lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 27 Mar 2015 19:07:01 +0100
Subject: [ MDVSA-2015:076 ] python3

Hash: SHA1


 Mandriva Linux Security Advisory                         MDVSA-2015:076

 Package : python3
 Date    : March 27, 2015
 Affected: Business Server 2.0

 Problem Description:

 Updated python3 packages fix security vulnerabilities: goes into 100% CPU infinite loop on maliciously binary
 edited zips (CVE-2013-7338).
 A vulnerability was reported in Python&#039;s socket module, due to
 a boundary error within the sock_recvfrom_into() function, which
 could be exploited to cause a buffer overflow.  This could be used
 to crash a Python application that uses the socket.recvfrom_info()
 function or, possibly, execute arbitrary code with the permissions
 of the user running vulnerable Python code (CVE-2014-1912).
 It was reported that a patch added to Python 3.2 caused a race
 condition where a file created could be created with world read/write
 permissions instead of the permissions dictated by the original umask
 of the process. This could allow a local attacker that could win the
 race to view and edit files created by a program using this call. Note
 that prior versions of Python, including 2.x, do not include the
 vulnerable _get_masked_mode() function that is used by os.makedirs()
 when exist_ok is set to True (CVE-2014-2667).
 Python are susceptible to arbitrary process memory reading by a user
 or adversary due to a bug in the _json module caused by insufficient
 bounds checking. The bug is caused by allowing the user to supply a
 negative value that is used an an array index, causing the scanstring
 function to access process memory outside of the string it is intended
 to access (CVE-2014-4616).
 The CGIHTTPServer Python module does not properly handle URL-encoded
 path separators in URLs. This may enable attackers to disclose a CGI
 script&#039;s source code or execute arbitrary scripts in the server&#039;s
 document root (CVE-2014-4650).


 Updated Packages:

 Mandriva Business Server 2/X86_64:
 56f95c3e025bb7111ee5c54dfa85f383  mbs2/x86_64/lib64python3.3-3.3.2-14.1.mbs2.x86_64.rpm
 cff088862bad2bccba25080f5123c308  mbs2/x86_64/lib64python3-devel-3.3.2-14.1.mbs2.x86_64.rpm
 bee9faadbee55220b5be84138d183943  mbs2/x86_64/python3-3.3.2-14.1.mbs2.x86_64.rpm
 763832c9969a3b6b6f7d4afefe3d8abd  mbs2/x86_64/python3-docs-3.3.2-14.1.mbs2.noarch.rpm
 c25f48cc46129556b7618bebe4b0d1f0  mbs2/x86_64/tkinter3-3.3.2-14.1.mbs2.x86_64.rpm
 482e45791ec634dda30134cd5513fccc  mbs2/x86_64/tkinter3-apps-3.3.2-14.1.mbs2.x86_64.rpm 
 08451430f2a306c8f64ba1e6828a93dd  mbs2/SRPMS/python3-3.3.2-14.1.mbs2.src.rpm

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver 0x22458A98

 You can view other update advisories for Mandriva Linux at:

 If you want to report vulnerabilities, please contact


 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
Version: GnuPG v1.4.12 (GNU/Linux)


Powered by blists - more mailing lists