Paketname
gedit
Datum
2009-02-16
Advisory ID
MDVSA-2009:039
Betroffene Versionen
2009.0 x86_64 , 2009.0 i586 , 2008.1 x86_64 , 2008.1 i586

Problembeschreibung

Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current gedit working directory
(CVE-2009-0314).

This update provides fix for that vulnerability.

Aktualisierte Pakete

2009.0 x86_64

 c23506f8647266e4ebfc390536bc2b39  2009.0/x86_64/gedit-2.24.0-1.1mdv2009.0.x86_64.rpm
 2e3c0751171aa613c4a65cd963b0f325  2009.0/x86_64/gedit-devel-2.24.0-1.1mdv2009.0.x86_64.rpm 
 07970b1c57aa2f6bb22bfc9cb403268b  2009.0/SRPMS/gedit-2.24.0-1.1mdv2009.0.src.rpm

2009.0 i586

 e58b21b75e89b81211b8220523a5dd0d  2009.0/i586/gedit-2.24.0-1.1mdv2009.0.i586.rpm
 757bc407cc43122272d1bacef5ce8a32  2009.0/i586/gedit-devel-2.24.0-1.1mdv2009.0.i586.rpm 
 07970b1c57aa2f6bb22bfc9cb403268b  2009.0/SRPMS/gedit-2.24.0-1.1mdv2009.0.src.rpm

2008.1 x86_64

 bf94638effcf8a932691c75b6c457a4f  2008.1/x86_64/gedit-2.22.0-1.1mdv2008.1.x86_64.rpm
 5f04e2a993a47d9438b6707a532a7ddb  2008.1/x86_64/gedit-devel-2.22.0-1.1mdv2008.1.x86_64.rpm 
 fcc497a78b853aab0a6964ad1edd659f  2008.1/SRPMS/gedit-2.22.0-1.1mdv2008.1.src.rpm

2008.1 i586

 ddb94747dc541a7d072bb4c543070fd7  2008.1/i586/gedit-2.22.0-1.1mdv2008.1.i586.rpm
 578e6f94403e97a89193d7a12145bacd  2008.1/i586/gedit-devel-2.22.0-1.1mdv2008.1.i586.rpm 
 fcc497a78b853aab0a6964ad1edd659f  2008.1/SRPMS/gedit-2.22.0-1.1mdv2008.1.src.rpm

Referenzen