6.4 - USN-1615-1

Executive Summary

Summary
Title	Python 3.2 vulnerabilities

Informations
Name	USN-1615-1	First vendor Publication	2012-10-23
Vendor	Ubuntu	Last vendor Modification	2012-10-23
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:P)
Cvss Base Score	6.4	Attack Range	Network
Cvss Impact Score	4.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04

Summary:

Several security issues were fixed in Python 3.2.

Software Description: - python3.2: Interactive high-level object-oriented language (version 3.2)

Details:

It was discovered that Python distutils contained a race condition when creating the ~/.pypirc file. A local attacker could exploit this to obtain sensitive information. (CVE-2011-4944)

It was discovered that SimpleXMLRPCServer did not properly validate its input when handling HTTP POST requests. A remote attacker could exploit this to cause a denial of service via excessive CPU utilization. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2012-0845)

It was discovered that Python was susceptible to hash algorithm attacks. An attacker could cause a denial of service under certian circumstances. This updates adds the '-R' command line option and honors setting the PYTHONHASHSEED environment variable to 'random' to salt str and datetime objects with an unpredictable value. This issue only affected Ubuntu 11.04 and 11.10. (CVE-2012-1150)

Serhiy Storchaka discovered that the UTF16 decoder in Python did not properly reset internal variables after error handling. An attacker could exploit this to cause a denial of service via memory corruption. This issue did not affect Ubuntu 12.10. (CVE-2012-2135)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.10:
python3.2 3.2.3-6ubuntu3.1
python3.2-minimal 3.2.3-6ubuntu3.1

Ubuntu 12.04 LTS:
python3.2 3.2.3-0ubuntu3.2
python3.2-minimal 3.2.3-0ubuntu3.2

Ubuntu 11.10:
python3.2 3.2.2-0ubuntu1.1
python3.2-minimal 3.2.2-0ubuntu1.1

Ubuntu 11.04:
python3.2 3.2-1ubuntu1.2
python3.2-minimal 3.2-1ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1615-1
CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2012-2135

Package Information:
https://launchpad.net/ubuntu/+source/python3.2/3.2.3-6ubuntu3.1
https://launchpad.net/ubuntu/+source/python3.2/3.2.3-0ubuntu3.2
https://launchpad.net/ubuntu/+source/python3.2/3.2.2-0ubuntu1.1
https://launchpad.net/ubuntu/+source/python3.2/3.2-1ubuntu1.2

Original Source

Url : http://www.ubuntu.com/usn/USN-1615-1

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-399	Resource Management Errors
33 %	CWE-310	Cryptographic Issues
33 %	CWE-264	Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17837

Oval ID:	oval:org.mitre.oval:def:17837
Title:	USN-1615-1 -- python3.2 vulnerabilities
Description:	Several security issues were fixed in Python 3.2.
Family:	unix	Class:	patch
Reference(s):	USN-1615-1 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2012-2135	Version:	7
Platform(s):	Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04	Product(s):	python3.2
Definition Synopsis:
Release section Ubuntu 12.10 is installed Packages match section python3.2 DPKG is earlier than 3.2.3-6ubuntu3.1 AND python3.2-minimal DPKG is earlier than 3.2.3-6ubuntu3.1 AND Release section Ubuntu 12.04 is installed Packages match section python3.2 DPKG is earlier than 3.2.3-0ubuntu3.2 AND python3.2-minimal DPKG is earlier than 3.2.3-0ubuntu3.2 AND Release section Ubuntu 11.10 is installed Packages match section python3.2 DPKG is earlier than 3.2.2-0ubuntu1.1 AND python3.2-minimal DPKG is earlier than 3.2.2-0ubuntu1.1 AND Release section Ubuntu 11.04 is installed Packages match section python3.2 DPKG is earlier than 3.2-1ubuntu1.2 AND python3.2-minimal DPKG is earlier than 3.2-1ubuntu1.2

