Detections
Analytics

Oracle Linux 7 : python-reportlab (ELSA-2020-0195)

critical Nessus Plugin ID 133183

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-0195 advisory.

 [2.5-9.el7_7.1]
 - Do not eval strings passed to toColor
 - Resolves: #1788552

 [2.5-9]
 - Mass rebuild 2014-01-24

 [2.5-8]
 - Mass rebuild 2013-12-27

 [2.5-7]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

 [2.5-6]
 - Add a dep on python-imaging to process images

 [2.5-5]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

 [2.5-4]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

 [2.5-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

 [2.5-2]
 - Update to version 2.5 of reportlab.
 - Remove tabs in specfile.

 [2.3-3]
 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild

 [2.3-2]
 - Do not bundle fonts
 - Point the config to Fedora's font locations

 [2.3-1]
 - Updated to 2.3
 - New version is no longer noarch.

 [2.1-6]
 - Rebuild for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

 [2.1-5]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

 [2.1-4]
 - Fix locations for Python 2.6

 [2.1-3]
 - Rebuild for Python 2.6

 [2.1-2]
 - Remove luxi font. (#427845)
 - Add patch to not search for the luxi font.

 [2.1-1]
 - Update to 2.1.

 [2.0-2]
 - Make docs subpackage.

 [2.0-1]
 - Update to 2.0.

 [1.21.1-2]
 - Rebuild against new python.

 [1.21.1-1]
 - Update to 1.20.1.

 [1.20-5]
 - rebuilt for new gcc4.1 snapshot and glibc changes

 [1.20-4]
 - Add dist tag. (#176479)

 [1.20-3.fc4]
 - Switchback to sitelib patch.
 - Make package noarch.

 [1.20-2.fc4]
 - Use python_sitearch to fix x86_64 build.

 [1.20-1.fc4]
 - Rebuild for Python 2.4.
 - Update to 1.20.
 - Switch to the new python macros for python-abi
 - Add dist tag.

 [0:1.19-0.fdr.2]
 - Removed ghosts.

 [0:1.19-0.fdr.1]
 - Initial Fedora RPM build.

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected python-reportlab and / or python-reportlab-docs packages.

See Also

https://linux.oracle.com/errata/ELSA-2020-0195.html

Plugin Details

Severity: Critical

ID: 133183

File Name: oraclelinux_ELSA-2020-0195.nasl

Version: 1.4

Type: local

Agent: unix

Published: 1/23/2020

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-17626

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:python-reportlab, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:python-reportlab-docs

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/22/2020

Vulnerability Publication Date: 10/16/2019

Reference Information

CVE: CVE-2019-17626

RHSA: 2020:0195