http://bugs.python.org/issue20078

http://hg.python.org/cpython/rev/79ea4ce431b1

APPLE-SA-2015-08-13-2

openSUSE-SU-2014:0597

[oss-security] 20140318 CVE request for python/zipfile

[oss-security] 20140319 Re: CVE request for python/zipfile

65179

1029973

https://docs.python.org/3.3/whatsnew/changelog.html

GLSA-201503-10

https://support.apple.com/kb/HT205031

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.5. The installed version is affected by multiple vulnerabilities in the following components :

 - apache (CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185)
 - apache_mod_php (CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148)
 - Apple ID OD Plug-in (CVE-2015-3799)
 - AppleGraphicsControl (CVE-2015-5768)
 - Bluetooth (CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3786, CVE-2015-3787)
 - bootp (CVE-2015-3778)
 - CloudKit (CVE-2015-3782)
 - CoreMedia Playback (CVE-2015-5777, CVE-2015-5778)
 - CoreText (CVE-2015-5761, CVE-2015-5755)
 - curl (CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150, CVE-2014-8151, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153)
 - Data Detectors Engine (CVE-2015-5750)
 - Date & Time pref pane (CVE-2015-3757)
 - Dictionary Application (CVE-2015-3774)
 - DiskImages (CVE-2015-3800)
 - dyld (CVE-2015-3760)
 - FontParser (CVE-2015-3804, CVE-2015-5775, CVE-2015-5756)
 - groff (CVE-2009-5044, CVE-2009-5078)
 - ImageIO (CVE-2015-5758, CVE-2015-5781, CVE-2015-5782)
 - Install Framework Legacy (CVE-2015-5784, CVE-2015-5754)
 - IOFireWireFamily (CVE-2015-3769, CVE-2015-3771, CVE-2015-3772)
 - IOGraphics (CVE-2015-3770, CVE-2015-5783)
 - IOHIDFamily (CVE-2015-5774)
 - Kernel (CVE-2015-3766, CVE-2015-3768, CVE-2015-5747, CVE-2015-5748, CVE-2015-3806, CVE-2015-3803, CVE-2015-3802, CVE-2015-3805, CVE-2015-3776, CVE-2015-3761)
 - Libc (CVE-2015-3796, CVE-2015-3797, CVE-2015-3798)
 - Libinfo (CVE-2015-5776)
 - libpthread (CVE-2015-5757)
 - libxml2 (CVE-2014-0191, CVE-2014-3660, CVE-2015-3807)
 - libxpc (CVE-2015-3795)
 - mail_cmds (CVE-2014-7844)
 - Notification Center OSX (CVE-2015-3764)
 - ntfs (CVE-2015-5763)
 - OpenSSH (CVE-2015-5600)
 - OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)
 - perl (CVE-2013-7422)
 - PostgreSQL (CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244)
 - python (CVE-2013-7040, CVE-2013-7338, CVE-2014-1912, CVE-2014-7185, CVE-2014-9365)
 - QL Office (CVE-2015-5773, CVE-2015-3784)
 - Quartz Composer Framework (CVE-2015-5771)
 - Quick Look (CVE-2015-3781)
 - QuickTime 7 (CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751)
 - SceneKit (CVE-2015-5772, CVE-2015-3783)
 - Security (CVE-2015-3775)
 - SMBClient (CVE-2015-3773)
 - Speech UI (CVE-2015-3794)
 - sudo (CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2014-0106, CVE-2014-9680)
 - tcpdump (CVE-2014-8767, CVE-2014-8769, CVE-2014-9140)
 - Text Formats (CVE-2015-3762)
 - udf (CVE-2015-3767)

 Note that successful exploitation of the most serious issues can result in arbitrary code execution.

The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components :

  - apache
  - apache_mod_php
  - Apple ID OD Plug-in
  - AppleGraphicsControl
  - Bluetooth
  - bootp
  - CloudKit
  - CoreMedia Playback
  - CoreText
  - curl
  - Data Detectors Engine
  - Date & Time pref pane
  - Dictionary Application
  - DiskImages
  - dyld
  - FontParser
  - groff
  - ImageIO
  - Install Framework Legacy
  - IOFireWireFamily
  - IOGraphics
  - IOHIDFamily
  - Kernel
  - Libc
  - Libinfo
  - libpthread
  - libxml2
  - libxpc
  - mail_cmds
  - Notification Center OSX
  - ntfs
  - OpenSSH
  - OpenSSL
  - perl
  - PostgreSQL
  - python
  - QL Office
  - Quartz Composer Framework
  - Quick Look
  - QuickTime 7
  - SceneKit
  - Security
  - SMBClient
  - Speech UI
  - sudo
  - tcpdump
  - Text Formats
  - udf 

Note that successful exploitation of the most serious issues can result in arbitrary code execution.

Updated python3 packages fix security vulnerabilities :

ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips (CVE-2013-7338).

A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912).

It was reported that a patch added to Python 3.2 caused a race condition where a file created could be created with world read/write permissions instead of the permissions dictated by the original umask of the process. This could allow a local attacker that could win the race to view and edit files created by a program using this call. Note that prior versions of Python, including 2.x, do not include the vulnerable _get_masked_mode() function that is used by os.makedirs() when exist_ok is set to True (CVE-2014-2667).

Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).

The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root (CVE-2014-4650).

The remote host is affected by the vulnerability described in GLSA-201503-10 (Python: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Python. Please review       the CVE identifiers referenced below for details.
  Impact :

    A context-dependent attacker may be able to execute arbitrary code or       cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Fixes CVEs 2013-7338 and 2014-2667.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This python update fixes the following security and non-security issues :

  - bnc#869222: Fixed DoS when opening malicious archives     (CVE-2013-7338).

  - bnc#863741: Fixed buffer overflow in     socket.recvfrom_into (CVE-2014-1912).

  - bnc#871152: Fixed race condition with umask when     creating directories with os.mkdirs (CVE-2014-2667).

  - bnc#637176: Fixed update multilib patch to handle home     install scheme.

Python was updated to 3.3.5 fixing bugs and security issues :

  - bugfix-only release, closes several security bugs

  - CVE-2013-1752 (bnc#856836) - DoS flaws with unbounded     reads from network

  - disable SSLv2 by default

  - DoS on maliciously crafted zip files (CVE-2013-7338,     bnc#869222)

  - CGIHttpRequestHandler directory traversal

  - gzip decompression bomb in xmlrpc client (CVE-2013-1753,     bnc#856835) xmlrpc_gzip_33.patch

  - potential buffer overflow in recvfrom_into     (CVE-2014-1912, bnc#863741)

  - hundreds of non-security-related bugfixes

ID	Name	Product	Family	Severity
8981	Mac OS X < 10.10.5 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
85408	Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
82329	Mandriva Linux Security Advisory : python3 (MDVSA-2015:076)	Nessus	Mandriva Local Security Checks	high
82009	GLSA-201503-10 : Python: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
80368	Fedora 19 : python3-3.3.2-11.fc19 (2014-16479)	Nessus	Fedora Local Security Checks	high
79940	Fedora 20 : python3-3.3.2-19.fc20 (2014-16393)	Nessus	Fedora Local Security Checks	high
75343	openSUSE Security Update : python3 (openSUSE-SU-2014:0597-1)	Nessus	SuSE Local Security Checks	high
75315	openSUSE Security Update : python3 (openSUSE-SU-2014:0498-1)	Nessus	SuSE Local Security Checks	high

CVE-2013-7338

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high