rPSA-2008-0243-1 idle python
- To: security-announce@xxxxxxxxxxxxxxx, update-announce@xxxxxxxxxxxxxxx, security-announce@xxxxxxxxxxxxxxx, update-announce@xxxxxxxxxxxxxxx, product-announce@xxxxxxxxxxxxxxx, product-announce@xxxxxxxxxxxxxxx
- Subject: rPSA-2008-0243-1 idle python
- From: rPath Update Announcements <announce-noreply@xxxxxxxxx>
- Date: Wed, 13 Aug 2008 09:17:49 -0400
- Cc: full-disclosure@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, lwn@xxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, lwn@xxxxxxx
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
- User-agent: nail 11.22 3/20/05
rPath Security Advisory: 2008-0243-1
Published: 2008-08-13
Products:
rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2
Rating: Major
Exposure Level Classification:
Indirect Deterministic Unauthorized Access
Updated Versions:
idle=conary.rpath.com@rpl:1/2.4.1-20.17-1
idle=conary.rpath.com@rpl:2/2.4.4-41-0.1
python=conary.rpath.com@rpl:1/2.4.1-20.17-1
python=conary.rpath.com@rpl:2/2.4.4-41-0.1
rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-1412
https://issues.rpath.com/browse/RPL-2648
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144
Description:
Previous versions of the python package are vulnerable to multiple
attacks, the most serious of which may allow an attacker to execute
arbitrary code.
Additionally, previous versions of the python package on rPath Linux 2
and rPath Appliance Platform Linux Service 2 did not provide the bsddb
module. This has been corrected.
http://wiki.rpath.com/Advisories:rPSA-2008-0243
Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html