Updated python-dulwich packages fix security vulnerabilities
Publication date: 15 Apr 2015Modification date: 15 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9706 , CVE-2015-0838
Description
Updated python-dulwich package fixes security vulnerabilities: It was discovered that Dulwich allows writing to files under .git/ when checking out working trees. This could lead to the execution of arbitrary code with the privileges of the user running an application based on Dulwich (CVE-2014-9706). Ivan Fratric of the Google Security Team has found a buffer overflow in the C implementation of the apply_delta() function, used when accessing Git objects in pack files. An attacker could take advantage of this flaw to cause the execution of arbitrary code with the privileges of the user running a Git server or client based on Dulwich (CVE-2015-0838). The python-dulwich package has been updated to version 0.10.0, fixing these issues and other bugs.
References
SRPMS
4/core
- python-dulwich-0.10.0-1.mga4