Advisories ยป MGASA-2013-0314

Updated python-oauth2 packages fix CVE-2013-4347

Publication date: 25 Oct 2013
Modification date: 25 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4347

Description

It was found that in python-oauth2, an application for authorization flows
for web applications, the nonce value generated isn't sufficiently random.
While doing bulk operations the nonce might be repeated, so there is a chance
of predictability. This could allow MITM attackers to conduct replay attacks.
(CVE-2013-4347)
                

References

SRPMS

3/core

2/core