Computer Security
[EN] securityvulns.ru no-pyccku


python libraries security vulnerabilities
Published:11.09.2013
Source:
SecurityVulns ID:13283
Type:library
Threat Level:
5/10
Description:SSL certificates parsing DoS, protection bypass.
CVE:CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.)
 CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:227 ] python-setuptools (11.09.2013)
 documentMANDRIVA, [ MDVSA-2013:229 ] bzr (11.09.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod