[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1LdC3l-0005Mr-HL@titan.mandriva.com>
Date: Sat, 28 Feb 2009 00:24:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:059 ] xchat
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:059
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xchat
Date : February 27, 2009
Affected: 2008.1, 2009.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current X-Chat working directory
(CVE-2009-0315).
This update provides fix for that vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0315
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
b61f511361954ad962c54de28a51e15a 2008.1/i586/xchat-2.8.4-6.1mdv2008.1.i586.rpm
8607626ba499f3345ec806325f55bbd4 2008.1/i586/xchat-devel-2.8.4-6.1mdv2008.1.i586.rpm
67b22314de3df627a14a71b469f2b10d 2008.1/i586/xchat-perl-2.8.4-6.1mdv2008.1.i586.rpm
1b3c1cb6ce2f83537f0534f6e279acfc 2008.1/i586/xchat-python-2.8.4-6.1mdv2008.1.i586.rpm
a245847b5707ba85f12699602d42eacd 2008.1/i586/xchat-tcl-2.8.4-6.1mdv2008.1.i586.rpm
9d5d33acc236f57b12cafcbf4672a896 2008.1/SRPMS/xchat-2.8.4-6.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
1807d4b111e4fb849d5641eec16cfe27 2008.1/x86_64/xchat-2.8.4-6.1mdv2008.1.x86_64.rpm
620f56924126d0cdc08b977b1e1de4fa 2008.1/x86_64/xchat-devel-2.8.4-6.1mdv2008.1.x86_64.rpm
003612de54c053a4de324a3a10c05085 2008.1/x86_64/xchat-perl-2.8.4-6.1mdv2008.1.x86_64.rpm
5f1f4477ebd7f7470f15a00a85a12531 2008.1/x86_64/xchat-python-2.8.4-6.1mdv2008.1.x86_64.rpm
ecf4fd9573420c0c7d7894ddd0de0796 2008.1/x86_64/xchat-tcl-2.8.4-6.1mdv2008.1.x86_64.rpm
9d5d33acc236f57b12cafcbf4672a896 2008.1/SRPMS/xchat-2.8.4-6.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
afc7f8d8c8de7faab7987c3d026cb59c 2009.0/i586/xchat-2.8.6-1.1mdv2009.0.i586.rpm
e94fdfd2efbed2181b72d65a9df21f8a 2009.0/i586/xchat-devel-2.8.6-1.1mdv2009.0.i586.rpm
2c3971b78671ac7a53c17b9f5135e73b 2009.0/i586/xchat-perl-2.8.6-1.1mdv2009.0.i586.rpm
a691f33b732503df3e29cfde6f65c0a7 2009.0/i586/xchat-python-2.8.6-1.1mdv2009.0.i586.rpm
5ead692459000deb5ebf3ab0a236559a 2009.0/i586/xchat-tcl-2.8.6-1.1mdv2009.0.i586.rpm
6dc7ef3ff6f39be9f251dcb13601d289 2009.0/SRPMS/xchat-2.8.6-1.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
cca12ae2901afc3e95623ab6344edf63 2009.0/x86_64/xchat-2.8.6-1.1mdv2009.0.x86_64.rpm
590a9dce87083e46fb90de1b20997b73 2009.0/x86_64/xchat-devel-2.8.6-1.1mdv2009.0.x86_64.rpm
727cf3e2bdf3dacc11aa5bb982704421 2009.0/x86_64/xchat-perl-2.8.6-1.1mdv2009.0.x86_64.rpm
5f33f207baf5303dcd3fb9a6e0421096 2009.0/x86_64/xchat-python-2.8.6-1.1mdv2009.0.x86_64.rpm
fb5b2450030f0bf56cb24add210e45a2 2009.0/x86_64/xchat-tcl-2.8.6-1.1mdv2009.0.x86_64.rpm
6dc7ef3ff6f39be9f251dcb13601d289 2009.0/SRPMS/xchat-2.8.6-1.1mdv2009.0.src.rpm
Corporate 3.0:
0a8a26aa7f576f77f4ec14a51421cf40 corporate/3.0/i586/xchat-2.0.7-6.2.100mdk.i586.rpm
f0092129d5b34839365a9f7d3d85c23a corporate/3.0/i586/xchat-perl-2.0.7-6.2.100mdk.i586.rpm
48d7371a30ad17a269b06a80697f83a9 corporate/3.0/i586/xchat-python-2.0.7-6.2.100mdk.i586.rpm
44aa710343dd693caf002b1c6681dd77 corporate/3.0/i586/xchat-tcl-2.0.7-6.2.100mdk.i586.rpm
945a3ee0ecb60ac6388d6ce2a50d86c5 corporate/3.0/SRPMS/xchat-2.0.7-6.2.100mdk.src.rpm
Corporate 3.0/X86_64:
8b799973c689570764d7f401a497abbc corporate/3.0/x86_64/xchat-2.0.7-6.2.100mdk.x86_64.rpm
5699773aef7b3d6de8cd38ebdd1797a9 corporate/3.0/x86_64/xchat-perl-2.0.7-6.2.100mdk.x86_64.rpm
eda5bf3c90ff3c9096552924ce9dce5c corporate/3.0/x86_64/xchat-python-2.0.7-6.2.100mdk.x86_64.rpm
8366d439951dc21c0b93008c119fa41f corporate/3.0/x86_64/xchat-tcl-2.0.7-6.2.100mdk.x86_64.rpm
945a3ee0ecb60ac6388d6ce2a50d86c5 corporate/3.0/SRPMS/xchat-2.0.7-6.2.100mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJqEobmqjQ0CJFipgRAibrAKDKT6kMH9tmZVTEEXLJO/V6qU30JgCgvRxW
vfev7NY/vyAVecUKESe20K0=
=6bnL
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists