Advisories ยป MGASA-2014-0320

Updated ipython package fixes security vulnerability

Publication date: 06 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3429

Description

In IPython before 1.2, the origin of websocket requests was not verified
within the IPython notebook server. If an attacker has knowledge of an IPython
kernel id they can run arbitrary code on a user's machine when the client
visits a crafted malicious page (CVE-2014-3429).
                

References

SRPMS

3/core

4/core