MGASA-2015-0091

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0091.html

Import Source

https://advisories.mageia.org/MGASA-2015-0091.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2015-0091

Related

CVE-2014-9365

Published

2015-03-05T19:34:09Z

Modified

2015-03-05T19:20:37Z

Summary

Updated python packages fix CVE-2014-9365

Details

Updated python packages fix security vulnerability:

When Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking (CVE-2014-9365).

Note that this issue also affects python3, and is fixed upstream in version 3.4.3, but the fix was considered too intrusive to backport to Python3 3.3.x. No update for the python3 package for this issue is planned at this time.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / python

Package

Name: python
Purl: pkg:rpm/mageia/python?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.9-1.mga4

Ecosystem specific

{
    "section": "core"
}