Detections
Analytics

Fedora 40 : pypy3.10 (2023-c729dabeb1)

high Nessus Plugin ID 194657

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c729dabeb1 advisory.

 Automatic update for pypy3.10-7.3.12-1.3.10.fc40.

 ##### **Changelog**

 ```
 * Wed Jul 26 2023 Miro Hronok <[email protected]> - 7.3.12-1.3.10
 - Initial PyPy 3.10 package
 * Wed Jul 26 2023 Miro Hronok <[email protected]> - 7.3.12-1.3.9
 - Update to 7.3.12
 - Fixes: rhbz#2203423
 * Fri Jul 21 2023 Fedora Release Engineering <[email protected]> - 7.3.11-5.3.9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 * Mon May 29 2023 Charalampos Stratakis <[email protected]> - 7.3.11-4.3.9
 - Security fix for CVE-2023-24329 Resolves: rhbz#2174020
 * Fri Feb 17 2023 Miro Hronok <[email protected]> - 7.3.11-3.3.9
 - On Fedora 38+, obsolete the pypy3.8 package which is no longer available
 * Fri Jan 20 2023 Fedora Release Engineering <[email protected]> - 7.3.11-2.3.9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 * Fri Dec 30 2022 Miro Hronok <[email protected]> - 7.3.11-1.3.9
 - Update to 7.3.11
 - Fixes: rhbz#2147520
 * Fri Dec 2 2022 Miro Hronok <[email protected]> - 7.3.9-5.3.9
 - On Fedora 37+, obsolete the pypy3.7 package which is no longer available
 * Mon Oct 10 2022 Lumr Balhar <[email protected]> - 7.3.9-4.3.9
 - Backport fix for CVE-2021-28861 Resolves: rhbz#2120789
 * Fri Jul 22 2022 Fedora Release Engineering <[email protected]> - 7.3.9-3.3.9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 * Tue Jun 28 2022 Charalampos Stratakis <[email protected]> - 7.3.9-2.3.9
 - Security fix for CVE-2015-20107
 - Fixes: rhbz#2075390
 * Wed Mar 30 2022 Miro Hronok <[email protected]> - 7.3.9-1.3.9
 - Update to 7.3.9
 - Fixes: rhbz#2069873
 * Tue Mar 1 2022 Miro Hronok <[email protected]> - 7.3.8-1.3.9
 - Include the Python version in Release to workaround debuginfo conflicts and make same builds of different PyPy sort in a predictable way (e.g. wrt Obsoletes)
 - Namespace the debugsources to fix installation conflict with other PyPys
 - Fixes: rhbz#2053880
 - This is now the main PyPy 3 on Fedora 36+
 - Fixes: rhbz#2059670
 * Tue Feb 22 2022 Miro Hronok <[email protected]> - 7.3.8-1
 - Update to 7.3.8 final
 * Fri Feb 11 2022 Miro Hronok <[email protected]> - 7.3.8~rc2-1
 - Update to 7.3.8rc2
 * Wed Jan 26 2022 Miro Hronok <[email protected]> - 7.3.8~rc1-1
 - Update to 7.3.8rc1
 - Move to a CPython-like installation layout
 - Stop requiring pypy3.9 from pypy3.9-libs
 - Split tests into pypy3.9-test
 * Fri Jan 21 2022 Fedora Release Engineering <[email protected]> - 7.3.7-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 * Sat Jan 8 2022 Miro Hronok <[email protected]> - 7.3.7-2
 - Rebuilt for https://fedoraproject.org/wiki/Changes/LIBFFI34
 * Thu Nov 11 2021 Miro Hronok <[email protected]> - 7.3.7-1
 - Initial pypy3.8 package
 - Supplement tox
 * Tue Oct 26 2021 Tom Hrniar <[email protected]> - 7.3.6-1
 - Update to 7.3.6
 - Remove windows executable binaries
 - Fixes: rhbz#2003682
 * Mon Sep 20 2021 Miro Hronok <[email protected]> - 7.3.5-2
 - Explicitly buildrequire OpenSSL 1.1, as Python 3.7 is not compatible with OpenSSL 3.0
 * Mon Aug 16 2021 Miro Hronok <[email protected]> - 7.3.5-1
 - Update to 7.3.5
 - Fixes: rhbz#1992600
 * Mon Aug 9 2021 Tomas Hrnciar <[email protected]> - 7.3.4-4
 - Rename pypy3 to pypy3.7
 - pypy-stackless was removed

 ```

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected pypy3.10 package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2023-c729dabeb1

Plugin Details

Severity: High

ID: 194657

File Name: fedora_2023-c729dabeb1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/29/2024

Updated: 11/14/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, continuous_assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 8

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:C/A:P

CVSS Score Source: CVE-2015-20107

CVSS v3

Risk Factor: High

Base Score: 7.6

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:pypy3.10, cpe:/o:fedoraproject:fedora:40

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/22/2023

Vulnerability Publication Date: 4/12/2022

Reference Information

CVE: CVE-2015-20107, CVE-2021-28861, CVE-2023-24329