ID de Prueba:	1.3.6.1.4.1.25623.1.0.882919
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for python CESA-2018:2123 centos7
Resumen:	Check the version of python
Descripción:	Summary: Check the version of python Vulnerability Insight: Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note: This update modifies the Python ssl module to disable 3DES cipher suites by default. Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters. Affected Software/OS: python on CentOS 7 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2183 BugTraq ID: 92630 http://www.securityfocus.com/bid/92630 BugTraq ID: 95568 http://www.securityfocus.com/bid/95568 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697 http://www-01.ibm.com/support/docview.wss?uid=swg21991482 http://www-01.ibm.com/support/docview.wss?uid=swg21995039 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html http://www.splunk.com/view/SP-CAAAPSV http://www.splunk.com/view/SP-CAAAPUE https://access.redhat.com/articles/2548661 https://access.redhat.com/security/cve/cve-2016-2183 https://bto.bluecoat.com/security-advisory/sa133 https://bugzilla.redhat.com/show_bug.cgi?id=1369383 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 https://kc.mcafee.com/corporate/index?page=content&id=SB10171 https://kc.mcafee.com/corporate/index?page=content&id=SB10310 https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/ https://security.netapp.com/advisory/ntap-20160915-0001/ https://security.netapp.com/advisory/ntap-20170119-0001/ https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008 https://www.openssl.org/blog/blog/2016/08/24/sweet32/ https://www.tenable.com/security/tns-2016-16 https://www.tenable.com/security/tns-2016-20 https://www.tenable.com/security/tns-2016-21 https://www.tenable.com/security/tns-2017-09 https://security.gentoo.org/glsa/201612-16 https://security.gentoo.org/glsa/201701-65 https://security.gentoo.org/glsa/201707-01 https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/ https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633 https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/ https://sweet32.info/ https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/ https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2020.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.sigsac.org/ccs/CCS2016/accepted-papers/ https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue https://www.ietf.org/mail-archive/web/tls/current/msg04560.html RedHat Security Advisories: RHSA-2017:0336 http://rhn.redhat.com/errata/RHSA-2017-0336.html RedHat Security Advisories: RHSA-2017:0337 http://rhn.redhat.com/errata/RHSA-2017-0337.html RedHat Security Advisories: RHSA-2017:0338 http://rhn.redhat.com/errata/RHSA-2017-0338.html RedHat Security Advisories: RHSA-2017:0462 http://rhn.redhat.com/errata/RHSA-2017-0462.html RedHat Security Advisories: RHSA-2017:1216 https://access.redhat.com/errata/RHSA-2017:1216 RedHat Security Advisories: RHSA-2017:2708 https://access.redhat.com/errata/RHSA-2017:2708 RedHat Security Advisories: RHSA-2017:2709 https://access.redhat.com/errata/RHSA-2017:2709 RedHat Security Advisories: RHSA-2017:2710 https://access.redhat.com/errata/RHSA-2017:2710 RedHat Security Advisories: RHSA-2017:3113 https://access.redhat.com/errata/RHSA-2017:3113 RedHat Security Advisories: RHSA-2017:3114 https://access.redhat.com/errata/RHSA-2017:3114 RedHat Security Advisories: RHSA-2017:3239 https://access.redhat.com/errata/RHSA-2017:3239 RedHat Security Advisories: RHSA-2017:3240 https://access.redhat.com/errata/RHSA-2017:3240 RedHat Security Advisories: RHSA-2018:2123 https://access.redhat.com/errata/RHSA-2018:2123 RedHat Security Advisories: RHSA-2019:1245 https://access.redhat.com/errata/RHSA-2019:1245 RedHat Security Advisories: RHSA-2019:2859 https://access.redhat.com/errata/RHSA-2019:2859 RedHat Security Advisories: RHSA-2020:0451 https://access.redhat.com/errata/RHSA-2020:0451 http://www.securitytracker.com/id/1036696 SuSE Security Announcement: SUSE-SU-2016:2470 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.