GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Dec 17, 2015 6:26 pm Post subject: [ GLSA 201512-02 ] IPython |
|
|
Gentoo Linux Security Advisory
Title: IPython: User-assisted execution of arbitrary code (GLSA 201512-02)
Severity: normal
Exploitable: remote
Date: December 17, 2015
Bug(s): #560708
ID: 201512-02
Synopsis
A vulnerability in IPython could result in execution of arbitrary
JavaScript.
Background
IPython is an advanced interactive shell for Python.
Affected Packages
Package: dev-python/ipython
Vulnerable: < 3.2.1-r1
Unaffected: >= 3.2.1-r1
Architectures: All supported architectures
Description
IPython does not properly check the MIME type of a file.
Impact
A remote attacker could entice a user to open a specially crafted text
file using IPython, possibly resulting in execution of arbitrary
JavaScript with the privileges of the process.
Workaround
There is no known workaround at this time.
Resolution
All IPython users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-python/ipython-3.2.1-r1"
|
References
CVE-2015-7337 |
|