Advisories » MGASA-2015-0251

Updated python-tornado package fixes security vulnerability

Publication date: 01 Jul 2015
Modification date: 01 Jul 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9720

Description

Security fixes (CVE-2014-9720)
The XSRF token is now encoded with a random mask on each request. This
makes it safe to include in compressed pages without being vulnerable to
the BREACH attack. This applies to most applications that use both the
xsrf_cookies and gzip options (or have gzip applied by a proxy).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16100
• https://bugzilla.redhat.com/show_bug.cgi?id=1222816
• http://lwn.net/Vulnerabilities/647618/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9720

SRPMS

4/core

• python-tornado-3.1-4.1.mga4