 15-sp2
suse linux enterprise server 15-sp3
suse linux enterprise server for sap applications 15-sp1
suse linux enterprise server for sap applications 15-sp2
suse linux enterprise server for sap applications 15-sp3
suse manager proxy 4.2
suse manager retail branch server 4.2
suse manager server 4.2
suse package hub 15
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
8.3 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.5%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2023.0724.1");
script_cve_id("CVE-2022-45061", "CVE-2023-24329");
script_tag(name:"creation_date", value:"2023-03-28 13:04:06 +0000 (Tue, 28 Mar 2023)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:C/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-02-27 19:28:52 +0000 (Mon, 27 Feb 2023)");
script_name("SUSE: Security Advisory (SUSE-SU-2023:0724-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP1|SLES15\.0SP2|SLES15\.0SP3)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:0724-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2023/suse-su-20230724-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'python' package(s) announced via the SUSE-SU-2023:0724-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for python fixes the following issues:
CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244).
The following non-security bug was fixed:
Making compileall.py compliant with year 2038 (bsc#1202666, gh#python/cpython#79171).");
script_tag(name:"affected", value:"'python' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 7, SUSE Enterprise Storage 7.1, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise High Performance Computing 15-SP2, SUSE Linux Enterprise High Performance Computing 15-SP3, SUSE Linux Enterprise Real Time 15-SP3, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server 15-SP2, SUSE Linux Enterprise Server 15-SP3, SUSE Linux Enterprise Server for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP Applications 15-SP2, SUSE Linux Enterprise Server for SAP Applications 15-SP3, SUSE Manager Proxy 4.2, SUSE Manager Retail Branch Server 4.2, SUSE Manager Server 4.2, SUSE Package Hub 15.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"libpython2_7-1_0", rpm:"libpython2_7-1_0~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libpython2_7-1_0-debuginfo", rpm:"libpython2_7-1_0-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python", rpm:"python~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-base", rpm:"python-base~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-base-debuginfo", rpm:"python-base-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-base-debugsource", rpm:"python-base-debugsource~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-curses", rpm:"python-curses~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-curses-debuginfo", rpm:"python-curses-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-debuginfo", rpm:"python-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-debugsource", rpm:"python-debugsource~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-devel", rpm:"python-devel~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-gdbm", rpm:"python-gdbm~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-gdbm-debuginfo", rpm:"python-gdbm-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-tk", rpm:"python-tk~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-tk-debuginfo", rpm:"python-tk-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-xml", rpm:"python-xml~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-xml-debuginfo", rpm:"python-xml-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"libpython2_7-1_0", rpm:"libpython2_7-1_0~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libpython2_7-1_0-debuginfo", rpm:"libpython2_7-1_0-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python", rpm:"python~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-base", rpm:"python-base~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-base-debuginfo", rpm:"python-base-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-base-debugsource", rpm:"python-base-debugsource~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-curses", rpm:"python-curses~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-curses-debuginfo", rpm:"python-curses-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-debuginfo", rpm:"python-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-debugsource", rpm:"python-debugsource~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-devel", rpm:"python-devel~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-gdbm", rpm:"python-gdbm~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-gdbm-debuginfo", rpm:"python-gdbm-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-tk", rpm:"python-tk~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