SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy)

Critical Nessus Plugin ID 133259

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

The remote SUSE host is missing one or more security updates.

Description

This update for python fixes the following issues :

Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Python2 15-SP1 :

zypper in -t patch SUSE-SLE-Module-Python2-15-SP1-2020-234=1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 :

zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-234=1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 :

zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-234=1

SUSE Linux Enterprise Module for Desktop Applications 15-SP1 :

zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-234=1

SUSE Linux Enterprise Module for Desktop Applications 15 :

zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-2020-234=1

SUSE Linux Enterprise Module for Basesystem 15-SP1 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-234=1

SUSE Linux Enterprise Module for Basesystem 15 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-234=1

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1027282

https://bugzilla.suse.com/show_bug.cgi?id=1041090

https://bugzilla.suse.com/show_bug.cgi?id=1042670

https://bugzilla.suse.com/show_bug.cgi?id=1068664

https://bugzilla.suse.com/show_bug.cgi?id=1073269

https://bugzilla.suse.com/show_bug.cgi?id=1073748

https://bugzilla.suse.com/show_bug.cgi?id=1078326

https://bugzilla.suse.com/show_bug.cgi?id=1078485

https://bugzilla.suse.com/show_bug.cgi?id=1079300

https://bugzilla.suse.com/show_bug.cgi?id=1081750

https://bugzilla.suse.com/show_bug.cgi?id=1083507

https://bugzilla.suse.com/show_bug.cgi?id=1084650

https://bugzilla.suse.com/show_bug.cgi?id=1086001

https://bugzilla.suse.com/show_bug.cgi?id=1088004

https://bugzilla.suse.com/show_bug.cgi?id=1088009

https://bugzilla.suse.com/show_bug.cgi?id=1109847

https://bugzilla.suse.com/show_bug.cgi?id=1111793

https://bugzilla.suse.com/show_bug.cgi?id=1113755

https://bugzilla.suse.com/show_bug.cgi?id=1122191

https://bugzilla.suse.com/show_bug.cgi?id=1129346

https://bugzilla.suse.com/show_bug.cgi?id=1130840

https://bugzilla.suse.com/show_bug.cgi?id=1130847

https://bugzilla.suse.com/show_bug.cgi?id=1138459

https://bugzilla.suse.com/show_bug.cgi?id=1141853

https://bugzilla.suse.com/show_bug.cgi?id=1149792

https://bugzilla.suse.com/show_bug.cgi?id=1149955

https://bugzilla.suse.com/show_bug.cgi?id=1153238

https://bugzilla.suse.com/show_bug.cgi?id=1153830

https://bugzilla.suse.com/show_bug.cgi?id=1159035

https://bugzilla.suse.com/show_bug.cgi?id=214983

https://bugzilla.suse.com/show_bug.cgi?id=298378

https://bugzilla.suse.com/show_bug.cgi?id=346490

https://bugzilla.suse.com/show_bug.cgi?id=367853

https://bugzilla.suse.com/show_bug.cgi?id=379534

https://bugzilla.suse.com/show_bug.cgi?id=380942

https://bugzilla.suse.com/show_bug.cgi?id=399190

https://bugzilla.suse.com/show_bug.cgi?id=406051

https://bugzilla.suse.com/show_bug.cgi?id=425138

https://bugzilla.suse.com/show_bug.cgi?id=426563

https://bugzilla.suse.com/show_bug.cgi?id=430761

https://bugzilla.suse.com/show_bug.cgi?id=432677