Definition Id: oval:org.mitre.oval:def:17941

Oval ID:	oval:org.mitre.oval:def:17941
Title:	USN-1616-1 -- python3.1 vulnerabilities
Description:	Several security issues were fixed in Python 3.1.
Family:	unix	Class:	patch
Reference(s):	USN-1616-1 CVE-2008-5983 CVE-2010-1634 CVE-2010-2089 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150 CVE-2012-2135	Version:	7
Platform(s):	Ubuntu 11.04 Ubuntu 10.04	Product(s):	python3.1
Definition Synopsis:
Release section Ubuntu 11.04 is installed Packages match section python3.1 DPKG is earlier than 3.1.3-1ubuntu1.2 AND python3.1-minimal DPKG is earlier than 3.1.3-1ubuntu1.2 AND Release section Ubuntu 10.04 is installed Packages match section python3.1 DPKG is earlier than 3.1.2-0ubuntu3.2 AND python3.1-minimal DPKG is earlier than 3.1.2-0ubuntu3.2

Definition Id: oval:org.mitre.oval:def:17976

Oval ID:	oval:org.mitre.oval:def:17976
Title:	USN-1592-1 -- python2.7 vulnerabilities
Description:	Several security issues were fixed in Python 2.7.
Family:	unix	Class:	patch
Reference(s):	USN-1592-1 CVE-2011-1521 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150	Version:	7
Platform(s):	Ubuntu 11.10 Ubuntu 11.04	Product(s):	python2.7
Definition Synopsis:
Release section Ubuntu 11.10 is installed Packages match section python2.7 DPKG is earlier than 2.7.2-5ubuntu1.1 AND python2.7-minimal DPKG is earlier than 2.7.2-5ubuntu1.1 AND Release section Ubuntu 11.04 is installed Packages match section python2.7 DPKG is earlier than 2.7.1-5ubuntu2.2 AND python2.7-minimal DPKG is earlier than 2.7.1-5ubuntu2.2

Definition Id: oval:org.mitre.oval:def:18043

Oval ID:	oval:org.mitre.oval:def:18043
Title:	USN-1596-1 -- python2.6 vulnerabilities
Description:	Several security issues were fixed in Python 2.6.
Family:	unix	Class:	patch
Reference(s):	USN-1596-1 CVE-2008-5983 CVE-2010-1634 CVE-2010-2089 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150	Version:	7
Platform(s):	Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04	Product(s):	python2.6
Definition Synopsis:
Release section Ubuntu 11.10 is installed Packages match section python2.6 DPKG is earlier than 2.6.7-4ubuntu1.1 AND python2.6-minimal DPKG is earlier than 2.6.7-4ubuntu1.1 AND Release section Ubuntu 11.04 is installed Packages match section python2.6 DPKG is earlier than 2.6.6-6ubuntu7.1 AND python2.6-minimal DPKG is earlier than 2.6.6-6ubuntu7.1 AND Release section Ubuntu 10.04 is installed Packages match section python2.6 DPKG is earlier than 2.6.5-1ubuntu6.1 AND python2.6-minimal DPKG is earlier than 2.6.5-1ubuntu6.1

Definition Id: oval:org.mitre.oval:def:19784

Oval ID:	oval:org.mitre.oval:def:19784
Title:	VMware security updates for vSphere API and ESX Service Console
Description:	Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2011-4944	Version:	4
Platform(s):	VMWare ESX Server 4.1	Product(s):
Definition Synopsis:
Patch ESX410-201211407-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201211407-SG is not installed

Definition Id: oval:org.mitre.oval:def:20677

Oval ID:	oval:org.mitre.oval:def:20677
Title:	VMware security updates for vSphere API and ESX Service Console
Description:	Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2012-1150	Version:	4
Platform(s):	VMWare ESX Server 4.1	Product(s):
Definition Synopsis:
Patch ESX410-201211407-SG is not installed VMware ESX Server 4.1 is installed AND Patch ESX410-201211407-SG is not installed

Definition Id: oval:org.mitre.oval:def:21287

Oval ID:	oval:org.mitre.oval:def:21287
Title:	RHSA-2012:0745: python security update (Moderate)
Description:	Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:0745-00 CESA-2012:0745 CVE-2011-4940 CVE-2011-4944 CVE-2012-1150	Version:	42
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	python
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section python-devel is earlier than 0:2.4.3-46.el5_8.2 AND python-libs is earlier than 0:2.4.3-46.el5_8.2 AND python is earlier than 0:2.4.3-46.el5_8.2 AND tkinter is earlier than 0:2.4.3-46.el5_8.2 AND python-tools is earlier than 0:2.4.3-46.el5_8.2

