CVE-2014-2667

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-2667 at MITRE

Description

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.

NVD CVSS v2 Base Score: 3.3 (AV:L/AC:M/Au:N/C:P/I:P/A:N)

SUSE information

SUSE Bugzilla entry: 871152

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • libpython3_3m1_0 >= 3.3.0-6.15.1
  • libpython3_3m1_0-32bit >= 3.3.0-6.15.1
  • libpython3_3m1_0-debuginfo >= 3.3.0-6.15.1
  • libpython3_3m1_0-debuginfo-32bit >= 3.3.0-6.15.1
  • python3 >= 3.3.0-6.15.2
  • python3-32bit >= 3.3.0-6.15.2
  • python3-base >= 3.3.0-6.15.1
  • python3-base-32bit >= 3.3.0-6.15.1
  • python3-base-debuginfo >= 3.3.0-6.15.1
  • python3-base-debuginfo-32bit >= 3.3.0-6.15.1
  • python3-base-debugsource >= 3.3.0-6.15.1
  • python3-curses >= 3.3.0-6.15.2
  • python3-curses-debuginfo >= 3.3.0-6.15.2
  • python3-dbm >= 3.3.0-6.15.2
  • python3-dbm-debuginfo >= 3.3.0-6.15.2
  • python3-debuginfo >= 3.3.0-6.15.2
  • python3-debuginfo-32bit >= 3.3.0-6.15.2
  • python3-debugsource >= 3.3.0-6.15.2
  • python3-devel >= 3.3.0-6.15.1
  • python3-devel-debuginfo >= 3.3.0-6.15.1
  • python3-doc >= 3.3.0-6.15.1
  • python3-doc-pdf >= 3.3.0-6.15.1
  • python3-idle >= 3.3.0-6.15.1
  • python3-testsuite >= 3.3.0-6.15.1
  • python3-testsuite-debuginfo >= 3.3.0-6.15.1
  • python3-tk >= 3.3.0-6.15.2
  • python3-tk-debuginfo >= 3.3.0-6.15.2
  • python3-tools >= 3.3.0-6.15.1
Patchnames:
openSUSE-2014-333
openSUSE 13.1
  • libpython3_3m1_0 >= 3.3.5-5.8.1
  • libpython3_3m1_0-32bit >= 3.3.5-5.8.1
  • libpython3_3m1_0-debuginfo >= 3.3.5-5.8.1
  • libpython3_3m1_0-debuginfo-32bit >= 3.3.5-5.8.1
  • python3 >= 3.3.5-5.8.2
  • python3-32bit >= 3.3.5-5.8.2
  • python3-base >= 3.3.5-5.8.1
  • python3-base-32bit >= 3.3.5-5.8.1
  • python3-base-debuginfo >= 3.3.5-5.8.1
  • python3-base-debuginfo-32bit >= 3.3.5-5.8.1
  • python3-base-debugsource >= 3.3.5-5.8.1
  • python3-curses >= 3.3.5-5.8.2
  • python3-curses-debuginfo >= 3.3.5-5.8.2
  • python3-dbm >= 3.3.5-5.8.2
  • python3-dbm-debuginfo >= 3.3.5-5.8.2
  • python3-debuginfo >= 3.3.5-5.8.2
  • python3-debuginfo-32bit >= 3.3.5-5.8.2
  • python3-debugsource >= 3.3.5-5.8.2
  • python3-devel >= 3.3.5-5.8.1
  • python3-devel-debuginfo >= 3.3.5-5.8.1
  • python3-doc >= 3.3.5-5.8.1
  • python3-doc-pdf >= 3.3.5-5.8.1
  • python3-idle >= 3.3.5-5.8.1
  • python3-testsuite >= 3.3.5-5.8.1
  • python3-testsuite-debuginfo >= 3.3.5-5.8.1
  • python3-tk >= 3.3.5-5.8.2
  • python3-tk-debuginfo >= 3.3.5-5.8.2
  • python3-tools >= 3.3.5-5.8.1
Patchnames:
openSUSE-2014-334