Detections
Analytics

MiracleLinux 4 : python-2.6.6-52.0.1.AXS4 (AXSA:2014-069:01)

medium Nessus Plugin ID 289781

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-069:01 advisory.

 Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).
 Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM.
 Note that documentation for Python is provided in the python-docs package.
 Security issues fixed with this release:
 CVE-2013-4238 The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
 Fixed bug:
 Fixed some dependencies problems on x86_64.
 Previously, many Python executables from python-tools started with the #!/usr/bin/env python shebang, which made installing and using alternative Python versions complicated. This has been fixed and the shebang has been changed to #!/usr/bin/python.
 Previously, an insert statement in the Turkish locale was not accepted in the sqlite3.Cursor.lastrowid object which led to an installation failure when selecting Turkish in the graphical installer. This has been fixed.
 Removed a UTF-8 BOM (byte order mark) insertion code from SysLogHandler that caused messages to be treated as EMERG level and therefore to be displayed on all user consoles.
 Previously, if the /dev/urandom file did not exist, the random.py script failed to import the random module and other programs would crash. This has been fixed.
 Previously, rotating to a new log file failed because the WatchedFileHandler class could not handle a race condition. This has been fixed.
 Fixed the handling of Alternative Subject Names so that false authentication errors no longer occur when reading Alternative Subject Names from certain SSL certificates.
 Previously, some HTTP servers would crash because the SocketServer module did not handle the system call interruption properly. This has been fixed.
 Previously, the Eventlet library would crash when passing the timeout=None argument to the subprocess.Popen() function. This has been fixed.
 Previously, failed incoming SSL connections remained open forever on Python 2 versions. This has been fixed.
 Previously, if multiple libexpat.so libraries were available, Python failed to choose the correct one.
 This has been fixed. by adding an explicit RPATH to the _elementtree.so.
 Fixed the urlparse module parsing of the query and fragment parts of URLs for arbitrary XML schemes.
 Enhancement Added the collections.OrderedDict data structure to the collections package: it is used in application code to make sure that the in-memory python dictionaries are emitted in the same order when converted to a string by the json.dumps routines.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/4503

Plugin Details

Severity: Medium

ID: 289781

File Name: miracle_linux_AXSA-2014-069.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2013-4238

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:python-libs, p-cpe:/a:miracle:linux:tkinter, p-cpe:/a:miracle:linux:python, p-cpe:/a:miracle:linux:python-devel, cpe:/o:miracle:linux:4

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/18/2014

Vulnerability Publication Date: 8/12/2013

Reference Information

CVE: CVE-2013-4238