Definition Id: oval:org.mitre.oval:def:21389

Oval ID:	oval:org.mitre.oval:def:21389
Title:	RHSA-2012:0744: python security update (Moderate)
Description:	Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:0744-01 CESA-2012:0744 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150	Version:	55
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	python
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section python-devel is earlier than 0:2.6.6-29.el6_2.2 AND python-test is earlier than 0:2.6.6-29.el6_2.2 AND tkinter is earlier than 0:2.6.6-29.el6_2.2 AND python is earlier than 0:2.6.6-29.el6_2.2 AND python-tools is earlier than 0:2.6.6-29.el6_2.2 AND python-libs is earlier than 0:2.6.6-29.el6_2.2

Definition Id: oval:org.mitre.oval:def:23066

Oval ID:	oval:org.mitre.oval:def:23066
Title:	ELSA-2012:0745: python security update (Moderate)
Description:	Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:0745-00 CVE-2011-4940 CVE-2011-4944 CVE-2012-1150	Version:	17
Platform(s):	Oracle Linux 5	Product(s):	python
Definition Synopsis:
Oracle Linux 5.x rpm test python-devel is earlier than 0:2.4.3-46.el5_8.2 AND python-libs is earlier than 0:2.4.3-46.el5_8.2 AND python is earlier than 0:2.4.3-46.el5_8.2 AND tkinter is earlier than 0:2.4.3-46.el5_8.2 AND python-tools is earlier than 0:2.4.3-46.el5_8.2

Definition Id: oval:org.mitre.oval:def:23753

Oval ID:	oval:org.mitre.oval:def:23753
Title:	ELSA-2012:0744: python security update (Moderate)
Description:	Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:0744-01 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150	Version:	21
Platform(s):	Oracle Linux 6	Product(s):	python
Definition Synopsis:
Oracle Linux 6.x rpm test python-devel is earlier than 0:2.6.6-29.el6_2.2 AND python-test is earlier than 0:2.6.6-29.el6_2.2 AND tkinter is earlier than 0:2.6.6-29.el6_2.2 AND python is earlier than 0:2.6.6-29.el6_2.2 AND python-tools is earlier than 0:2.6.6-29.el6_2.2 AND python-libs is earlier than 0:2.6.6-29.el6_2.2

Definition Id: oval:org.mitre.oval:def:27594

Oval ID:	oval:org.mitre.oval:def:27594
Title:	DEPRECATED: ELSA-2012-0745 -- python security update (moderate)
Description:	[2.4.3-46.el5_8.2] - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 [2.4.3-46.el5_8.1] - distutils.commands.register: create ~/.pypirc securely Resolves: CVE-2011-4944 - send encoding in SimpleHTTPServer.list_directory to protect IE7 against potential XSS attacks Resolves: CVE-2011-4940 - oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types Resolves: CVE-2012-1150
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-0745 CVE-2011-4940 CVE-2011-4944 CVE-2012-1150	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	python
Definition Synopsis:
Oracle Linux 5.x Packages match section python is earlier than 0:2.4.3-46.el5_8.2 AND python-devel is earlier than 0:2.4.3-46.el5_8.2 AND python-libs is earlier than 0:2.4.3-46.el5_8.2 AND python-tools is earlier than 0:2.4.3-46.el5_8.2 AND tkinter is earlier than 0:2.4.3-46.el5_8.2

