Advisories » MGASA-2015-0456

Updated python-pygments packages fix security vulnerability

Publication date: 26 Nov 2015
Modification date: 26 Nov 2015
Type: security
Affected Mageia releases : 5

Description

An unsafe use of string concatenation in a shell string occurs in
FontManager. If the developer allows the attacker to choose the font and
outputs an image, the attacker can execute any shell command on the remote
system. The name variable injected comes from the constructor of
FontManager, which is invoked by ImageFormatter from options
(rhbz#1276321).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17165
• https://lists.fedoraproject.org/pipermail/package-announce/2015-November/171882.html

SRPMS

5/core

• python-pygments-1.6-8.1.mga5