FreeBSD : Python -- multiple vulnerabilities (032643d7-0ba7-11ec-a689-080027e50e6d)

high Nessus Plugin ID 153072

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Python reports :

bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition.

bpo-41180: Add auditing events to the marshal module, and stop raising code.__init__ events for every unmarshalled code object. Directly instantiated code objects will continue to raise an event, and audit event handlers should inspect or collect the raw marshal data. This reduces a significant performance overhead when loading from .pyc files.

bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 'Billion Laughs' vulnerability.
This copy is most used on Windows and macOS.

bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.

Solution

Update the affected package.

See Also

https://docs.python.org/release/3.9.7/whatsnew/changelog.html

http://www.nessus.org/u?53d85a8c

Plugin Details

Severity: High

ID: 153072

File Name: freebsd_pkg_032643d70ba711eca689080027e50e6d.nasl

Version: 1.1

Type: local

Published: 9/7/2021

Updated: 9/7/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:python39, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/2/2021

Vulnerability Publication Date: 8/30/2021