lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1LdC3l-0005Mr-HL@titan.mandriva.com>
Date: Sat, 28 Feb 2009 00:24:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:059 ] xchat


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:059
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : xchat
 Date    : February 27, 2009
 Affected: 2008.1, 2009.0, Corporate 3.0
 _______________________________________________________________________

 Problem Description:

 Python has a variable called sys.path that contains all paths where
 Python loads modules by using import scripting procedure. A wrong
 handling of that variable enables local attackers to execute arbitrary
 code via Python scripting in the current X-Chat working directory
 (CVE-2009-0315).
 
 This update provides fix for that vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0315
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 b61f511361954ad962c54de28a51e15a  2008.1/i586/xchat-2.8.4-6.1mdv2008.1.i586.rpm
 8607626ba499f3345ec806325f55bbd4  2008.1/i586/xchat-devel-2.8.4-6.1mdv2008.1.i586.rpm
 67b22314de3df627a14a71b469f2b10d  2008.1/i586/xchat-perl-2.8.4-6.1mdv2008.1.i586.rpm
 1b3c1cb6ce2f83537f0534f6e279acfc  2008.1/i586/xchat-python-2.8.4-6.1mdv2008.1.i586.rpm
 a245847b5707ba85f12699602d42eacd  2008.1/i586/xchat-tcl-2.8.4-6.1mdv2008.1.i586.rpm 
 9d5d33acc236f57b12cafcbf4672a896  2008.1/SRPMS/xchat-2.8.4-6.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 1807d4b111e4fb849d5641eec16cfe27  2008.1/x86_64/xchat-2.8.4-6.1mdv2008.1.x86_64.rpm
 620f56924126d0cdc08b977b1e1de4fa  2008.1/x86_64/xchat-devel-2.8.4-6.1mdv2008.1.x86_64.rpm
 003612de54c053a4de324a3a10c05085  2008.1/x86_64/xchat-perl-2.8.4-6.1mdv2008.1.x86_64.rpm
 5f1f4477ebd7f7470f15a00a85a12531  2008.1/x86_64/xchat-python-2.8.4-6.1mdv2008.1.x86_64.rpm
 ecf4fd9573420c0c7d7894ddd0de0796  2008.1/x86_64/xchat-tcl-2.8.4-6.1mdv2008.1.x86_64.rpm 
 9d5d33acc236f57b12cafcbf4672a896  2008.1/SRPMS/xchat-2.8.4-6.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 afc7f8d8c8de7faab7987c3d026cb59c  2009.0/i586/xchat-2.8.6-1.1mdv2009.0.i586.rpm
 e94fdfd2efbed2181b72d65a9df21f8a  2009.0/i586/xchat-devel-2.8.6-1.1mdv2009.0.i586.rpm
 2c3971b78671ac7a53c17b9f5135e73b  2009.0/i586/xchat-perl-2.8.6-1.1mdv2009.0.i586.rpm
 a691f33b732503df3e29cfde6f65c0a7  2009.0/i586/xchat-python-2.8.6-1.1mdv2009.0.i586.rpm
 5ead692459000deb5ebf3ab0a236559a  2009.0/i586/xchat-tcl-2.8.6-1.1mdv2009.0.i586.rpm 
 6dc7ef3ff6f39be9f251dcb13601d289  2009.0/SRPMS/xchat-2.8.6-1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 cca12ae2901afc3e95623ab6344edf63  2009.0/x86_64/xchat-2.8.6-1.1mdv2009.0.x86_64.rpm
 590a9dce87083e46fb90de1b20997b73  2009.0/x86_64/xchat-devel-2.8.6-1.1mdv2009.0.x86_64.rpm
 727cf3e2bdf3dacc11aa5bb982704421  2009.0/x86_64/xchat-perl-2.8.6-1.1mdv2009.0.x86_64.rpm
 5f33f207baf5303dcd3fb9a6e0421096  2009.0/x86_64/xchat-python-2.8.6-1.1mdv2009.0.x86_64.rpm
 fb5b2450030f0bf56cb24add210e45a2  2009.0/x86_64/xchat-tcl-2.8.6-1.1mdv2009.0.x86_64.rpm 
 6dc7ef3ff6f39be9f251dcb13601d289  2009.0/SRPMS/xchat-2.8.6-1.1mdv2009.0.src.rpm

 Corporate 3.0:
 0a8a26aa7f576f77f4ec14a51421cf40  corporate/3.0/i586/xchat-2.0.7-6.2.100mdk.i586.rpm
 f0092129d5b34839365a9f7d3d85c23a  corporate/3.0/i586/xchat-perl-2.0.7-6.2.100mdk.i586.rpm
 48d7371a30ad17a269b06a80697f83a9  corporate/3.0/i586/xchat-python-2.0.7-6.2.100mdk.i586.rpm
 44aa710343dd693caf002b1c6681dd77  corporate/3.0/i586/xchat-tcl-2.0.7-6.2.100mdk.i586.rpm 
 945a3ee0ecb60ac6388d6ce2a50d86c5  corporate/3.0/SRPMS/xchat-2.0.7-6.2.100mdk.src.rpm

 Corporate 3.0/X86_64:
 8b799973c689570764d7f401a497abbc  corporate/3.0/x86_64/xchat-2.0.7-6.2.100mdk.x86_64.rpm
 5699773aef7b3d6de8cd38ebdd1797a9  corporate/3.0/x86_64/xchat-perl-2.0.7-6.2.100mdk.x86_64.rpm
 eda5bf3c90ff3c9096552924ce9dce5c  corporate/3.0/x86_64/xchat-python-2.0.7-6.2.100mdk.x86_64.rpm
 8366d439951dc21c0b93008c119fa41f  corporate/3.0/x86_64/xchat-tcl-2.0.7-6.2.100mdk.x86_64.rpm 
 945a3ee0ecb60ac6388d6ce2a50d86c5  corporate/3.0/SRPMS/xchat-2.0.7-6.2.100mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJqEobmqjQ0CJFipgRAibrAKDKT6kMH9tmZVTEEXLJO/V6qU30JgCgvRxW
vfev7NY/vyAVecUKESe20K0=
=6bnL
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