MGASA-2014-0216

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0216.html

Import Source

https://advisories.mageia.org/MGASA-2014-0216.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0216

Upstream

CVE-2014-2667

Published

2014-05-14T22:04:31Z

Modified

2026-04-16T06:26:14.443223297Z

Summary

Updated python3 packages fix security vulnerability

Details

It was reported that a patch added to Python 3.2 caused a race condition where a file created could be created with world read/write permissions instead of the permissions dictated by the original umask of the process. This could allow a local attacker that could win the race to view and edit files created by a program using this call. Note that prior versions of Python, including 2.x, do not include the vulnerable getmaskedmode() function that is used by os.makedirs() when existok is set to True (CVE-2014-2667).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / python3

Package

Name: python3
Purl: pkg:rpm/mageia/python3?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.0-4.8.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0216.json"

Mageia:4 / python3

Package

Name: python3
Purl: pkg:rpm/mageia/python3?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.2-13.3.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0216.json"