Updated python & python3 packages fix multiple vulnerabilities

2014-02-2001:24:08

Gentoo Foundation

advisories.mageia.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.53 Medium

EPSS

Percentile

97.6%

JSON

Updated python and python3 packages fix security vulnerabilities: A vulnerability was reported in Python’s socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912). This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules (CVE-2013-1752). The python3 package has been patched to fix the CVE-2014-1912 issue.

OSVersionArchitecturePackageVersionFilename
Mageia3noarchpython< 2.7.6-1python-2.7.6-1.mga3
Mageia3noarchpython3< 3.3.0-4.6python3-3.3.0-4.6.mga3
Mageia4noarchpython< 2.7.6-1python-2.7.6-1.mga4
Mageia4noarchpython3< 3.3.2-13.1python3-3.3.2-13.1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	python	< 2.7.6-1	python-2.7.6-1.mga3
Mageia	3	noarch	python3	< 3.3.0-4.6	python3-3.3.0-4.6.mga3
Mageia	4	noarch	python	< 2.7.6-1	python-2.7.6-1.mga4
Mageia	4	noarch	python3	< 3.3.2-13.1	python3-3.3.2-13.1.mga4