Advisories » MGASA-2014-0320

Updated ipython package fixes security vulnerability

Publication date: 06 Aug 2014
Modification date: 06 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3429

Description

In IPython before 1.2, the origin of websocket requests was not verified
within the IPython notebook server. If an attacker has knowledge of an IPython
kernel id they can run arbitrary code on a user's machine when the client
visits a crafted malicious page (CVE-2014-3429).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13744
• http://openwall.com/lists/oss-security/2014/07/15/2
• https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135763.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3429

SRPMS

4/core

• ipython-1.1.0-3.1.mga4

3/core

• ipython-0.13.2-1.1.mga3