MGASA-2013-0250

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2013-4238

Published: 17 Aug 2013, 08:43

Last modified:16 Apr 2026, 06:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

17 Aug 2013, 08:43

Published

Vulnerability first disclosed

16 Apr 2026, 06:22

Last Modified

Vulnerability information updated

Description

Updated python packages fix CVE-2013-4238 and pip Updated python packages fix security vulnerability: Ryan Sleevi of the Google Chrome Security Team has discovered that Python's SSL module doesn't handle NULL bytes inside subjectAltNames general names. This could lead to a breach when an application uses ssl.match_hostname() to match the hostname againt the certificate's subjectAltName's dNSName general names. (CVE-2013-4238). Additionally, an issue with installing Python packages with C extensions via pip and virtualenv has been fixed in Mageia 3 (mga#10102).

Affected Systems

mageia•python
< 2.7.3-2.4.mga2
mageia•python
< 2.7.5-1.2.mga3

MGASA-2013-0250

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)