Updated python-oauth2 packages fix CVE-2013-4347
Publication date: 25 Oct 2013Modification date: 25 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4347
Description
It was found that in python-oauth2, an application for authorization flows for web applications, the nonce value generated isn't sufficiently random. While doing bulk operations the nonce might be repeated, so there is a chance of predictability. This could allow MITM attackers to conduct replay attacks. (CVE-2013-4347)
References
SRPMS
3/core
- python-oauth2-1.5.170-2.3.mga3
2/core
- python-oauth2-1.5.170-1.3.mga2