Detections
Analytics

FreeBSD : Python -- multiple vulnerabilities (d6d088c9-5064-11ed-bade-080027881239)

high Nessus Plugin ID 166355

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d6d088c9-5064-11ed-bade-080027881239 advisory.

 - Python reports: gh-97616: Fix multiplying a list by an integer (list *= int): detect the integer overflow when the new allocated length is close to the maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner. gh-97612: Fix a shell code injection vulnerability in the get-remote-certificate.py example script. The script no longer uses a shell to run openssl commands. Issue reported and initial fix by Caleb Shortt. Patch by Victor Stinner.
 (d6d088c9-5064-11ed-bade-080027881239)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://docs.python.org/release/3.9.15/whatsnew/changelog.html

http://www.nessus.org/u?011fa9d8

Plugin Details

Severity: High

ID: 166355

File Name: freebsd_pkg_d6d088c9506411edbade080027881239.nasl

Version: 1.2

Type: local

Published: 10/21/2022

Updated: 10/21/2022

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:python310, p-cpe:/a:freebsd:freebsd:python37, p-cpe:/a:freebsd:freebsd:python38, p-cpe:/a:freebsd:freebsd:python39, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 10/20/2022

Vulnerability Publication Date: 9/29/2022