Oracle Linux Local Security Checks : Oracle: Security Advisory (ELSA-2013-1582)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.123515

Kategorie: Oracle Linux Local Security Checks

Titel: Oracle: Security Advisory (ELSA-2013-1582)

Zusammenfassung: The remote host is missing an update for the 'python' package(s) announced via the ELSA-2013-1582 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'python' package(s) announced via the ELSA-2013-1582 advisory.

Vulnerability Insight:
[2.6.6-51]
- Fixed memory leak in _ssl._get_peer_alt_names
Resolves: rhbz#1002983

[2.6.6-50]
- Added fix for CVE-2013-4238
Resolves: rhbz#998784

[2.6.6-49]
- Fix shebangs in several files in python-tools subpackage
Resolves: rhbz#521898

[2.6.6-48]
- Fix sqlite3.Cursor.lastrowid under a Turkish locale.
Resolves: rhbz#841937

[2.6.6-47]
- Urlparse now parses query and fragment of urls for any scheme.
Resolves: rhbz#978129

[2.6.6-46]
- Add wrapper for select.select to restart a system call
Resolves: rhbz#948025

[2.6.6-45]
- Add try-except to catch OSError in WatchedFileHandler
Resolves: rhbz#919163

[2.6.6-44]
- Fix urandom to throw proper exception
Resolves: rhbz#893034

[2.6.6-43]
- Backport of collections.OrderedDict from Python 2.7
Resolves: rhbz#929258

[2.6.6-42]
- Add an explicit RPATH to _elementtree.so pointing at the directory
containing system expat
Resolves: rhbz#962779

[2.6.6-41]
- Don't let failed incoming SSL connection stay open forever
Resolves: rhbz#960168

[2.6.6-40]
- Fix Python not reading Alternative Subject Names from some SSL
certificates
Resolves: rhbz#928390

[2.6.6-39]
- Remove BOM insertion code from SysLogHandler that causes messages to be
treated as EMERG level
Resolves: rhbz#845802

[2.6.6-38]
- move most of the payload of the core package to the libs subpackage, given
that the libs aren't meaningfully usable without the standard libraries
- preserve timestamps when fixing shebangs (patch 158) and when installing,
to minimize .pyc/.pyo differences across architectures (due to the embedded
mtime in .pyc/.pyo headers)
- fix multilib issue in /usr/bin/modulator and /usr/bin/pynche
Related: rhbz#958256

Affected Software/OS:
'python' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-4238
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
http://seclists.org/fulldisclosure/2014/Dec/23
http://www.securityfocus.com/archive/1/534161/100/0/threaded
DSA-2880
http://www.debian.org/security/2014/dsa-2880
RHSA-2013:1582
http://rhn.redhat.com/errata/RHSA-2013-1582.html
USN-1982-1
http://www.ubuntu.com/usn/USN-1982-1
http://bugs.python.org/issue18709
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=996381
openSUSE-SU-2013:1437
http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html
openSUSE-SU-2013:1438
http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html
openSUSE-SU-2013:1439
http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html
openSUSE-SU-2013:1440
http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html
openSUSE-SU-2013:1462
http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html
openSUSE-SU-2013:1463
http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html
openSUSE-SU-2020:0086
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.123515
Kategorie:	Oracle Linux Local Security Checks
Titel:	Oracle: Security Advisory (ELSA-2013-1582)
Zusammenfassung:	The remote host is missing an update for the 'python' package(s) announced via the ELSA-2013-1582 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'python' package(s) announced via the ELSA-2013-1582 advisory. Vulnerability Insight: [2.6.6-51] - Fixed memory leak in _ssl._get_peer_alt_names Resolves: rhbz#1002983 [2.6.6-50] - Added fix for CVE-2013-4238 Resolves: rhbz#998784 [2.6.6-49] - Fix shebangs in several files in python-tools subpackage Resolves: rhbz#521898 [2.6.6-48] - Fix sqlite3.Cursor.lastrowid under a Turkish locale. Resolves: rhbz#841937 [2.6.6-47] - Urlparse now parses query and fragment of urls for any scheme. Resolves: rhbz#978129 [2.6.6-46] - Add wrapper for select.select to restart a system call Resolves: rhbz#948025 [2.6.6-45] - Add try-except to catch OSError in WatchedFileHandler Resolves: rhbz#919163 [2.6.6-44] - Fix urandom to throw proper exception Resolves: rhbz#893034 [2.6.6-43] - Backport of collections.OrderedDict from Python 2.7 Resolves: rhbz#929258 [2.6.6-42] - Add an explicit RPATH to _elementtree.so pointing at the directory containing system expat Resolves: rhbz#962779 [2.6.6-41] - Don't let failed incoming SSL connection stay open forever Resolves: rhbz#960168 [2.6.6-40] - Fix Python not reading Alternative Subject Names from some SSL certificates Resolves: rhbz#928390 [2.6.6-39] - Remove BOM insertion code from SysLogHandler that causes messages to be treated as EMERG level Resolves: rhbz#845802 [2.6.6-38] - move most of the payload of the core package to the libs subpackage, given that the libs aren't meaningfully usable without the standard libraries - preserve timestamps when fixing shebangs (patch 158) and when installing, to minimize .pyc/.pyo differences across architectures (due to the embedded mtime in .pyc/.pyo headers) - fix multilib issue in /usr/bin/modulator and /usr/bin/pynche Related: rhbz#958256 Affected Software/OS: 'python' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4238 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities http://seclists.org/fulldisclosure/2014/Dec/23 http://www.securityfocus.com/archive/1/534161/100/0/threaded DSA-2880 http://www.debian.org/security/2014/dsa-2880 RHSA-2013:1582 http://rhn.redhat.com/errata/RHSA-2013-1582.html USN-1982-1 http://www.ubuntu.com/usn/USN-1982-1 http://bugs.python.org/issue18709 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=996381 openSUSE-SU-2013:1437 http://lists.opensuse.org/opensuse-updates/2013-09/msg00026.html openSUSE-SU-2013:1438 http://lists.opensuse.org/opensuse-updates/2013-09/msg00027.html openSUSE-SU-2013:1439 http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html openSUSE-SU-2013:1440 http://lists.opensuse.org/opensuse-updates/2013-09/msg00029.html openSUSE-SU-2013:1462 http://lists.opensuse.org/opensuse-updates/2013-09/msg00042.html openSUSE-SU-2013:1463 http://lists.opensuse.org/opensuse-updates/2013-09/msg00043.html openSUSE-SU-2020:0086 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Copyright	Copyright (C) 2015 Greenbone AG