ID de Prueba:	1.3.6.1.4.1.25623.1.0.891852
Categoría:	Debian Local Security Checks
Título:	Debian LTS: Security Advisory for python3.4 (DLA-1852-1)
Resumen:	The remote host is missing an update for the 'python3.4'; package(s) announced via the DLA-1852-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'python3.4' package(s) announced via the DLA-1852-1 advisory. Vulnerability Insight: The urllib library in Python ships support for a second, not well known URL scheme for accessing local files ('local_file://'). This scheme can be used to circumvent protections that try to block local file access and only block the well-known 'file://' schema. This update addresses the vulnerability by disallowing the 'local_file://' URL scheme. This update also fixes another regression introduced in the update issued as DLA-1835-1 that broke installation of libpython3.4-testsuite. Affected Software/OS: 'python3.4' package(s) on Debian Linux. Solution: For Debian 8 'Jessie', this problem has been fixed in version 3.4.2-1+deb8u5. We recommend that you upgrade your python3.4 packages. CVSS Score: 6.4 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-9948 BugTraq ID: 107549 http://www.securityfocus.com/bid/107549 Bugtraq: 20191021 [slackware-security] python (SSA:2019-293-01) (Google Search) https://seclists.org/bugtraq/2019/Oct/29 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQEQLXLOCR3SNM3AA5RRYJFQ5AZBYJ4L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KRYFIMISZ47NTAU3XWZUOFB7CYL62KES/ https://security.gentoo.org/glsa/202003-26 http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html https://bugs.python.org/issue35907 https://github.com/python/cpython/pull/11842 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html https://lists.debian.org/debian-lts-announce/2019/07/msg00011.html https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html RedHat Security Advisories: RHSA-2019:1700 https://access.redhat.com/errata/RHSA-2019:1700 RedHat Security Advisories: RHSA-2019:2030 https://access.redhat.com/errata/RHSA-2019:2030 RedHat Security Advisories: RHSA-2019:3335 https://access.redhat.com/errata/RHSA-2019:3335 RedHat Security Advisories: RHSA-2019:3520 https://access.redhat.com/errata/RHSA-2019:3520 SuSE Security Announcement: openSUSE-SU-2019:1273 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00092.html SuSE Security Announcement: openSUSE-SU-2019:1580 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00050.html https://usn.ubuntu.com/4127-1/ https://usn.ubuntu.com/4127-2/
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.