Advisories ยป MGASA-2014-0216

Updated python3 packages fix security vulnerability

Publication date: 14 May 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2667

Description

It was reported that a patch added to Python 3.2 caused a race condition
where a file created could be created with world read/write permissions
instead of the permissions dictated by the original umask of the process.
This could allow a local attacker that could win the race to view and edit
files created by a program using this call. Note that prior versions of
Python, including 2.x, do not include the vulnerable _get_masked_mode()
function that is used by os.makedirs() when exist_ok is set to True
(CVE-2014-2667).
                

References

SRPMS

3/core

4/core