dstat security update

ID CESA-2009:1619
Type centos
Reporter CentOS Project
Modified 2009-12-17T12:39:29


CentOS Errata and Security Advisory CESA-2009:1619

Dstat is a versatile replacement for the vmstat, iostat, and netstat tools. Dstat can be used for performance tuning tests, benchmarks, and troubleshooting.

Robert Buchholz of the Gentoo Security Team reported a flaw in the Python module search path used in dstat. If a local attacker could trick a local user into running dstat from a directory containing a Python script that is named like an importable module, they could execute arbitrary code with the privileges of the user running dstat. (CVE-2009-3894)

All dstat users should upgrade to this updated package, which contains a backported patch to correct this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2009-December/028404.html http://lists.centos.org/pipermail/centos-announce/2009-December/028405.html

Affected packages: dstat

Upstream details at: https://rhn.redhat.com/errata/RHSA-2009-1619.html