Advisories ยป MGASA-2014-0286

Updated python-simplejson package fixes security vulnerability

Publication date: 08 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4616


Python 2 and 3 are susceptible to arbitrary process memory reading by a user
or adversary due to a bug in the _json module caused by insufficient bounds
checking. The bug is caused by allowing the user to supply a negative value
that is used an an array index, causing the scanstring function to access
process memory outside of the string it is intended to access

This issue also affected the python-simplejson package, which has been
patched to fix the bug.