|
|
Subscribe / Log in / New account

Mageia alert MGASA-2013-0314 (python-oauth2)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0314: Updated python-oauth2 packages fix CVE-2013-4347 


Date:
    	      Fri, 25 Oct 2013 22:53:22 +0200


Message-ID:
    	      <20131025205322.3B4B243290@valstar.mageia.org>



MGASA-2013-0314 - Updated python-oauth2 packages fix CVE-2013-4347

Publication date: 25 Oct 2013
URL: http://advisories.mageia.org/MGASA-2013-0314.html
Type: security
Affected Mageia releases: 2, 3
CVE: CVE-2013-4347

Description:
It was found that in python-oauth2, an application for authorization flows
for web applications, the nonce value generated isn't sufficiently random.
While doing bulk operations the nonce might be repeated, so there is a chance
of predictability. This could allow MITM attackers to conduct replay attacks.
(CVE-2013-4347)

References:
- https://bugs.mageia.org/show_bug.cgi?id=11224
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4347

SRPMS:
- 3/core/python-oauth2-1.5.170-2.3.mga3
- 2/core/python-oauth2-1.5.170-1.3.mga2
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds