MDVSA-2009:341

Package name

dstat

Date

2009-12-26

Advisory ID

MDVSA-2009:341

Affected versions

CS4.0 x86_64 , CS4.0 i586

Problem description

Multiple vulnerabilities has been found and corrected in dstat:

Multiple untrusted search path vulnerabilities in dstat before 0.7.0
allow local users to gain privileges via a Trojan horse Python module
in (1) the current working directory or (2) a certain subdirectory
of the current working directory (CVE-2009-3894, CVE-2009-4081).

This update provides a solution to these vulnerabilities.

Updated packages

CS4.0 x86_64

 e12387236a35e1fc0e3c85c21a8664b5  corporate/4.0/x86_64/dstat-0.6.1-1.1.20060mlcs4.noarch.rpm 
 86123e8ebe4e3aedb87ca7600b12a7f2  corporate/4.0/SRPMS/dstat-0.6.1-1.1.20060mlcs4.src.rpm

CS4.0 i586

 3f286380fe3e7b79b21603e54b6ad426  corporate/4.0/i586/dstat-0.6.1-1.1.20060mlcs4.noarch.rpm 
 86123e8ebe4e3aedb87ca7600b12a7f2  corporate/4.0/SRPMS/dstat-0.6.1-1.1.20060mlcs4.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4081
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3894