OpenSuSE has issued an advisory today (July 17):
Mageia 2 and Mageia 3 are also affected.
Steps to Reproduce:
Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron.
Updated python-suds package fixes security vulnerability:
An insecure temporary directory use flaw was found in the way python-suds
performed initialization of its internal file-based URL cache (predictable
location was used for directory to store the cached files). A local attacker
could use this flaw to conduct symbolic link attacks, possibly leading to
their ability for example the SOAP .wsdl metadata to redirect queries to a
different host, than originally intended (CVE-2013-2217).
Updated packages in core/updates_testing:
MGA3TOO, MGA2TOO =>
Testing complete on Mageia 3 i586 and x86_64 using ...
$ cat testsuds
from suds.client import Client
url = 'http://schemas.xmlsoap.org/wsdl/'
client = Client(url)
Running it under strace with the core release version shows it's opening
After installing the updates testing version it's opening
Advisory 10791.adv added to svn.
I'll test Mageia 2 shortly.
For Mageia 2, had to fix the shebang in the testsuds script to be
Testing complete Mageia 2 i586 and x86_64.
Could someone from the sysadmin team push 10791.adv to updates.
MGA2TOO MGA3-64-OK MGA3-32-OK MGA2-64-OK MGA2-32-OKCC: