|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0320 (ipython)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0320: Updated ipython package fixes security vulnerability 


Date:
    	      Wed, 6 Aug 2014 12:31:27 +0200


Message-ID:
    	      <20140806103127.2D7D55CA7F@valstar.mageia.org>


MGASA-2014-0320 - Updated ipython package fixes security vulnerability

Publication date: 06 Aug 2014
URL: http://advisories.mageia.org/MGASA-2014-0320.html
Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2014-3429

Description:
In IPython before 1.2, the origin of websocket requests was not verified
within the IPython notebook server. If an attacker has knowledge of an IPython
kernel id they can run arbitrary code on a user's machine when the client
visits a crafted malicious page (CVE-2014-3429).

References:
- https://bugs.mageia.org/show_bug.cgi?id=13744
- http://openwall.com/lists/oss-security/2014/07/15/2
- https://lists.fedoraproject.org/pipermail/package-announc...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3429

SRPMS:
- 4/core/ipython-1.1.0-3.1.mga4
- 3/core/ipython-0.13.2-1.1.mga3
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds