Advisories ยป MGASA-2014-0085

Updated python & python3 packages fix multiple vulnerabilities

Publication date: 19 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1912 , CVE-2013-1752

Description

Updated python and python3 packages fix security vulnerabilities:

A vulnerability was reported in Python's socket module, due to a boundary
error within the sock_recvfrom_into() function, which could be exploited to
cause a buffer overflow.  This could be used to crash a Python application
that uses the socket.recvfrom_info() function or, possibly, execute arbitrary
code with the permissions of the user running vulnerable Python code
(CVE-2014-1912).

This updates the python package to version 2.7.6, which fixes several other
bugs, including denial of service flaws due to unbound readline() calls in
the ftplib and nntplib modules (CVE-2013-1752).

The python3 package has been patched to fix the CVE-2014-1912 issue.
                

References

SRPMS

4/core

3/core