Advisories » MGASA-2013-0314

Updated python-oauth2 packages fix CVE-2013-4347

Publication date: 25 Oct 2013
Modification date: 25 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4347

Description

It was found that in python-oauth2, an application for authorization flows
for web applications, the nonce value generated isn't sufficiently random.
While doing bulk operations the nonce might be repeated, so there is a chance
of predictability. This could allow MITM attackers to conduct replay attacks.
(CVE-2013-4347)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=11224
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4347

SRPMS

2/core

• python-oauth2-1.5.170-1.3.mga2

3/core

• python-oauth2-1.5.170-2.3.mga3