Advisories ยป MGASA-2015-0157

Updated python-dulwich packages fix security vulnerabilities

Publication date: 15 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9706 , CVE-2015-0838

Description

Updated python-dulwich package fixes security vulnerabilities:

It was discovered that Dulwich allows writing to files under .git/ when
checking out working trees. This could lead to the execution of arbitrary
code with the privileges of the user running an application based on Dulwich
(CVE-2014-9706).

Ivan Fratric of the Google Security Team has found a buffer overflow in the
C implementation of the apply_delta() function, used when accessing Git
objects in pack files. An attacker could take advantage of this flaw to
cause the execution of arbitrary code with the privileges of the user
running a Git server or client based on Dulwich (CVE-2015-0838).

The python-dulwich package has been updated to version 0.10.0, fixing these
issues and other bugs.
                

References

SRPMS

4/core