MDVSA-2013:227 -- Mandriva python-setuptoolsID: oval:org.secpod.oval:def:1300229 | Date: (C)2013-11-01 (M)2022-10-10 |
Class: PATCH | Family: unix |
A vulnerability has been discovered and corrected in python-setuptools/python-virtualenv: easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product . The updated python-setuptools packages has been upgraded to the 0.9.8 version and the python-virtualenv packages has been upgraded to the 1.10.1 version which is not vulnerable to this issue.
Platform: |
Mandriva Enterprise Server 5.2 |
Product: |
python-setuptools |