Fedora Update for python-oauth2 FEDORA-2014-10784

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 21 : python-oauth2-1.5.211-7.fc21 (2014-10809)

Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 20 : python-oauth2-1.5.211-7.fc20 (2014-10786)

Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 19 : python-oauth2-1.5.211-7.fc19 (2014-10784)

Fix CVE-2013-4346 and CVE-2013-4347, thanks to Philippe Makowski. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

CVE-2013-4346

The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL...

CVE-2013-4347

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

PYSEC-2014-86

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

Design/Logic Flaw

The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL...

PYSEC-2014-86

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

CVE-2013-4346

The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL...

CVE-2013-4347

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

PYSEC-2014-85

The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL...

Code injection

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

CVE-2013-4346

CVE-2013-4346 affects python-oauth2 used by SimpleGeo; it stems from Server.verify_request not checking the nonce, enabling replay through a signed URL. Public references (GHSA entry) confirm the nonce verification flaw and potential replay risk. Connected advisories (RHSA entries for Red Hat Sat...

PT-2014-2777 · Simplegeo · Python-Oauth2

Name of the Vulnerable Software and Affected Versions: SimpleGeo python-oauth2 affected versions not specified Description: The issue is related to the Server.verify request function in SimpleGeo python-oauth2, which does not check the nonce. This omission allows remote attackers to perform repla...

MGASA-2013-0314 Updated python-oauth2 packages fix CVE-2013-4347

It was found that in python-oauth2, an application for authorization flows for web applications, the nonce value generated isn't sufficiently random. While doing bulk operations the nonce might be repeated, so there is a chance of predictability. This could allow MITM attackers to conduct replay...

PT-2014-2778 · Python · Python-Oauth2

Name of the Vulnerable Software and Affected Versions: python-oauth2 affected versions not specified Description: The issue concerns the use of weak random numbers by the make nonce, generate nonce, and generate verifier functions in python-oauth2, making it easier for remote attackers to guess t...