Advisories » MGASA-2015-0440

Updated python-curl packages fix security vulnerability

Publication date: 10 Nov 2015
Modification date: 10 Nov 2015
Type: security
Affected Mageia releases : 5

Description

A use-after-free vulnerability was found in Curl object's HTTPPOST setopt
when a Unicode value is passed as a value with a FORM_BUFFERPTR. The str
object created from the passed in unicode object would have its buffer
used but the unicode object would be stored instead of the str object
(rhbz#1277488).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17077
• http://openwall.com/lists/oss-security/2015/11/03/4
• https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170967.html

SRPMS

5/core

• python-curl-7.19.5-4.1.mga5