Advisories ยป MGASA-2014-0218

Updated python-lxml package fix CVE-2014-3146

Publication date: 14 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3146

Description

Updated python-lxml packages fix security vulnerability:

The clean_html() function, provided by the lxml.html.clean module, did not
properly clean HTML input if it included non-printed characters (\x01-\x08).
A remote attacker could use this flaw to serve malicious content to an
application using the clean_html() function to process HTML, possibly
allowing the attacker to inject malicious code into a website generated by
this application (CVE-2014-3146).
                

References

SRPMS

4/core

3/core