Download
| Alert*
oval:org.secpod.oval:def:93579
The host is installed with Python before 3.6.13, 3.7.x before 3.7.10, 3.8.x before 3.8.7, or 3.9.x before 3.9.1 and is prone to an XML external entity (XXE) vulnerability. A flaw is present in the application, which fails to properly handle the plistlib module when entity declarations are made. Succ ... oval:org.secpod.oval:def:89050212 This update for python fixes the following issues: * CVE-2022-48566: Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. * CVE-2022-48565: Fixed an XXE in the plistlib module oval:org.secpod.oval:def:1601832 An XML External Entity issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities oval:org.secpod.oval:def:1701914 An XML External Entity issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities oval:org.secpod.oval:def:126339 Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ... oval:org.secpod.oval:def:126344 Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed ... oval:org.secpod.oval:def:97753 [CLSA-2023:1696878189] python: Fix of CVE-2022-48565 oval:org.secpod.oval:def:1701887 An XML External Entity issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities oval:org.secpod.oval:def:3302040 Security update for python oval:org.secpod.oval:def:509387 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... oval:org.secpod.oval:def:2501449 Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for My ... |