Advisories » MGASA-2014-0139

Updated python package fixes security vulnerabilities

Publication date: 24 Mar 2014
Modification date: 24 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-1752 , CVE-2013-1753

Description

Denial of service flaws due to unbound readline() calls in the imaplib,
poplib, and smtplib modules (CVE-2013-1752).

A gzip bomb and unbound read denial of service flaw in python XMLRPC library
(CVE-2013-1753).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13041
• http://lists.opensuse.org/opensuse-updates/2014-03/msg00044.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1753

SRPMS

3/core

• python-2.7.6-1.1.mga3

4/core

• python-2.7.6-1.1.mga4