Update Python

brianmcbride99
Contributor

I'm wondering if anyone has a solution for upgrading Python? Our Vulnerability scans are picking up a vulnerability with older versions of Python on a number or our mac machines. It appears Python 3.9.4 resolves this.

When I install the package for 3.9.4, it installs, but leaves the older Python Launcher folder in /Applications, and I assume some framework stuff elsewhere?

I'm not a python user and am afraid to remove that older folder out of fear(and also believe there is more to python than just that folder) of "breaking" something. We have a lot of dev users in our environment.

Thanks for any input on how to accomplish this upgrade.

1 ACCEPTED SOLUTION

brianmcbride99
Contributor

Thought I would follow up here. After doing some research and posing the question over in the macadmins slack I found that the version of python installed in /usr/bin/ is Apple's version that comes with xCode and the xCode CLI developer tools. A number of our devs utilize these, and also have utilized homebrew, which installs the xCode CLI dev tools as a pre req.

We opened a case with Qualys support and after fighting with them for awhile I got the following back today:

Hello Brian
Greetings for the day..!

This is to inform you that for QID:375419, we have now modified the detection to now check the path:/usr/local/bin/python3 --version check, currently the QID is under the QA phase.

We will notify you as soon as the QID is released in production.

Regards,
Priyanka Athavale
Technical Support Engineer
Qualys, Inc. | Continuous Security

 

 

So - if your vulnerability scanning solution is with Qualys, and the QID you're struggling with is 375419 then soon the detection logic should change and this will no longer be showing up it appears.

View solution in original post

5 REPLIES 5

Moreal_Wilson
New Contributor II

We are having the same situation.  Have you found any resolution?

brianmcbride99
Contributor

hi @Moreal_Wilson - unfortunately i have not, and it is still an issue. To provide some more context:

Our IT Security team utilizes Qualys for Vulnerability detection

Qualys is detecting Python 3.8.2 as the vulnerable version in /usr/bin

I am reading this directory is the OS install directory for python

/usr/local/bin is the directory where any user installed versions of Python seem to be going. 

I have no idea if removing/uninstalling Python from /usr/bin will "break" anything in the OS or not.

We are in the same exact scenario and use Qualys as well. I have no idea how to get it updated and don't know what can or can't be removed. 

user-lrRSgzkxgs
New Contributor

Hi all,

We are facing the same issue. Talking with DEV team to test if block and after that delete the file process cause any problem.

brianmcbride99
Contributor

Thought I would follow up here. After doing some research and posing the question over in the macadmins slack I found that the version of python installed in /usr/bin/ is Apple's version that comes with xCode and the xCode CLI developer tools. A number of our devs utilize these, and also have utilized homebrew, which installs the xCode CLI dev tools as a pre req.

We opened a case with Qualys support and after fighting with them for awhile I got the following back today:

Hello Brian
Greetings for the day..!

This is to inform you that for QID:375419, we have now modified the detection to now check the path:/usr/local/bin/python3 --version check, currently the QID is under the QA phase.

We will notify you as soon as the QID is released in production.

Regards,
Priyanka Athavale
Technical Support Engineer
Qualys, Inc. | Continuous Security

 

 

So - if your vulnerability scanning solution is with Qualys, and the QID you're struggling with is 375419 then soon the detection logic should change and this will no longer be showing up it appears.

View solution in original post