Definition Id: oval:org.mitre.oval:def:27651

Oval ID:	oval:org.mitre.oval:def:27651
Title:	DEPRECATED: ELSA-2012-0744 -- python security update (moderate)
Description:	[2.6.6-29.el6_2.2] - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 [2.6.6-29.el6_2.1] - distutils.config: create ~/.pypirc securely Resolves: CVE-2011-4944 - fix endless loop in SimpleXMLRPCServer upon malformed POST request Resolves: CVE-2012-0845 - send encoding in SimpleHTTPServer.list_directory to protect IE7 against potential XSS attacks Resolves: CVE-2011-4940 - oCERT-2011-003: add -R command-line option and PYTHONHASHSEED environment variable, to provide an opt-in way to protect against denial of service attacks due to hash collisions within the dict and set types Resolves: CVE-2012-1150
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-0744 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	python
Definition Synopsis:
Oracle Linux 6.x Packages match section python is earlier than 0:2.6.6-29.el6_2.2 AND python-devel is earlier than 0:2.6.6-29.el6_2.2 AND python-libs is earlier than 0:2.6.6-29.el6_2.2 AND python-test is earlier than 0:2.6.6-29.el6_2.2 AND python-tools is earlier than 0:2.6.6-29.el6_2.2 AND tkinter is earlier than 0:2.6.6-29.el6_2.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Python cpe:2.3:a:python:python:3.3.2:::::::* cpe:2.3:a:python:python:3.3.1:rc1:::::: cpe:2.3:a:python:python:3.3.1:-:::::: cpe:2.3:a:python:python:3.3.0:-:::::: cpe:2.3:a:python:python:3.3.0:alpha1:::::: cpe:2.3:a:python:python:3.3.0:alpha2:::::: cpe:2.3:a:python:python:3.3.0:alpha3:::::: cpe:2.3:a:python:python:3.3.0:alpha4:::::: cpe:2.3:a:python:python:3.3.0:beta1:::::: cpe:2.3:a:python:python:3.3.0:beta2:::::: cpe:2.3:a:python:python:3.3.0:rc1:::::: cpe:2.3:a:python:python:3.3.0:rc2:::::: cpe:2.3:a:python:python:3.3.0:rc3:::::: cpe:2.3:a:python:python:3.3:beta2:::::: cpe:2.3:a:python:python:3.3:::::::* cpe:2.3:a:python:python:3.2.6:-:::::: cpe:2.3:a:python:python:3.2.6:rc1:::::: cpe:2.3:a:python:python:3.2.5:::::::* cpe:2.3:a:python:python:3.2.4:-:::::: cpe:2.3:a:python:python:3.2.4:rc1:::::: cpe:2.3:a:python:python:3.2.3:-:::::: cpe:2.3:a:python:python:3.2.3:rc1:::::: cpe:2.3:a:python:python:3.2.3:rc2:::::: cpe:2.3:a:python:python:3.2.2150:::::::* cpe:2.3:a:python:python:3.2.2:-:::::: cpe:2.3:a:python:python:3.2.2:rc1:::::: cpe:2.3:a:python:python:3.2.1:-:::::: cpe:2.3:a:python:python:3.2.1:beta1:::::: cpe:2.3:a:python:python:3.2.1:rc1:::::: cpe:2.3:a:python:python:3.2.1:rc2:::::: cpe:2.3:a:python:python:3.2.0:::::::* cpe:2.3:a:python:python:3.2:alpha:::::: cpe:2.3:a:python:python:3.2:-:::::: cpe:2.3:a:python:python:3.2:alpha1:::::: cpe:2.3:a:python:python:3.2:alpha2:::::: cpe:2.3:a:python:python:3.2:alpha3:::::: cpe:2.3:a:python:python:3.2:alpha4:::::: cpe:2.3:a:python:python:3.2:beta1:::::: cpe:2.3:a:python:python:3.2:beta2:::::: cpe:2.3:a:python:python:3.2:rc1:::::: cpe:2.3:a:python:python:3.2:rc2:::::: cpe:2.3:a:python:python:3.2:rc3:::::: cpe:2.3:a:python:python:3.1.5:-:::::: cpe:2.3:a:python:python:3.1.5:rc1:::::: cpe:2.3:a:python:python:3.1.5:rc2:::::: cpe:2.3:a:python:python:3.1.4:-:::::: cpe:2.3:a:python:python:3.1.4:rc1:::::: cpe:2.3:a:python:python:3.1.3:-:::::: cpe:2.3:a:python:python:3.1.3:rc1:::::: cpe:2.3:a:python:python:3.1.2150::::::x64: cpe:2.3:a:python:python:3.1.2:-:::::: cpe:2.3:a:python:python:3.1.2:rc1:::::: cpe:2.3:a:python:python:3.1.1:-:::::: cpe:2.3:a:python:python:3.1.1:rc1:::::: cpe:2.3:a:python:python:3.1.0:::::::* cpe:2.3:a:python:python:3.1:-:::::: cpe:2.3:a:python:python:3.1:alpha1:::::: cpe:2.3:a:python:python:3.1:alpha2:::::: cpe:2.3:a:python:python:3.1:beta1:::::: cpe:2.3:a:python:python:3.1:rc1:::::: cpe:2.3:a:python:python:3.1:rc2:::::: cpe:2.3:a:python:python:3.0.1:::::::* cpe:2.3:a:python:python:3.0.0:::::::* cpe:2.3:a:python:python:3.0:-:::::: cpe:2.3:a:python:python:3.0:alpha1:::::: cpe:2.3:a:python:python:3.0:alpha2:::::: cpe:2.3:a:python:python:3.0:alpha3