MDKSA-2002:082-1

Package name

python

Date

2002-12-09

Advisory ID

MDKSA-2002:082-1

Affected versions

9.0 i586

Problem description

A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. Update: The previously released packages for 9.0 had an incorrect dependency on libdb.so.2 instead of libdb.so.3. This update corrects that problem.

Updated packages

9.0 i586

 eda5ce8842e16db410497487665a926a  9.0/RPMS/libpython2.2-2.2.1-14.2mdk.i586.rpm
c85d22c38bf31f75ebdfb782a3ff0975  9.0/RPMS/libpython2.2-devel-2.2.1-14.2mdk.i586.rpm
06970738837e1a6355bd0555287706bb  9.0/RPMS/python-2.2.1-14.2mdk.i586.rpm
efe32dfe6f8fb692916e3a7b3550616b  9.0/RPMS/python-base-2.2.1-14.2mdk.i586.rpm
6b7b68b3df2c6d35ed3ddcd279f63a65  9.0/RPMS/python-docs-2.2.1-14.2mdk.i586.rpm
1febf082525ee0816c9453d576938fac  9.0/RPMS/tkinter-2.2.1-14.2mdk.i586.rpm
1c07dce9e92f07203bf5aa783869b959  9.0/SRPMS/python-2.2.1-14.2mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1119
• http://mail.python.org/pipermail/python-dev/2002-August/027223.html
• http://python.org/sf/590294