Advisories ยป MGASA-2014-0085

Updated python & python3 packages fix multiple vulnerabilities

Publication date: 19 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1912 , CVE-2013-1752


Updated python and python3 packages fix security vulnerabilities:

A vulnerability was reported in Python's socket module, due to a boundary
error within the sock_recvfrom_into() function, which could be exploited to
cause a buffer overflow.  This could be used to crash a Python application
that uses the socket.recvfrom_info() function or, possibly, execute arbitrary
code with the permissions of the user running vulnerable Python code

This updates the python package to version 2.7.6, which fixes several other
bugs, including denial of service flaws due to unbound readline() calls in
the ftplib and nntplib modules (CVE-2013-1752).

The python3 package has been patched to fix the CVE-2014-1912 issue.