Updated python and python3 packages fix security vulnerabilities: A vulnerability was reported in Pythonโs socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code (CVE-2014-1912). This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules (CVE-2013-1752). The python3 package has been patched to fix the CVE-2014-1912 issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | python | <ย 2.7.6-1 | python-2.7.6-1.mga3 |
Mageia | 3 | noarch | python3 | <ย 3.3.0-4.6 | python3-3.3.0-4.6.mga3 |
Mageia | 4 | noarch | python | <ย 2.7.6-1 | python-2.7.6-1.mga4 |
Mageia | 4 | noarch | python3 | <ย 3.3.2-13.1 | python3-3.3.2-13.1.mga4 |
bugs.python.org/issue20246
hg.python.org/cpython/raw-file/99d03261c1ba/Misc/NEWS
openwall.com/lists/oss-security/2013/12/23/10
bugs.mageia.org/show_bug.cgi?id=12127
bugs.mageia.org/show_bug.cgi?id=12772
bugzilla.redhat.com/show_bug.cgi?id=1046174
lists.fedoraproject.org/pipermail/package-announce/2014-February/128243.html
lists.fedoraproject.org/pipermail/package-announce/2014-February/128361.html