VDB

GCVE-110-MAGEIA-2015-91

GCVE-110-MAGEIA-2015-91
Advisory Published
Vulnetix · Advisory published March 5, 2015
Updated python packages fix security vulnerability: When Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking (CVE-2014-9365). Note that this issue also affects python3, and is fixed upstream in version 3.4.3, but the fix was considered too intrusive to backport to Python3 3.3.x. No update for the python3 package for this issue is planned at this time.

Affected Products

VendorProductVersionsPlatforms
Cloudflareaccess
Cloudflarestream
Mageiapython2.7.9-1.mga4 (unaffected), 0 (affected), 0 (affected), 2.7.9-1.mga4 (unaffected)
AWSconfig
Mageialightdm0 (affected), 1.14.2-1.mga5 (unaffected)

Browse GCVE Records

73,044 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›