Nome do pacote
python-setuptools
Data
2013-09-09
ID Alerta
MDVSA-2013:227
Versões afetadas
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Descrição do problema

A vulnerability has been discovered and corrected in
python-setuptools/python-virtualenv:

easy_install in setuptools before 0.7 uses HTTP to retrieve packages
from the PyPI repository, and does not perform integrity checks on
package contents, which allows man-in-the-middle attackers to execute
arbitrary code via a crafted response to the default use of the product
(CVE-2013-1633).

The updated python-setuptools packages has been upgraded to the 0.9.8
version and the python-virtualenv packages has been upgraded to the
1.10.1 version which is not vulnerable to this issue.

Pacotes atualizados

MES5 i586

 e1cb29da242ab6e8e1159d3944222d8d  mes5/i586/python-pkg-resources-0.9.8-0.1mdvmes5.2.noarch.rpm
 7ab6f335508a6492632c6fc03a5ecdcc  mes5/i586/python-setuptools-0.9.8-0.1mdvmes5.2.noarch.rpm
 258487e101cef7b253f735efb0510cbf  mes5/i586/python-virtualenv-1.10.1-0.1mdvmes5.2.noarch.rpm 
 e666fcfc1c64f270a4e13d023e270a9d  mes5/SRPMS/python-setuptools-0.9.8-0.1mdvmes5.2.src.rpm
 7041c005b2bdb503d949b07c37388cb6  mes5/SRPMS/python-virtualenv-1.10.1-0.1mdvmes5.2.src.rpm

MBS1 x86_64

 65a932783bd31f9b08c589e8d2759b1a  mbs1/x86_64/python-pkg-resources-0.9.8-1.1.mbs1.noarch.rpm
 db9923d3d8f0a3091a359f241376b96a  mbs1/x86_64/python-setuptools-0.9.8-1.1.mbs1.noarch.rpm
 2c2de1f8c488e47229c9814723e1162a  mbs1/x86_64/python-virtualenv-1.10.1-1.mbs1.noarch.rpm 
 61b5bca18ac1dc48e4af0961f45f3672  mbs1/SRPMS/python-setuptools-0.9.8-1.1.mbs1.src.rpm
 03fbed23bdef2a9c667fc8e585a030aa  mbs1/SRPMS/python-virtualenv-1.10.1-1.mbs1.src.rpm

MES5 x86_64

 1c2fd8142ac903fdad66a6f4f2feed0f  mes5/x86_64/python-pkg-resources-0.9.8-0.1mdvmes5.2.noarch.rpm
 f1e480dd21ff6c5c9fbed415e7a7bdf4  mes5/x86_64/python-setuptools-0.9.8-0.1mdvmes5.2.noarch.rpm
 f309ac0531583675a1db38117fc25d53  mes5/x86_64/python-virtualenv-1.10.1-0.1mdvmes5.2.noarch.rpm 
 e666fcfc1c64f270a4e13d023e270a9d  mes5/SRPMS/python-setuptools-0.9.8-0.1mdvmes5.2.src.rpm
 7041c005b2bdb503d949b07c37388cb6  mes5/SRPMS/python-virtualenv-1.10.1-0.1mdvmes5.2.src.rpm

Referências