MDVSA-2009:040
- Package name
- dia
- Date
- 2009-02-16
- Advisory ID
- MDVSA-2009:040
- Affected versions
- 2009.0 x86_64 , 2009.0 i586 , 2008.1 x86_64 , 2008.1 i586
Problem description
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current dia working directory
(CVE-2008-5984).
This update provides fix for that vulnerability.
Updated packages
2009.0 x86_64
ca9a9cf5a8b3726661a62f93a2a3f227 2009.0/x86_64/dia-0.96.1-4.1mdv2009.0.x86_64.rpm 0be95063e54104fe001d1d560c77baf0 2009.0/SRPMS/dia-0.96.1-4.1mdv2009.0.src.rpm
2009.0 i586
060d069bb0196938f93e2e08bf802b85 2009.0/i586/dia-0.96.1-4.1mdv2009.0.i586.rpm 0be95063e54104fe001d1d560c77baf0 2009.0/SRPMS/dia-0.96.1-4.1mdv2009.0.src.rpm
2008.1 x86_64
16307a8d776d714e38c926419bdc655c 2008.1/x86_64/dia-0.96.1-3.1mdv2008.1.x86_64.rpm 9d83cd4ed0a42cf5e32a68482f72faee 2008.1/SRPMS/dia-0.96.1-3.1mdv2008.1.src.rpm
2008.1 i586
307728790d5ed938afc2cdc971430828 2008.1/i586/dia-0.96.1-3.1mdv2008.1.i586.rpm 9d83cd4ed0a42cf5e32a68482f72faee 2008.1/SRPMS/dia-0.96.1-3.1mdv2008.1.src.rpm