Advisories ยป MGASA-2014-0285

Updated python & python3 packages fix two vulnerabilities

Publication date: 08 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4616 , CVE-2014-4650


Updated python and python3 packages fix security vulnerabilities:

Python 2 and 3 are susceptible to arbitrary process memory reading by a user
or adversary due to a bug in the _json module caused by insufficient bounds
checking. The bug is caused by allowing the user to supply a negative value
that is used an an array index, causing the scanstring function to access
process memory outside of the string it is intended to access

The CGIHTTPServer Python module does not properly handle URL-encoded path
separators in URLs. This may enable attackers to disclose a CGI script's
source code or execute arbitrary scripts in the server's document root