:::::: cpe:2.3:a:python:python:3.0:alpha4:::::: cpe:2.3:a:python:python:3.0:alpha5:::::: cpe:2.3:a:python:python:3.0:beta1:::::: cpe:2.3:a:python:python:3.0:beta2:::::: cpe:2.3:a:python:python:3.0:beta3:::::: cpe:2.3:a:python:python:3.0:rc1:::::: cpe:2.3:a:python:python:3.0:rc2:::::: cpe:2.3:a:python:python:3.0:rc3:::::: cpe:2.3:a:python:python:2.7.9:-:::::: cpe:2.3:a:python:python:2.7.9:rc1:::::: cpe:2.3:a:python:python:2.7.8:::::::* cpe:2.3:a:python:python:2.7.7:-:::::: cpe:2.3:a:python:python:2.7.7:rc1:::::: cpe:2.3:a:python:python:2.7.6:-:::::: cpe:2.3:a:python:python:2.7.6:rc1:::::: cpe:2.3:a:python:python:2.7.5:::::::* cpe:2.3:a:python:python:2.7.4:-:::::: cpe:2.3:a:python:python:2.7.4:rc1:::::: cpe:2.3:a:python:python:2.7.3:-:::::: cpe:2.3:a:python:python:2.7.3:rc1:::::: cpe:2.3:a:python:python:2.7.3:rc2:::::: cpe:2.3:a:python:python:2.7.2150:::::::* cpe:2.3:a:python:python:2.7.2:rc1:::::: cpe:2.3:a:python:python:2.7.2:-:::::: cpe:2.3:a:python:python:2.7.16:-:::::: cpe:2.3:a:python:python:2.7.16:rc1:::::: cpe:2.3:a:python:python:2.7.16:::::::* cpe:2.3:a:python:python:2.7.15:-:::::: cpe:2.3:a:python:python:2.7.15:rc1:::::: cpe:2.3:a:python:python:2.7.14:-:::::: cpe:2.3:a:python:python:2.7.14:rc1:::::: cpe:2.3:a:python:python:2.7.13:-:::::: cpe:2.3:a:python:python:2.7.13:rc1:::::: cpe:2.3:a:python:python:2.7.12:-:::::: cpe:2.3:a:python:python:2.7.12:rc1:::::: cpe:2.3:a:python:python:2.7.1150:::::::* cpe:2.3:a:python:python:2.7.1150::::::x64: cpe:2.3:a:python:python:2.7.11:-:::::: cpe:2.3:a:python:python:2.7.11:rc1:::::: cpe:2.3:a:python:python:2.7.10:-:::::: cpe:2.3:a:python:python:2.7.10:rc1:::::: cpe:2.3:a:python:python:2.7.1:-:::::: cpe:2.3:a:python:python:2.7.1:rc1:::::: cpe:2.3:a:python:python:2.7.0:::::::* cpe:2.3:a:python:python:2.6.9:::::::* cpe:2.3:a:python:python:2.6.8:::::::* cpe:2.3:a:python:python:2.6.7:::::::* cpe:2.3:a:python:python:2.6.6150:::::::* cpe:2.3:a:python:python:2.6.6:::::::* cpe:2.3:a:python:python:2.6.5:::::::* cpe:2.3:a:python:python:2.6.4:::::::* cpe:2.3:a:python:python:2.6.3:::::::* cpe:2.3:a:python:python:2.6.2150:::::::* cpe:2.3:a:python:python:2.6.2:::::::* cpe:2.3:a:python:python:2.6.1:::::::* cpe:2.3:a:python:python:2.6.0:::::::* cpe:2.3:a:python:python:2.5.6:::::::* cpe:2.3:a:python:python:2.5.5:::::::* cpe:2.3:a:python:python:2.5.4:::::::* cpe:2.3:a:python:python:2.5.3:::::::* cpe:2.3:a:python:python:2.5.2:::::::* cpe:2.3:a:python:python:2.5.150:::::::* cpe:2.3:a:python:python:2.5.1:::::::* cpe:2.3:a:python:python:2.5.0:::::::* cpe:2.3:a:python:python:2.4.6:::::::* cpe:2.3:a:python:python:2.4.5:::::::* cpe:2.3:a:python:python:2.4.4:::::::* cpe:2.3:a:python:python:2.4.3:::::::* cpe:2.3:a:python:python:2.4.2:::::::* cpe:2.3:a:python:python:2.4.1:::::::* cpe:2.3:a:python:python:2.4.0:::::::* cpe:2.3:a:python:python:2.3.7:::::::* cpe:2.3:a:python:python:2.3.6:::::::* cpe:2.3:a:python:python:2.3.5:::::::* cpe:2.3:a:python:python:2.3.4:::::::* cpe:2.3:a:python:python:2.3.3:::::::* cpe:2.3:a:python:python:2.3.2:::::::* cpe:2.3:a:python:python:2.3.1:::::::* cpe:2.3:a:python:python:2.3.0:::::::* cpe:2.3:a:python:python:2.2.3:::::::* cpe:2.3:a:python:python:2.2.2:::::::* cpe:2.3:a:python:python:2.2.1:::::::* cpe:2.3:a:python:python:2.2.0:::::::* cpe:2.3:a:python:python:2.2:::::::* cpe:2.3:a:python:python:2.1.3:::::::* cpe:2.3:a:python:python:2.1.2:::::::* cpe:2.3:a:python:python:2.1.1:::::::* cpe:2.3:a:python:python:2.1:::::::* cpe:2.3:a:python:python:2.0.1:::::::* cpe:2.3:a:python:python:2.0:::::::* cpe:2.3:a:python:python:1.6.1:::::::* cpe:2.3:a:python:python:1.6:::::::* cpe:2.3:a:python:python:1.5.2:::::::* cpe:2.3:a:python:python:1.3:::::::* cpe:2.3:a:python:python:1.2:::::::* cpe:2.3:a:python:python:0.9.1:::::::* cpe:2.3:a:python:python:0.9.0:::::::* cpe:2.3:a:python:python:::::::: cpe:2.3:a:python:python:-:::::::*	166
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::	5
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:6.0:::::::*	1

