[Frugalware-security] [ FSA-268 ] python
voroskoi
noreply at frugalware.org
Fri Sep 7 13:48:21 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-268
Date: 2007-09-07
Package: python
Vulnerable versions: <= 2.5-3terminus1
Unaffected versions: >= 2.5-3terminus2
Related bugreport: http://bugs.frugalware.org/task/2382
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4559
Description
===========
Some vulnerabilities have been reported in the Python tarfile module, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to input validation errors when extracting tar archives. This can be exploited to extract files to arbitrary locations outside the specified directory with the permissions of the application using the tarfile module by using the "../" directory traversal sequence or malicious symlinks in a specially crafted tar archive.
Updated Packages
================
Check if you have python installed:
# pacman-g2 -Q python
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy python
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iD8DBQFG4TqFZ7NElSD1VhkRAkZmAKCXylNFa5bOHSIkCmhhqw3DbI9BqACfdO47
ZD1AGVRXmAgkXcZV4vmcLVM=
=jzwA
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list