Package name
xchat
Date
2009-12-08
Advisory ID
MDVSA-2009:059-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current X-Chat working directory
(CVE-2009-0315).

This update provides fix for that vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 2f508856ddea805aaf7cbb33247dac54  2008.0/i586/xchat-2.8.4-4.1mdv2008.0.i586.rpm
 d9b5a290c6c5e1bd586404f10b9d9eeb  2008.0/i586/xchat-devel-2.8.4-4.1mdv2008.0.i586.rpm
 342d30ce204cd174d7957a2486f549b1  2008.0/i586/xchat-perl-2.8.4-4.1mdv2008.0.i586.rpm
 6ff30bd6e118219594cab35b02d3764f  2008.0/i586/xchat-python-2.8.4-4.1mdv2008.0.i586.rpm
 231b613f87b1edff9d684a270a2c99db  2008.0/i586/xchat-tcl-2.8.4-4.1mdv2008.0.i586.rpm 
 9890085895515c57d411ae22986231ae  2008.0/SRPMS/xchat-2.8.4-4.1mdv2008.0.src.rpm

2008.0 x86_64

 85b15ae0380858f1149e7bc03b1ad731  2008.0/x86_64/xchat-2.8.4-4.1mdv2008.0.x86_64.rpm
 d630e2a41f1c8ffdb295f4cf0483038b  2008.0/x86_64/xchat-devel-2.8.4-4.1mdv2008.0.x86_64.rpm
 9e4347338e0d99bfba3d35a2da6d7b83  2008.0/x86_64/xchat-perl-2.8.4-4.1mdv2008.0.x86_64.rpm
 9f36147a7edc829c2adb15cb4636ee6f  2008.0/x86_64/xchat-python-2.8.4-4.1mdv2008.0.x86_64.rpm
 0615947c1e332c1633386aabf312b339  2008.0/x86_64/xchat-tcl-2.8.4-4.1mdv2008.0.x86_64.rpm 
 9890085895515c57d411ae22986231ae  2008.0/SRPMS/xchat-2.8.4-4.1mdv2008.0.src.rpm

References