Support / Security / Advisories / Mandriva Linux 2008.1 / MDVSA-2009:048-2

Package name: epiphany
Date: 2009-02-25
Advisory ID: MDVSA-2009:048-2
Affected versions: 2008.1 x86_64 , 2008.1 i586

Problem description

Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current Epiphany working directory
(CVE-2008-5985).

This update provides fix for that vulnerability.

Update:

The previous update package was not built against the correct (latest)
libxulrunner-1.9.0.6 library (fixes #48163)

Updated packages

2008.1 x86_64

 06731986f1f534739d2421ebc94e4714  2008.1/x86_64/epiphany-2.22.3-0.3mdv2008.1.x86_64.rpm
 a98351efcc10e336e5e6b78caa4697b8  2008.1/x86_64/epiphany-devel-2.22.3-0.3mdv2008.1.x86_64.rpm 
 c605be70a70b503027c9d1f5da3305c4  2008.1/SRPMS/epiphany-2.22.3-0.3mdv2008.1.src.rpm

2008.1 i586

 a93951cb851094952d151e3da49d6212  2008.1/i586/epiphany-2.22.3-0.3mdv2008.1.i586.rpm
 b5e6b0322dbad813e3285dc4d8efab6e  2008.1/i586/epiphany-devel-2.22.3-0.3mdv2008.1.i586.rpm 
 c605be70a70b503027c9d1f5da3305c4  2008.1/SRPMS/epiphany-2.22.3-0.3mdv2008.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5985