From ${URL} : It was reported [1],[2] that IPython's Notebook server suffered from a flaw where it did not verify the origin of websocket requests. An attacker with knowledge of the IPython kernel ID could run arbitrary code on a user's machine with the privileges of the user running the IPython Notebook server, if the client visited a crafted malicious page. This was corrected upstream [3] in the 2.0.0 release [4]. Further details on the flaw were also published [5]. The report that indicates versions 0.12 through to the fixed 2.0.0 release are vulnerable to this flaw. As a result, the version of IPython shipped with EPEL5 (0.8.4) is not vulnerable to this issue as the vulnerable websocket code is not present. [1] http://openwall.com/lists/oss-security/2014/07/15/2 [2] http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198 [3] https://github.com/ipython/ipython/pull/4845 [4] http://ipython.org/ipython-doc/stable/whatsnew/github-stats-2.0.html [5] http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-3429 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3429): IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
+*ipython-2.4.1 (13 Mar 2015) + + 13 Mar 2015; Justin Lecher <jlec@gentoo.org> +ipython-2.4.1.ebuild, + -files/62ipython-gentoo.el, -files/ipython-0.12-globalpath.patch, + -files/ipython-0.13-umlaut.patch, -files/ipython-0.9.1-globalpath.patch, + -files/ipython-1.0.0-setuptools.patch, -ipython-0.10.2.ebuild, + -ipython-1.0.0.ebuild, -ipython-1.2.1.ebuild, -ipython-2.4.0.ebuild, + ipython-2.2.0.ebuild, ipython-3.0.0.ebuild: + Version Bump, bug #539578; fix SLOT operators loosen USE constraints for + USE=doc, bug #542426; don't build API docs for iypthon-3 due to missing + buildtime deps, bug #541832; drop old fixes CVE-2014-3429 bug #517222 and + obsolets bug #486880, bug #489372, bug #489384, bug #428170, bug #407823, bug + #407715, bug #490166, bug #456960, bug #483580, bug #530324, bug #536386 and + bug #481726 +
@security, tree is clean.
(In reply to Justin Lecher from comment #3) > @security, tree is clean. Thanks. GLSA Vote: No
GLSA vote: no. Closing as [noglsa]