Advisories » MGASA-2013-0330

Updated python-scipy packages fix a security vulnerability and missing deps

Publication date: 20 Nov 2013
Modification date: 20 Nov 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4251

Description

Updated python-scipy package fixes security vulnerability:

scipy.weave will use /tmp/[username] as persistent storage (cache), but it
does not check whether or not this directory already exists, does not check
whether it is a directory or a symlink, and also does not verify permissions
or ownership, which could allow someone to place code in this directory that
would be executed as the user running scipy.weave (CVE-2013-4251).

The update also adds some missing dependencies.
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119771.html
• https://bugs.mageia.org/show_bug.cgi?id=11555
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4251

SRPMS

2/core

• python-scipy-0.9.0-3.4.mga2

3/core

• python-scipy-0.9.0-7.3.mga3