[ MDVSA-2015:160 ] ipython

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:160
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : ipython
 Date    : March 29, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated ipython package fixes security vulnerability:
 
 In IPython before 1.2, the origin of websocket requests was not
 verified within the IPython notebook server. If an attacker has
 knowledge of an IPython kernel id they can run arbitrary code on
 a user's machine when the client visits a crafted malicious page
 (CVE-2014-3429).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3429
 http://advisories.mageia.org/MGASA-2014-0320

007 Software

[ MDVSA-2015:160 ] ipython

Leave a Reply Cancel reply

Software and Security Information