Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.1916
Updated python packages fix security vulnerability
23 October 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: python
Publisher: Mandriva
Operating System: Mandriva Linux
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Access Privileged Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-7185
Original Bulletin:
http://advisories.mageia.org/MGASA-2014-0399.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Mandriva. It is recommended that administrators
running python check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2014:197
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : python
Date : October 21, 2014
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated python packages fix security vulnerability:
Python before 2.7.8 is vulnerable to an integer overflow in the buffer
type (CVE-2014-7185).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185
http://advisories.mageia.org/MGASA-2014-0399.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
dcefcf76c1a242a7f6f1b6db782df456 mbs1/x86_64/lib64python2.7-2.7.3-4.8.mbs1.x86_64.rpm
89a011eb8fb6c74449803058f45b97d4 mbs1/x86_64/lib64python-devel-2.7.3-4.8.mbs1.x86_64.rpm
d0c4b166f0707b673941ed509966ba04 mbs1/x86_64/python-2.7.3-4.8.mbs1.x86_64.rpm
3d5d4e680047114b49bcdece20c69113 mbs1/x86_64/python-docs-2.7.3-4.8.mbs1.noarch.rpm
fb44af0e4af2124a9afc932b44be6377 mbs1/x86_64/tkinter-2.7.3-4.8.mbs1.x86_64.rpm
9abec6f5bb73aa97224008418c567001 mbs1/x86_64/tkinter-apps-2.7.3-4.8.mbs1.x86_64.rpm
af80562fdc0e4628591fba9249003bf1 mbs1/SRPMS/python-2.7.3-4.8.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFURgY6mqjQ0CJFipgRAvwgAKDXcnHrFfvCfHLE8+K8hm5c36UF2QCg2paU
ZKHEaBTvKIYVDsnVIp/qdrA=
=zMF9
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVEhZ5BLndAQH1ShLAQKBYg/8D1lzQLBkr4HTD7hXQMC6Sv/9HVcNRF6g
iiheJH+8Q+fjVOg8w9pZD2lqVtpaLGZE5hgDjjxymVVTJBVemhWohxspZmPwGGXl
nxOsn5IzPIJpmYJrxIw9RmDYLaHkW89ypWnqVDjE4QIAekFE1fyBIFY+9FnbWoZu
2s6FwJn8pnpdN7acEnzJBUk2dwbblCn02jtVxW2Kb5frCDFQVSptLNZ2qtNUNphQ
zHHAc/k/W0K5JIB1TsRv5tdvUy8kkGemO2Ry8U/KY2QkhrcXlqu1lQhmb63ixUTe
sFlXJNPXn4ZslyaLTQIGShh8SPRvJq+LijW2sBXDu8O2/KQoZ1soEGSMNGhUSekd
xSV0v52zXgs7kSuTby1dDqqgQjVz7YdGq/H0unZVpI0xlLAb971S7ZS/KW6Efy0K
WdCpnTHIOyVYzhG094VPSHxjzNgYaRUNykJ3gYd23b+7cawXgZ+195jXWo7kxQQm
RxO4K6AUfMO3aFtXLxZLqPNiIRR+MiHf2SwHoBe1MwdQhnyBjtnSK7SSikApUxJJ
suRwspmjqSVOE3dPcj8nqtxD4l8DwIeWCCpY5ffdB597IpIaTgblIrcFfU68OpyH
txPtzobRrwL2JZZyiLR4wS7gNm3plCukxqiGKJbLF+opVWy/mTHaGmNj9nQSl72d
tzemy/8Hgy8=
=3ug9
-----END PGP SIGNATURE-----