Paketname
eog
Datum
2009-03-02
Advisory ID
MDVSA-2009:063
Betroffene Versionen
2009.0 x86_64 , 2009.0 i586 , 2008.1 x86_64 , 2008.1 i586

Problembeschreibung

Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current eog working directory
(CVE-2008-5987).

This update provides fix for that vulnerability.

Aktualisierte Pakete

2009.0 x86_64

 f4ba54784ea91f0f74af8bc5c87d338c  2009.0/x86_64/eog-2.24.0-1.1mdv2009.0.x86_64.rpm
 7a2ae7d440ac69276360b627c09114a4  2009.0/x86_64/eog-devel-2.24.0-1.1mdv2009.0.x86_64.rpm 
 fd4ecc84ee25b93328b6a3092f6a3a40  2009.0/SRPMS/eog-2.24.0-1.1mdv2009.0.src.rpm

2009.0 i586

 f31223e6de4f8983881dfcf285dd9edd  2009.0/i586/eog-2.24.0-1.1mdv2009.0.i586.rpm
 083c380961411066f65caf0fd386ba49  2009.0/i586/eog-devel-2.24.0-1.1mdv2009.0.i586.rpm 
 fd4ecc84ee25b93328b6a3092f6a3a40  2009.0/SRPMS/eog-2.24.0-1.1mdv2009.0.src.rpm

2008.1 x86_64

 d1e9d29e243845bb4def4538ed4b2024  2008.1/x86_64/eog-2.22.0-2.1mdv2008.1.x86_64.rpm
 25a7459f468c84a16ee922776f0faa4f  2008.1/x86_64/eog-devel-2.22.0-2.1mdv2008.1.x86_64.rpm 
 e93aee8a13e874aad2729d8f0a9dae86  2008.1/SRPMS/eog-2.22.0-2.1mdv2008.1.src.rpm

2008.1 i586

 3a5307da4e704d80ffae6cc0417cf1e8  2008.1/i586/eog-2.22.0-2.1mdv2008.1.i586.rpm
 d7e8fe6d4313f5f8dd74bdb3bafdd4e6  2008.1/i586/eog-devel-2.22.0-2.1mdv2008.1.i586.rpm 
 e93aee8a13e874aad2729d8f0a9dae86  2008.1/SRPMS/eog-2.22.0-2.1mdv2008.1.src.rpm

Referenzen