GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Jun 17, 2015 3:26 pm Post subject: [ GLSA 201503-10 ] Python |
|
|
Gentoo Linux Security Advisory
Title: Python: Multiple vulnerabilities (GLSA 201503-10)
Severity: normal
Exploitable: local, remote
Date: March 18, 2015
Updated: June 17, 2015
Bug(s): #495224, #500518, #505068, #506084, #514686, #523792, #532232
ID: 201503-10
Synopsis
Multiple vulnerabilities have been found in Python, the worst of
which could lead to arbitrary code execution.
Background
Python is an interpreted, interactive, object-oriented programming
language.
Affected Packages
Package: dev-lang/python
Vulnerable: < 3.3.5-r1
Unaffected: >= 3.3.5-r1
Unaffected: >= 2.7.9-r1 < 2.7.10
Unaffected: >= 2.7.10 < 2.7.11
Unaffected: >= 2.7.11 < 2.7.12
Unaffected: >= 2.7.12 < 2.7.13
Unaffected: >= 2.7.13 < 2.7.14
Unaffected: >= 2.7.14 < 2.7.15
Unaffected: >= 2.7.15 < 2.7.16
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Python. Please review
the CVE identifiers referenced below for details.
Impact
A context-dependent attacker may be able to execute arbitrary code or
cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Python 3.3 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-3.3.5-r1"
| All Python 2.7 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/python-2.7.9-r1"
|
References
CVE-2013-1752
CVE-2013-7338
CVE-2014-1912
CVE-2014-2667
CVE-2014-4616
CVE-2014-7185
CVE-2014-9365
Last edited by GLSA on Thu Jun 18, 2015 4:17 am; edited 1 time in total |
|