OpenVAS Exploits

Date	Description
2012-11-16	Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console File : nvt/gb_VMSA-2012-0016.nasl
2012-10-26	Name : Ubuntu Update for python3.1 USN-1616-1 File : nvt/gb_ubuntu_USN_1616_1.nasl
2012-10-26	Name : Ubuntu Update for python3.2 USN-1615-1 File : nvt/gb_ubuntu_USN_1615_1.nasl
2012-10-19	Name : Ubuntu Update for python2.4 USN-1613-2 File : nvt/gb_ubuntu_USN_1613_2.nasl
2012-10-19	Name : Ubuntu Update for python2.5 USN-1613-1 File : nvt/gb_ubuntu_USN_1613_1.nasl
2012-10-05	Name : Ubuntu Update for python2.6 USN-1596-1 File : nvt/gb_ubuntu_USN_1596_1.nasl
2012-10-03	Name : Ubuntu Update for python2.7 USN-1592-1 File : nvt/gb_ubuntu_USN_1592_1.nasl
2012-08-30	Name : Fedora Update for python3 FEDORA-2012-5785 File : nvt/gb_fedora_2012_5785_python3_fc17.nasl
2012-08-30	Name : Fedora Update for python-docs FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python-docs_fc17.nasl
2012-08-30	Name : Fedora Update for python FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python_fc17.nasl
2012-07-30	Name : CentOS Update for python CESA-2012:0744 centos6 File : nvt/gb_CESA-2012_0744_python_centos6.nasl
2012-07-30	Name : CentOS Update for python CESA-2012:0745 centos5 File : nvt/gb_CESA-2012_0745_python_centos5.nasl
2012-06-22	Name : Fedora Update for python3 FEDORA-2012-9135 File : nvt/gb_fedora_2012_9135_python3_fc16.nasl
2012-06-22	Name : Mandriva Update for python MDVSA-2012:096 (python) File : nvt/gb_mandriva_MDVSA_2012_096.nasl
2012-06-22	Name : Mandriva Update for python MDVSA-2012:097 (python) File : nvt/gb_mandriva_MDVSA_2012_097.nasl
2012-06-19	Name : RedHat Update for python RHSA-2012:0745-01 File : nvt/gb_RHSA-2012_0745-01_python.nasl
2012-06-19	Name : RedHat Update for python RHSA-2012:0744-01 File : nvt/gb_RHSA-2012_0744-01_python.nasl
2012-05-08	Name : Fedora Update for python FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python_fc16.nasl
2012-05-08	Name : Fedora Update for python-docs FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python-docs_fc16.nasl
2012-05-04	Name : Fedora Update for python3 FEDORA-2012-5916 File : nvt/gb_fedora_2012_5916_python3_fc15.nasl
2012-03-12	Name : FreeBSD Ports: python32 File : nvt/freebsd_python32.nasl

