Mandriva Linux Security Advisory 2013-227 September 9, 2013
News

Mandriva Linux Security Advisory 2013-227 – A vulnerability has been discovered and corrected in easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. The updated python-setuptools packages has been upgraded to the 0.9.8 version and the python-virtualenv packages has been upgraded to the 1.10.1 version which is not vulnerable to this issue…. Mandriva Linux Security Advisory 2013-227 – A vulnerability has been discovered and corrected in easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. The updated python-setuptools packages has been upgraded to the 0.9.8 version and the python-virtualenv packages has been upgraded to the 1.10.1 version which is not vulnerable to this issue.

Read more http://packetstormsecurity.com/files/123145/MDVSA-2013-227.txt