Mandriva Linux Security Advisory : python3 (MDVSA-2015:076)

high Nessus Plugin ID 82329
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated python3 packages fix security vulnerabilities :

ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips (CVE-2013-7338).

A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912).

It was reported that a patch added to Python 3.2 caused a race condition where a file created could be created with world read/write permissions instead of the permissions dictated by the original umask of the process. This could allow a local attacker that could win the race to view and edit files created by a program using this call. Note that prior versions of Python, including 2.x, do not include the vulnerable _get_masked_mode() function that is used by os.makedirs() when exist_ok is set to True (CVE-2014-2667).

Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access (CVE-2014-4616).

The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root (CVE-2014-4650).

Solution

Update the affected packages.

See Also

http://advisories.mageia.org/MGASA-2014-0085.html

http://advisories.mageia.org/MGASA-2014-0140.html

http://advisories.mageia.org/MGASA-2014-0216.html

http://advisories.mageia.org/MGASA-2014-0285.html

Plugin Details

Severity: High

ID: 82329

File Name: mandriva_MDVSA-2015-076.nasl

Version: 1.6

Type: local

Published: 3/30/2015

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64python3-devel, p-cpe:/a:mandriva:linux:lib64python3.3, p-cpe:/a:mandriva:linux:python3, p-cpe:/a:mandriva:linux:python3-docs, p-cpe:/a:mandriva:linux:tkinter3, p-cpe:/a:mandriva:linux:tkinter3-apps, cpe:/o:mandriva:business_server:2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/27/2015

Reference Information

CVE: CVE-2013-7338, CVE-2014-1912, CVE-2014-2667, CVE-2014-4616, CVE-2014-4650

MDVSA: 2015:076