- Advisory ID
- Betroffene Versionen
- 9.0 i586
A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. Update: The previously released packages for 9.0 had an incorrect dependency on libdb.so.2 instead of libdb.so.3. This update corrects that problem.
eda5ce8842e16db410497487665a926a 9.0/RPMS/libpython2.2-2.2.1-14.2mdk.i586.rpm c85d22c38bf31f75ebdfb782a3ff0975 9.0/RPMS/libpython2.2-devel-2.2.1-14.2mdk.i586.rpm 06970738837e1a6355bd0555287706bb 9.0/RPMS/python-2.2.1-14.2mdk.i586.rpm efe32dfe6f8fb692916e3a7b3550616b 9.0/RPMS/python-base-2.2.1-14.2mdk.i586.rpm 6b7b68b3df2c6d35ed3ddcd279f63a65 9.0/RPMS/python-docs-2.2.1-14.2mdk.i586.rpm 1febf082525ee0816c9453d576938fac 9.0/RPMS/tkinter-2.2.1-14.2mdk.i586.rpm 1c07dce9e92f07203bf5aa783869b959 9.0/SRPMS/python-2.2.1-14.2mdk.src.rpm