| |||||||||||||||||||
Mageia alert MGASA-2012-0170 (python)
MGASA-2012-0170 Date: July 19th, 2012 Affected releases: 2 Description: Updated python packages fix security vulnerabilities: A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories (CVE-2011-4944). Additionally, python has been built against the system expat and ffi libraries, to avoid any future issues with those. Updated Packages: python-2.7.3-2.2.mga2 python-docs-2.7.3-2.2.mga2 tkinter-2.7.3-2.2.mga2 tkinter-apps-2.7.3-2.2.mga2 lib(64)python2.7-2.7.3-2.2.mga2 lib(64)python-devel-2.7.3-2.2.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944 http://lists.opensuse.org/opensuse-updates/2012-05/msg000... http://www.mandriva.com/en/support/security/advisories/?d... https://bugs.mageia.org/show_bug.cgi?id=5843 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||