Advisories » MGASA-2013-0224

Updated python-suds package fixes security vulnerability

Publication date: 21 Jul 2013
Modification date: 21 Jul 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-2217

Description

An insecure temporary directory use flaw was found in the way python-suds
performed initialization of its internal file-based URL cache (predictable
location was used for directory to store the cached files). A local attacker
could use this flaw to conduct symbolic link attacks, possibly leading to
their ability for example the SOAP .wsdl metadata to redirect queries to a
different host, than originally intended (CVE-2013-2217).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=10791
• http://lists.opensuse.org/opensuse-updates/2013-07/msg00062.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2217

SRPMS

2/core

• python-suds-0.4.1-2.1.mga2

3/core

• python-suds-0.4.1-3.1.mga3