Fedora 29 : python38 (2019-d58eb75449)

high Nessus Plugin ID 128653

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Fedora host is missing a security update.

Description

# This is a beta preview of Python 3.8

Python 3.8 is still in development. This release, 3.8.0b4 is the last of four planned beta release previews. Beta release previews are intended to give the wider community the opportunity to test new features and bug fixes and to prepare their projects to support the new feature release.

# Call to action

We **strongly encourage** maintainers of third-party Python projects to **test with 3.8** during the beta phase and report issues found to [the Python bug tracker](https://bugs.python.org) as soon as possible.
While the release is planned to be feature complete entering the beta phase, it is possible that features may be modified or, in rare cases, deleted up until the start of the release candidate phase (2019-09-30). Our goal is have no ABI changes after beta 3 and no code changes after 3.8.0rc1, the release candidate. To achieve that, it will be extremely important to get as much exposure for 3.8 as possible during the beta phase.

Please keep in mind that this is a preview release and its use is
**not** recommended for production environments.

# Major new features of the 3.8 series, compared to 3.7

Some of the new major new features and changes in Python 3.8 are :

- [PEP 572](https://www.python.org/dev/peps/pep-0572/), Assignment expressions

- [PEP 570](https://www.python.org/dev/peps/pep-0570/), Positional-only arguments

- [PEP 587](https://www.python.org/dev/peps/pep-0587/), Python Initialization Configuration (improved embedding)

- [PEP 590](https://www.python.org/dev/peps/pep-0590/), Vectorcall: a fast calling protocol for CPython

- [PEP 578](https://www.python.org/dev/peps/pep-0578), Runtime audit hooks

- [PEP 574](https://www.python.org/dev/peps/pep-0574), Pickle protocol 5 with out-of-band data

- Typing-related: [PEP 591](https://www.python.org/dev/peps/pep-0591) (Final qualifier), [PEP 586](https://www.python.org/dev/peps/pep-0586) (Literal types), and [PEP 589](https://www.python.org/dev/peps/pep-0589) (TypedDict)

- Parallel filesystem cache for compiled bytecode

- Debug builds share ABI as release builds

- f-strings support a handy `=` specifier for debugging

- `continue` is now legal in `finally:` blocks

- on Windows, the default `asyncio` event loop is now `ProactorEventLoop`

- on macOS, the _spawn_ start method is now used by default in `multiprocessing`

- `multiprocessing` can now use shared memory segments to avoid pickling costs between processes

- `typed_ast` is merged back to CPython

- `LOAD_GLOBAL` is now 40% faster

- `pickle` now uses Protocol 4 by default, improving performance

There are many other interesting changes, please consult the 'What's New' page in the documentation for a full list.

The next pre-release of Python 3.8 and the first release candidate will be 3.8.0rc1, currently scheduled for 2019-09-30.

# More resources

- [Online Documentation](https://docs.python.org/3.8/)

- [PEP 569](https://www.python.org/dev/peps/pep-0569/), 3.8 Release Schedule

- Report bugs at [bugs.python.org](https://bugs.python.org) or via [Fedora Bugzilla](https://bugz.fedoraproject.org/python38)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected python38 package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2019-d58eb75449

https://bugs.python.org

https://www.python.org/dev/peps/pep-0569/

https://www.python.org/dev/peps/pep-0570/

https://www.python.org/dev/peps/pep-0572/

https://www.python.org/dev/peps/pep-0574

https://www.python.org/dev/peps/pep-0578

https://www.python.org/dev/peps/pep-0586

https://www.python.org/dev/peps/pep-0587/

https://www.python.org/dev/peps/pep-0589

https://www.python.org/dev/peps/pep-0590/

https://www.python.org/dev/peps/pep-0591

Plugin Details

Severity: High

ID: 128653

File Name: fedora_2019-d58eb75449.nasl

Version: 1.4

Type: local

Agent: unix

Published: 9/11/2019

Updated: 12/27/2019

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:python38, cpe:/o:fedoraproject:fedora:29

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/11/2019

Vulnerability Publication Date: 9/6/2019

Reference Information

CVE: CVE-2019-16056