Detections
Analytics
Oracle Linux 3 / 4 : python (ELSA-2006-0713)
high Nessus Plugin ID 67414
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
From Red Hat Security Advisory 2006:0713 :Updated Python packages are now available to correct a security issue in Red Hat Enterprise Linux 3 and 4.
This update has been rated as having important security impact by the Red Hat Security Response Team.
Python is an interpreted, interactive, object-oriented programming language.
A flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. (CVE-2006-4980)
In addition, this errata fixes a regression in the SimpleXMLRPCServer backport for Red Hat Enterprise Linux 3 that was introduced with RHSA-2005:109.
Users of Python should upgrade to these updated packages, which contain a backported patch to correct this issue.
Solution
Update the affected python packages.See Also
https://oss.oracle.com/pipermail/el-errata/2006-November/000012.html
https://oss.oracle.com/pipermail/el-errata/2007-March/000102.html
Plugin Details
Severity: High
ID: 67414
File Name: oraclelinux_ELSA-2006-0713.nasl
Version: 1.8
Type: local
Agent: unix
Published: 7/12/2013
Updated: 1/14/2021
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:python, cpe:/o:oracle:linux:4, p-cpe:/a:oracle:linux:python-docs, p-cpe:/a:oracle:linux:tkinter, p-cpe:/a:oracle:linux:python-devel, cpe:/o:oracle:linux:3, p-cpe:/a:oracle:linux:python-tools
Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 11/30/2006
Vulnerability Publication Date: 10/10/2006
Reference Information
CVE: CVE-2006-4980
RHSA: 2006:0713