what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-059

Mandriva Linux Security Advisory 2009-059
Posted Feb 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-059 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current X-Chat working directory. This update provides fix for that vulnerability.

tags | advisory, arbitrary, local, python
systems | linux, mandriva
advisories | CVE-2009-0315
SHA-256 | 55eb7ee2984a0261f4e1d3e3a07fbf4f4009ab5f3c9d743c92ba52b69507a769
Download | Favorite | View

Mandriva Linux Security Advisory 2009-059

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:059
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : xchat
 Date    : February 27, 2009
 Affected: 2008.1, 2009.0, Corporate 3.0
 _______________________________________________________________________

 Problem Description:

 Python has a variable called sys.path that contains all paths where
 Python loads modules by using import scripting procedure. A wrong
 handling of that variable enables local attackers to execute arbitrary
 code via Python scripting in the current X-Chat working directory
 (CVE-2009-0315).
 
 This update provides fix for that vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0315
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 b61f511361954ad962c54de28a51e15a  2008.1/i586/xchat-2.8.4-6.1mdv2008.1.i586.rpm
 8607626ba499f3345ec806325f55bbd4  2008.1/i586/xchat-devel-2.8.4-6.1mdv2008.1.i586.rpm
 67b22314de3df627a14a71b469f2b10d  2008.1/i586/xchat-perl-2.8.4-6.1mdv2008.1.i586.rpm
 1b3c1cb6ce2f83537f0534f6e279acfc  2008.1/i586/xchat-python-2.8.4-6.1mdv2008.1.i586.rpm
 a245847b5707ba85f12699602d42eacd  2008.1/i586/xchat-tcl-2.8.4-6.1mdv2008.1.i586.rpm 
 9d5d33acc236f57b12cafcbf4672a896  2008.1/SRPMS/xchat-2.8.4-6.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 1807d4b111e4fb849d5641eec16cfe27  2008.1/x86_64/xchat-2.8.4-6.1mdv2008.1.x86_64.rpm
 620f56924126d0cdc08b977b1e1de4fa  2008.1/x86_64/xchat-devel-2.8.4-6.1mdv2008.1.x86_64.rpm
 003612de54c053a4de324a3a10c05085  2008.1/x86_64/xchat-perl-2.8.4-6.1mdv2008.1.x86_64.rpm
 5f1f4477ebd7f7470f15a00a85a12531  2008.1/x86_64/xchat-python-2.8.4-6.1mdv2008.1.x86_64.rpm
 ecf4fd9573420c0c7d7894ddd0de0796  2008.1/x86_64/xchat-tcl-2.8.4-6.1mdv2008.1.x86_64.rpm 
 9d5d33acc236f57b12cafcbf4672a896  2008.1/SRPMS/xchat-2.8.4-6.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 afc7f8d8c8de7faab7987c3d026cb59c  2009.0/i586/xchat-2.8.6-1.1mdv2009.0.i586.rpm
 e94fdfd2efbed2181b72d65a9df21f8a  2009.0/i586/xchat-devel-2.8.6-1.1mdv2009.0.i586.rpm
 2c3971b78671ac7a53c17b9f5135e73b  2009.0/i586/xchat-perl-2.8.6-1.1mdv2009.0.i586.rpm
 a691f33b732503df3e29cfde6f65c0a7  2009.0/i586/xchat-python-2.8.6-1.1mdv2009.0.i586.rpm
 5ead692459000deb5ebf3ab0a236559a  2009.0/i586/xchat-tcl-2.8.6-1.1mdv2009.0.i586.rpm 
 6dc7ef3ff6f39be9f251dcb13601d289  2009.0/SRPMS/xchat-2.8.6-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 cca12ae2901afc3e95623ab6344edf63  2009.0/x86_64/xchat-2.8.6-1.1mdv2009.0.x86_64.rpm
 590a9dce87083e46fb90de1b20997b73  2009.0/x86_64/xchat-devel-2.8.6-1.1mdv2009.0.x86_64.rpm
 727cf3e2bdf3dacc11aa5bb982704421  2009.0/x86_64/xchat-perl-2.8.6-1.1mdv2009.0.x86_64.rpm
 5f33f207baf5303dcd3fb9a6e0421096  2009.0/x86_64/xchat-python-2.8.6-1.1mdv2009.0.x86_64.rpm
 fb5b2450030f0bf56cb24add210e45a2  2009.0/x86_64/xchat-tcl-2.8.6-1.1mdv2009.0.x86_64.rpm 
 6dc7ef3ff6f39be9f251dcb13601d289  2009.0/SRPMS/xchat-2.8.6-1.1mdv2009.0.src.rpm

 Corporate 3.0:
 0a8a26aa7f576f77f4ec14a51421cf40  corporate/3.0/i586/xchat-2.0.7-6.2.100mdk.i586.rpm
 f0092129d5b34839365a9f7d3d85c23a  corporate/3.0/i586/xchat-perl-2.0.7-6.2.100mdk.i586.rpm
 48d7371a30ad17a269b06a80697f83a9  corporate/3.0/i586/xchat-python-2.0.7-6.2.100mdk.i586.rpm
 44aa710343dd693caf002b1c6681dd77  corporate/3.0/i586/xchat-tcl-2.0.7-6.2.100mdk.i586.rpm 
 945a3ee0ecb60ac6388d6ce2a50d86c5  corporate/3.0/SRPMS/xchat-2.0.7-6.2.100mdk.src.rpm

 Corporate 3.0/X86_64:
 8b799973c689570764d7f401a497abbc  corporate/3.0/x86_64/xchat-2.0.7-6.2.100mdk.x86_64.rpm
 5699773aef7b3d6de8cd38ebdd1797a9  corporate/3.0/x86_64/xchat-perl-2.0.7-6.2.100mdk.x86_64.rpm
 eda5bf3c90ff3c9096552924ce9dce5c  corporate/3.0/x86_64/xchat-python-2.0.7-6.2.100mdk.x86_64.rpm
 8366d439951dc21c0b93008c119fa41f  corporate/3.0/x86_64/xchat-tcl-2.0.7-6.2.100mdk.x86_64.rpm 
 945a3ee0ecb60ac6388d6ce2a50d86c5  corporate/3.0/SRPMS/xchat-2.0.7-6.2.100mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJqEobmqjQ0CJFipgRAibrAKDKT6kMH9tmZVTEEXLJO/V6qU30JgCgvRxW
vfev7NY/vyAVecUKESe20K0=
=6bnL
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    18 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close