Paketname
dia
Datum
2009-12-08
Advisory ID
MDVSA-2009:046-1
Betroffene Versionen
2008.0 i586 , 2008.0 x86_64

Problembeschreibung

Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current dia working directory
(CVE-2008-5984).

This update provides fix for that vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Aktualisierte Pakete

2008.0 i586

 03f01a390f5e72db3a8d00734c0e491e  2008.0/i586/dia-0.96.1-2.1mdv2008.0.i586.rpm 
 43d069d118fc1a55bac471fd7a986534  2008.0/SRPMS/dia-0.96.1-2.1mdv2008.0.src.rpm

2008.0 x86_64

 b1855ca49f2a0952c10c676ff29e17ac  2008.0/x86_64/dia-0.96.1-2.1mdv2008.0.x86_64.rpm 
 43d069d118fc1a55bac471fd7a986534  2008.0/SRPMS/dia-0.96.1-2.1mdv2008.0.src.rpm

Referenzen