Paketname
dia
Datum
2009-02-20
Advisory ID
MDVSA-2009:046
Betroffene Versionen
CS3.0 i586 , CS3.0 x86_64

Problembeschreibung

Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current dia working directory
(CVE-2008-5984).

This update provides fix for that vulnerability.

Aktualisierte Pakete

CS3.0 i586

 46638030e4a286f1e074cc2229c552cb  corporate/3.0/i586/dia-0.92.2-2.4.C30mdk.i586.rpm 
 2f1847fc986675bf19c29d949ce24bfe  corporate/3.0/SRPMS/dia-0.92.2-2.4.C30mdk.src.rpm

CS3.0 x86_64

 1137d4acde3d7f806c1f22bc0990db1c  corporate/3.0/x86_64/dia-0.92.2-2.4.C30mdk.x86_64.rpm 
 2f1847fc986675bf19c29d949ce24bfe  corporate/3.0/SRPMS/dia-0.92.2-2.4.C30mdk.src.rpm

Referenzen