Information Assurance Vulnerability Management (IAVM)

Date	Description
2012-11-29	IAVM : 2012-A-0189 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0035032

Nessus® Vulnerability Scanner

Date	Description
2016-02-29	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0016_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_python_20130410.nasl - Type : ACT_GATHER_INFO
2014-12-12	Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-380.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-302.nasl - Type : ACT_GATHER_INFO
2014-01-07	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-04.nasl - Type : ACT_GATHER_INFO
2013-10-23	Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_9.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-81.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-80.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-98.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0745.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0744.nasl - Type : ACT_GATHER_INFO
2013-04-20	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-117.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_python-randomisation-update-120516.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_python-randomisation-update-120517.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing a security update. File : suse_11_apache2-mod_python-120503.nasl - Type : ACT_GATHER_INFO
2012-11-16	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0016.nasl - Type : ACT_GATHER_INFO
2012-10-25	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1616-1.nasl - Type : ACT_GATHER_INFO
2012-10-24	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1615-1.nasl - Type : ACT_GATHER_INFO
2012-10-18	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1613-2.nasl - Type : ACT_GATHER_INFO
2012-10-18	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1613-1.nasl - Type : ACT_GATHER_INFO
2012-10-05	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1596-1.nasl - Type : ACT_GATHER_INFO
2012-10-03	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1592-1.nasl - Type : ACT_GATHER_INFO
2012-09-06	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-097.nasl - Type : ACT_GATHER_INFO
2012-08-14	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_python-8127.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120618_python_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120618_python_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-06-21	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-096.nasl - Type : ACT_GATHER_INFO
2012-06-20	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0744.nasl - Type : ACT_GATHER_INFO
2012-06-20	Name : The remote Fedora host is missing a security update. File : fedora_2012-9135.nasl - Type : ACT_GATHER_INFO
2012-06-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0745.nasl - Type : ACT_GATHER_INFO
2012-06-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0744.nasl - Type : ACT_GATHER_INFO
2012-06-19	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0745.nasl - Type : ACT_GATHER_INFO
2012-05-07	Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5924.nasl - Type : ACT_GATHER_INFO
2012-05-07	Name : The remote Fedora host is missing a security update. File : fedora_2012-5785.nasl - Type : ACT_GATHER_INFO
2012-05-04	Name : The remote Fedora host is missing a security update. File : fedora_2012-5916.nasl - Type : ACT_GATHER_INFO
2012-05-02	Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5892.nasl - Type : ACT_GATHER_INFO
2012-02-14	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b4f8be9e56b211e19fb7003067b2972c.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:00:59	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	3
Oval ID(s)	12
CPE ID(s)	172
Openvas Exploit(s)	21
IAVM(s)	1
Nessus® Exploit(s)	38

	Related
6.4	CVE-2012-2135
5	CVE-2012-1150
5	CVE-2012-0845
1.9	CVE-2011-4944
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 4 more Alert(s)

6.4 - USN-1615-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Information Assurance Vulnerability Management (IAVM)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU