Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0216)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2014.0216

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2014-0216)

Zusammenfassung: The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2014-0216 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2014-0216 advisory.

Vulnerability Insight:
It was reported that a patch added to Python 3.2 caused a race condition
where a file created could be created with world read/write permissions
instead of the permissions dictated by the original umask of the process.
This could allow a local attacker that could win the race to view and edit
files created by a program using this call. Note that prior versions of
Python, including 2.x, do not include the vulnerable _get_masked_mode()
function that is used by os.makedirs() when exist_ok is set to True
(CVE-2014-2667).

Affected Software/OS:
'python3' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
3.3

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-2667
https://security.gentoo.org/glsa/201503-10
http://www.openwall.com/lists/oss-security/2014/03/28/15
http://www.openwall.com/lists/oss-security/2014/03/29/5
http://www.openwall.com/lists/oss-security/2014/03/30/4
SuSE Security Announcement: openSUSE-SU-2014:0596 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00007.html
SuSE Security Announcement: openSUSE-SU-2014:0597 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0216
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0216)
Zusammenfassung:	The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2014-0216 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'python3' package(s) announced via the MGASA-2014-0216 advisory. Vulnerability Insight: It was reported that a patch added to Python 3.2 caused a race condition where a file created could be created with world read/write permissions instead of the permissions dictated by the original umask of the process. This could allow a local attacker that could win the race to view and edit files created by a program using this call. Note that prior versions of Python, including 2.x, do not include the vulnerable _get_masked_mode() function that is used by os.makedirs() when exist_ok is set to True (CVE-2014-2667). Affected Software/OS: 'python3' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 3.3 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2667 https://security.gentoo.org/glsa/201503-10 http://www.openwall.com/lists/oss-security/2014/03/28/15 http://www.openwall.com/lists/oss-security/2014/03/29/5 http://www.openwall.com/lists/oss-security/2014/03/30/4 SuSE Security Announcement: openSUSE-SU-2014:0596 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:0597 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Copyright	Copyright (C) 2022 Greenbone AG