Summary
The remote host is missing updates announced in
advisory GLSA 201206-17.
Solution
All virtualenv users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-python/virtualenv-1.5.1'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-17 http://bugs.gentoo.org/show_bug.cgi?id=395285
Insight
An insecure temporary file usage has been reported in virtualenv, possibly allowing symlink attacks.
Severity
Classification
-
CVE CVE-2011-4617 -
CVSS Base Score: 1.2
AV:L/AC:H/Au:N/C:N/I:P/A:N
Related Vulnerabilities