news 28 Posted February 27, 2009 This is a multi-part message in MIME format... ------------=_1235777232-6173-1747 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:059 http://www.mandriva.com/security/ _______________________________________________________________________ Package : xchat Date : February 27, 2009 Affected: 2008.1, 2009.0, Corporate 3.0 _______________________________________________________________________ Problem Description: Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current X-Chat working directory (CVE-2009-0315). This update provides fix for that vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0315 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: b61f511361954ad962c54de28a51e15a 2008.1/i586/xchat-2.8.4-6.1mdv2008.1.i586.rpm 8607626ba499f3345ec806325f55bbd4 2008.1/i586/xchat-devel-2.8.4-6.1mdv2008.1.i586.rpm 67b22314de3df627a14a71b469f2b10d 2008.1/i586/xchat-perl-2.8.4-6.1mdv2008.1.i586.rpm 1b3c1cb6ce2f83537f0534f6e279acfc 2008.1/i586/xchat-python-2.8.4-6.1mdv2008.1.i586.rpm a245847b5707ba85f12699602d42eacd 2008.1/i586/xchat-tcl-2.8.4-6.1mdv2008.1.i586.rpm 9d5d33acc236f57b12cafcbf4672a896 2008.1/SRPMS/xchat-2.8.4-6.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 1807d4b111e4fb849d5641eec16cfe27 2008.1/x86_64/xchat-2.8.4-6.1mdv2008.1.x86_64.rpm 620f56924126d0cdc08b977b1e1de4fa 2008.1/x86_64/xchat-devel-2.8.4-6.1mdv2008.1.x86_64.rpm 003612de54c053a4de324a3a10c05085 2008.1/x86_64/xchat-perl-2.8.4-6.1mdv2008.1.x86_64.rpm 5f1f4477ebd7f7470f15a00a85a12531 2008.1/x86_64/xchat-python-2.8.4-6.1mdv2008.1.x86_64.rpm ecf4fd9573420c0c7d7894ddd0de0796 2008.1/x86_64/xchat-tcl-2.8.4-6.1mdv2008.1.x86_64.rpm 9d5d33acc236f57b12cafcbf4672a896 2008.1/SRPMS/xchat-2.8.4-6.1mdv2008.1.src.rpm Mandriva Linux 2009.0: afc7f8d8c8de7faab7987c3d026cb59c 2009.0/i586/xchat-2.8.6-1.1mdv2009.0.i586.rpm e94fdfd2efbed2181b72d65a9df21f8a 2009.0/i586/xchat-devel-2.8.6-1.1mdv2009.0.i586.rpm 2c3971b78671ac7a53c17b9f5135e73b 2009.0/i586/xchat-perl-2.8.6-1.1mdv2009.0.i586.rpm a691f33b732503df3e29cfde6f65c0a7 2009.0/i586/xchat-python-2.8.6-1.1mdv2009.0.i586.rpm 5ead692459000deb5ebf3ab0a236559a 2009.0/i586/xchat-tcl-2.8.6-1.1mdv2009.0.i586.rpm 6dc7ef3ff6f39be9f251dcb13601d289 2009.0/SRPMS/xchat-2.8.6-1.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: cca12ae2901afc3e95623ab6344edf63 2009.0/x86_64/xchat-2.8.6-1.1mdv2009.0.x86_64.rpm 590a9dce87083e46fb90de1b20997b73 2009.0/x86_64/xchat-devel-2.8.6-1.1mdv2009.0.x86_64.rpm 727cf3e2bdf3dacc11aa5bb982704421 2009.0/x86_64/xchat-perl-2.8.6-1.1mdv2009.0.x86_64.rpm 5f33f207baf5303dcd3fb9a6e0421096 2009.0/x86_64/xchat-python-2.8.6-1.1mdv2009.0.x86_64.rpm fb5b2450030f0bf56cb24add210e45a2 2009.0/x86_64/xchat-tcl-2.8.6-1.1mdv2009.0.x86_64.rpm 6dc7ef3ff6f39be9f251dcb13601d289 2009.0/SRPMS/xchat-2.8.6-1.1mdv2009.0.src.rpm Corporate 3.0: 0a8a26aa7f576f77f4ec14a51421cf40 corporate/3.0/i586/xchat-2.0.7-6.2.100mdk.i586.rpm f0092129d5b34839365a9f7d3d85c23a corporate/3.0/i586/xchat-perl-2.0.7-6.2.100mdk.i586.rpm 48d7371a30ad17a269b06a80697f83a9 corporate/3.0/i586/xchat-python-2.0.7-6.2.100mdk.i586.rpm 44aa710343dd693caf002b1c6681dd77 corporate/3.0/i586/xchat-tcl-2.0.7-6.2.100mdk.i586.rpm 945a3ee0ecb60ac6388d6ce2a50d86c5 corporate/3.0/SRPMS/xchat-2.0.7-6.2.100mdk.src.rpm Corporate 3.0/X86_64: 8b799973c689570764d7f401a497abbc corporate/3.0/x86_64/xchat-2.0.7-6.2.100mdk.x86_64.rpm 5699773aef7b3d6de8cd38ebdd1797a9 corporate/3.0/x86_64/xchat-perl-2.0.7-6.2.100mdk.x86_64.rpm eda5bf3c90ff3c9096552924ce9dce5c corporate/3.0/x86_64/xchat-python-2.0.7-6.2.100mdk.x86_64.rpm 8366d439951dc21c0b93008c119fa41f corporate/3.0/x86_64/xchat-tcl-2.0.7-6.2.100mdk.x86_64.rpm 945a3ee0ecb60ac6388d6ce2a50d86c5 corporate/3.0/SRPMS/xchat-2.0.7-6.2.100mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJqEobmqjQ0CJFipgRAibrAKDKT6kMH9tmZVTEEXLJO/V6qU30JgCgvRxW vfev7NY/vyAVecUKESe20K0= =6bnL -----END PGP SIGNATURE----- ------------=_1235777232-6173-1747 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________ ------------=_1235777232-6173-1747-- Share this post Link to post
