Mageia Bugzilla – Bug 10791
python-suds new security issue CVE-2013-2217
Last modified: 2014-05-08 18:06:39 CEST
OpenSuSE has issued an advisory today (July 17):
Mageia 2 and Mageia 3 are also affected.
Steps to Reproduce:
Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron.
Updated python-suds package fixes security vulnerability:
An insecure temporary directory use flaw was found in the way python-suds
performed initialization of its internal file-based URL cache (predictable
location was used for directory to store the cached files). A local attacker
could use this flaw to conduct symbolic link attacks, possibly leading to
their ability for example the SOAP .wsdl metadata to redirect queries to a
different host, than originally intended (CVE-2013-2217).
Updated packages in core/updates_testing:
Testing complete on Mageia 3 i586 and x86_64 using ...
$ cat testsuds
from suds.client import Client
url = 'http://schemas.xmlsoap.org/wsdl/'
client = Client(url)
Running it under strace with the core release version shows it's opening
After installing the updates testing version it's opening
Advisory 10791.adv added to svn.
I'll test Mageia 2 shortly.
For Mageia 2, had to fix the shebang in the testsuds script to be
Testing complete Mageia 2 i586 and x86_64.
Could someone from the sysadmin team push 10791.adv to updates.