Support / Security / Advisories / Mandriva Linux 2009.0 / MDVSA-2009:048-1

Package name: epiphany
Date: 2009-02-20
Advisory ID: MDVSA-2009:048-1
Affected versions: 2009.0 x86_64 , 2009.0 i586

Problem description

Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current Epiphany working directory
(CVE-2008-5985).

This update provides fix for that vulnerability.

Update:

The previous update package was not built against the correct (latest)
libxulrunner-1.9.0.6 library (fixes #48163)

Updated packages

2009.0 x86_64

 6ebde74ae17d0881072cd4395f94e065  2009.0/x86_64/epiphany-2.24.0.1-3.5mdv2009.0.x86_64.rpm
 7b490af03372504852264d2eb0f151e3  2009.0/x86_64/epiphany-devel-2.24.0.1-3.5mdv2009.0.x86_64.rpm 
 64a55129a1bc9601f61be815d7a0e195  2009.0/SRPMS/epiphany-2.24.0.1-3.5mdv2009.0.src.rpm

2009.0 i586

 592e5f24082af7e6a1f2b3b9db20b3da  2009.0/i586/epiphany-2.24.0.1-3.5mdv2009.0.i586.rpm
 d04751e441f59f1c9ebf56bf6c00cf4c  2009.0/i586/epiphany-devel-2.24.0.1-3.5mdv2009.0.i586.rpm 
 64a55129a1bc9601f61be815d7a0e195  2009.0/SRPMS/epiphany-2.24.0.1-3.5mdv2009.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5985