Mandriva Linux Security Advisory : python-setuptools (MDVSA-2013:227)
Medium Nessus Plugin ID 69822
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in python-setuptools/python-virtualenv :
easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product (CVE-2013-1633).
The updated python-setuptools packages has been upgraded to the 0.9.8 version and the python-virtualenv packages has been upgraded to the 1.10.1 version which is not vulnerable to this issue.
SolutionUpdate the affected python-pkg-resources, python-setuptools and / or python-virtualenv packages.