Description: | Summary: The remote host is missing an update for the 'Python' package(s) announced via the SUSE-SU-2014:0997-1 advisory.
Vulnerability Insight: Python has been updated to version 2.6.9, which brings many fixes for bugs and security issues:
* SSL Root Certificate validation is now enabled by default. (bnc#827982) * Fixed a overflow in socket.recvfrom_into where incorrect python programs could have been exploited remotely via a buffer overrun. (CVE-2014-1912) * Multiple unbound readline() DoS flaws in python stdlib have been fixed. (CVE-2013-1752) * Handling of embedded 0 in SSL certificate fields has been fixed. (CVE-2013-4238) * CGIHTTPServer file disclosure and directory traversal through URL-encoded characters has been fixed. (CVE-2014-4650)
Additionally, the following non-security issues have been fixed:
* Turn off OpenSSL's aggressive optimizations that conflict with Python's GC. (bnc#859068) * Fix usage of MD5 in hmac module when the cipher is not available in FIPS mode. (bnc#847135) * Update 'urlparse' module to correctly parse IPv6 addresses. (bnc#872848) * Correctly enable IPv6 support.
Security Issues:
* CVE-2013-4238 * CVE-2014-1912 * CVE-2013-1752 * CVE-2014-4650
Affected Software/OS: 'Python' package(s) on SUSE Linux Enterprise Server 11 SP1, SUSE Linux Enterprise Server 11 SP2.
Solution: Please install the updated package(s).
CVSS Score: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
|