CVE-2013-2027

描述

Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.

受影響套件(2)

• Debian/jythonfrom 0, < 2.7.1+repack-1
• Maven/org.python:jython-standalonefrom 0, < 2.7.2b3

參考連結(10)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-2027
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-2027
• PATCHjython/frozen-mirror
• WEBhttp://advisories.mageia.org/MGASA-2015-0096.html
• WEBhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
• WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=947949
• WEBhttps://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15
• WEBhttps://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1
• WEBhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:158
• WEBhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html