Mandriva Linux Security Advisory : python (MDVSA-2013:117)

Low Nessus Plugin ID 66129

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated python packages fix security vulnerabilities :

A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories (CVE-2011-4944).

Additionally, python has been built against the system expat and ffi libraries, to avoid any future issues with those (mitigates CVE-2012-0876 for expat).

Solution

Update the affected packages.

See Also

https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0160

Plugin Details

Severity: Low

ID: 66129

File Name: mandriva_MDVSA-2013-117.nasl

Version: 1.7

Type: local

Published: 2013/04/20

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Low

CVSS v2.0

Base Score: 1.9

Temporal Score: 1.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64python-devel, p-cpe:/a:mandriva:linux:lib64python2.7, p-cpe:/a:mandriva:linux:python, p-cpe:/a:mandriva:linux:python-docs, p-cpe:/a:mandriva:linux:tkinter, p-cpe:/a:mandriva:linux:tkinter-apps, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/04/10

Reference Information

CVE: CVE-2011-4944

BID: 52732

MDVSA: 2013:117

MGASA: 2012-0170