https://bugzilla.suse.com/show_bug.cgi?id=436966

https://bugzilla.suse.com/show_bug.cgi?id=437293

https://bugzilla.suse.com/show_bug.cgi?id=441088

https://bugzilla.suse.com/show_bug.cgi?id=462375

https://bugzilla.suse.com/show_bug.cgi?id=525295

https://bugzilla.suse.com/show_bug.cgi?id=534721

https://bugzilla.suse.com/show_bug.cgi?id=551715

https://bugzilla.suse.com/show_bug.cgi?id=572673

https://bugzilla.suse.com/show_bug.cgi?id=577032

https://bugzilla.suse.com/show_bug.cgi?id=581765

https://bugzilla.suse.com/show_bug.cgi?id=603255

https://bugzilla.suse.com/show_bug.cgi?id=617751

https://bugzilla.suse.com/show_bug.cgi?id=637176

https://bugzilla.suse.com/show_bug.cgi?id=638233

https://bugzilla.suse.com/show_bug.cgi?id=658604

https://bugzilla.suse.com/show_bug.cgi?id=673071

https://bugzilla.suse.com/show_bug.cgi?id=682554

https://bugzilla.suse.com/show_bug.cgi?id=697251

https://bugzilla.suse.com/show_bug.cgi?id=707667

https://bugzilla.suse.com/show_bug.cgi?id=718009

https://bugzilla.suse.com/show_bug.cgi?id=747125

https://bugzilla.suse.com/show_bug.cgi?id=747794

https://bugzilla.suse.com/show_bug.cgi?id=751718

https://bugzilla.suse.com/show_bug.cgi?id=754447

https://bugzilla.suse.com/show_bug.cgi?id=766778

https://bugzilla.suse.com/show_bug.cgi?id=794139

https://bugzilla.suse.com/show_bug.cgi?id=804978

https://bugzilla.suse.com/show_bug.cgi?id=827982

https://bugzilla.suse.com/show_bug.cgi?id=831442

https://bugzilla.suse.com/show_bug.cgi?id=834601

https://bugzilla.suse.com/show_bug.cgi?id=836739

https://bugzilla.suse.com/show_bug.cgi?id=856835

https://bugzilla.suse.com/show_bug.cgi?id=856836

https://bugzilla.suse.com/show_bug.cgi?id=857470

https://bugzilla.suse.com/show_bug.cgi?id=863741

https://bugzilla.suse.com/show_bug.cgi?id=885882

https://bugzilla.suse.com/show_bug.cgi?id=898572

https://bugzilla.suse.com/show_bug.cgi?id=901715

https://bugzilla.suse.com/show_bug.cgi?id=935856

https://bugzilla.suse.com/show_bug.cgi?id=945401

https://bugzilla.suse.com/show_bug.cgi?id=964182

https://bugzilla.suse.com/show_bug.cgi?id=984751

https://bugzilla.suse.com/show_bug.cgi?id=985177

https://bugzilla.suse.com/show_bug.cgi?id=985348

https://bugzilla.suse.com/show_bug.cgi?id=989523

https://bugzilla.suse.com/show_bug.cgi?id=997436

https://www.suse.com/security/cve/CVE-2007-2052/

https://www.suse.com/security/cve/CVE-2008-1721/

https://www.suse.com/security/cve/CVE-2008-2315/

https://www.suse.com/security/cve/CVE-2008-2316/

https://www.suse.com/security/cve/CVE-2008-3142/

https://www.suse.com/security/cve/CVE-2008-3143/

https://www.suse.com/security/cve/CVE-2008-3144/

https://www.suse.com/security/cve/CVE-2011-1521/

https://www.suse.com/security/cve/CVE-2011-3389/

https://www.suse.com/security/cve/CVE-2011-4944/

https://www.suse.com/security/cve/CVE-2012-0845/

https://www.suse.com/security/cve/CVE-2012-1150/

https://www.suse.com/security/cve/CVE-2013-1752/

https://www.suse.com/security/cve/CVE-2013-1753/

https://www.suse.com/security/cve/CVE-2013-4238/

https://www.suse.com/security/cve/CVE-2014-1912/

https://www.suse.com/security/cve/CVE-2014-4650/

