Advisories ยป MGASA-2014-0089

Updated python-numpy packages fix security vulnerabilities

Publication date: 21 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1858 , CVE-2014-1859

Description

f2py insecurely used a temporary file. A local attacker could use this flaw
to perform a symbolic link attack to modify an arbitrary file accessible to
the user running f2py (CVE-2014-1858, CVE-2014-1859).
                

References

SRPMS

3/core

4/core