-tk-debuginfo", rpm:"python-tk-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-xml", rpm:"python-xml~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-xml-debuginfo", rpm:"python-xml-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"libpython2_7-1_0", rpm:"libpython2_7-1_0~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libpython2_7-1_0-debuginfo", rpm:"libpython2_7-1_0-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python", rpm:"python~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-base", rpm:"python-base~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-base-debuginfo", rpm:"python-base-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-base-debugsource", rpm:"python-base-debugsource~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-debuginfo", rpm:"python-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-debugsource", rpm:"python-debugsource~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-devel", rpm:"python-devel~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-tk", rpm:"python-tk~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-tk-debuginfo", rpm:"python-tk-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-xml", rpm:"python-xml~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-xml-debuginfo", rpm:"python-xml-debuginfo~2.7.18~150000.48.1", rls:"SLES15.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
amazon
amazon
Important: python
2023-03-02 22:35:00
Important: python38
2023-03-30 22:50:00
Important: python27
2023-03-30 22:50:00
redos
redos
ROS-20240409-01
2024-04-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2023-3149)
2023-11-09 00:00:00
Huawei EulerOS: Security Advisory for python2 (EulerOS-SA-2023-3448)
2023-12-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0707-1)
2023-03-28 00:00:00
nessus
nessus
Amazon Linux AMI : python38 (ALAS-2023-1714)
2023-04-06 00:00:00
Amazon Linux 2 : python (ALAS-2023-1980)
2023-03-07 00:00:00
ubuntucve
ubuntucve
CVE-2022-45061
2022-11-09 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: python3.7-3.7.16-1.fc35
2022-12-09 00:49:31
[SECURITY] Fedora 36 Update: python3.7-3.7.16-1.fc36
2022-12-16 01:43:25
[SECURITY] Fedora 37 Update: python3.10-3.10.9-1.fc37
2022-12-17 01:48:41
osv
osv
CVE-2022-45061
2022-11-09 07:15:09
BIT-python-2022-45061
2024-03-06 11:04:55
Important: python38:3.8 and python38-devel:3.8 security update
2023-06-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-12-12 08:25:10
oraclelinux
oraclelinux
python3.9 security update
2023-02-28 00:00:00
python27:2.7 security update
2023-05-24 00:00:00
python3 security update
2023-06-12 00:00:00
almalinux
almalinux
Moderate: python3.9 security update
2023-02-28 00:00:00
Moderate: python27:2.7 security update
2023-05-16 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Python below 3.9.16 affecting IBM Spectrum Protect Plus and its application agents for IBM Db2 and MongoDb2 using python.
2023-05-31 08:28:01
redhat
redhat
(RHSA-2023:2860) Moderate: python27:2.7 security update
2023-05-16 05:56:37
(RHSA-2023:4282) Important: Red Hat Virtualization Host 4.4.z SP 1 security update
2023-07-26 09:50:48
(RHSA-2023:3936) Important: python3 security update
2023-06-29 12:54:45
alpinelinux
alpinelinux
CVE-2022-45061
2022-11-09 07:15:09
cbl_mariner
cbl_mariner
CVE-2022-45061 affecting package python3 for versions less than 3.9.14-5
2022-12-19 20:12:40
CVE-2022-45061 affecting package python3 3.7.13-6
2023-06-13 20:02:41
CVE-2022-45061 affecting package python2 2.7.18-13
2023-06-13 20:02:41
cve
cve
CVE-2022-45061
2022-11-09 07:15:09
CVE-2023-24329
2023-02-17 15:15:12
mageia
mageia
Updated python python3 packages fix security vulnerabilities
2024-03-23 04:00:08
debiancve
debiancve
CVE-2022-45061
2022-11-09 07:15:09
redhatcve
redhatcve
CVE-2022-45061
2022-11-18 21:55:58
ubuntu
ubuntu
Python vulnerability
2023-06-05 00:00:00
Python vulnerability
2023-03-16 00:00:00
rocky
rocky
python3.11 security update
2023-08-31 16:55:40
python39:3.9 and python39-devel:3.9 security update
2023-08-31 16:54:34
python27:2.7 security update
2023-06-24 18:52:51
aix
aix
AIX is affected by security restrictions bypass due to Python
2023-08-18 09:49:04
thn
thn
New Python URL Parsing Flaw Could Enable Command Execution Attacks
2023-08-12 06:03:00
cgr
cgr
CVE-2023-24329 vulnerabilities
2024-05-19 03:07:16
cloudfoundry
cloudfoundry
USN-6139-1: Python vulnerability | Cloud Foundry
2023-10-05 00:00:00
githubexploit
githubexploit
Exploit for Improper Input Validation in Python
2023-08-17 10:33:52
slackware
slackware
[slackware-security] python3
2023-06-09 01:28:03
cert
cert
Python Parsing Error Enabling Bypass CVE-2023-24329
2023-08-11 00:00:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
8.3 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.5%
Related for OPENVAS:13614125623114202307241