https://www.suse.com/security/cve/CVE-2014-7185/

https://www.suse.com/security/cve/CVE-2016-0772/

https://www.suse.com/security/cve/CVE-2016-1000110/

https://www.suse.com/security/cve/CVE-2016-5636/

https://www.suse.com/security/cve/CVE-2016-5699/

https://www.suse.com/security/cve/CVE-2017-1000158/

https://www.suse.com/security/cve/CVE-2017-18207/

https://www.suse.com/security/cve/CVE-2018-1000030/

https://www.suse.com/security/cve/CVE-2018-1000802/

https://www.suse.com/security/cve/CVE-2018-1060/

https://www.suse.com/security/cve/CVE-2018-1061/

https://www.suse.com/security/cve/CVE-2018-14647/

https://www.suse.com/security/cve/CVE-2018-20852/

https://www.suse.com/security/cve/CVE-2019-10160/

https://www.suse.com/security/cve/CVE-2019-16056/

https://www.suse.com/security/cve/CVE-2019-16935/

https://www.suse.com/security/cve/CVE-2019-5010/

https://www.suse.com/security/cve/CVE-2019-9636/

https://www.suse.com/security/cve/CVE-2019-9947/

https://www.suse.com/security/cve/CVE-2019-9948/

http://www.nessus.org/u?a7e022df

Plugin Details

Severity: Critical

ID: 133259

File Name: suse_SU-2020-0234-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2020/01/27

Updated: 2020/01/30

Dependencies: 12634

Risk Information

Risk Factor: Critical

VPR Score: 7.4

CVSS v2.0

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libpython2_7, p-cpe:/a:novell:suse_linux:libpython2_7-1_0, p-cpe:/a:novell:suse_linux:libpython2_7-1_0-32bit-debuginfo, p-cpe:/a:novell:suse_linux:libpython2_7-1_0-debuginfo, p-cpe:/a:novell:suse_linux:python, p-cpe:/a:novell:suse_linux:python-32bit-debuginfo, p-cpe:/a:novell:suse_linux:python-base, p-cpe:/a:novell:suse_linux:python-base-32bit-debuginfo, p-cpe:/a:novell:suse_linux:python-base-debuginfo, p-cpe:/a:novell:suse_linux:python-base-debugsource, p-cpe:/a:novell:suse_linux:python-curses, p-cpe:/a:novell:suse_linux:python-curses-debuginfo, p-cpe:/a:novell:suse_linux:python-debuginfo, p-cpe:/a:novell:suse_linux:python-debugsource, p-cpe:/a:novell:suse_linux:python-demo, p-cpe:/a:novell:suse_linux:python-devel, p-cpe:/a:novell:suse_linux:python-gdbm, p-cpe:/a:novell:suse_linux:python-gdbm-debuginfo, p-cpe:/a:novell:suse_linux:python-idle, p-cpe:/a:novell:suse_linux:python-tk, p-cpe:/a:novell:suse_linux:python-tk-debuginfo, p-cpe:/a:novell:suse_linux:python-xml, p-cpe:/a:novell:suse_linux:python-xml-debuginfo, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2020/01/24

Vulnerability Publication Date: 2007/04/16

Reference Information

CVE: CVE-2007-2052, CVE-2008-1721, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144, CVE-2011-1521, CVE-2011-3389, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2013-1752, CVE-2013-1753, CVE-2013-4238, CVE-2014-1912, CVE-2014-4650, CVE-2014-7185, CVE-2016-0772, CVE-2016-1000110, CVE-2016-5636, CVE-2016-5699, CVE-2017-1000158, CVE-2017-18207, CVE-2018-1000030, CVE-2018-1000802, CVE-2018-1060, CVE-2018-1061, CVE-2018-14647, CVE-2018-20852, CVE-2019-10160, CVE-2019-16056, CVE-2019-16935, CVE-2019-5010, CVE-2019-9636, CVE-2019-9947, CVE-2019-9948

BID: 28715, 30491, 47024, 49388, 49778, 51239, 52732, 61738, 63804, 65379, 66958, 68147, 70089

CWE: 119, 189