Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21380
HistoryFeb 24, 2009 - 12:00 a.m.

[ MDVSA-2009:048-1 ] epiphany

2009-02-2400:00:00
vulners.com
7
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2009:048-1
http://www.mandriva.com/security/

Package : epiphany
Date : February 20, 2009
Affected: 2009.0

Problem Description:

Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current Epiphany working directory
(CVE-2008-5985).

This update provides fix for that vulnerability.

Update:

The previous update package was not built against the correct (latest)
libxulrunner-1.9.0.6 library (fixes #48163)

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5985

Updated Packages:

Mandriva Linux 2009.0:
592e5f24082af7e6a1f2b3b9db20b3da 2009.0/i586/epiphany-2.24.0.1-3.5mdv2009.0.i586.rpm
d04751e441f59f1c9ebf56bf6c00cf4c 2009.0/i586/epiphany-devel-2.24.0.1-3.5mdv2009.0.i586.rpm
64a55129a1bc9601f61be815d7a0e195 2009.0/SRPMS/epiphany-2.24.0.1-3.5mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
6ebde74ae17d0881072cd4395f94e065 2009.0/x86_64/epiphany-2.24.0.1-3.5mdv2009.0.x86_64.rpm
7b490af03372504852264d2eb0f151e3 2009.0/x86_64/epiphany-devel-2.24.0.1-3.5mdv2009.0.x86_64.rpm
64a55129a1bc9601f61be815d7a0e195 2009.0/SRPMS/epiphany-2.24.0.1-3.5mdv2009.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJo9hGmqjQ0CJFipgRAqLmAKDPX4EpQKiT2zO3+0EmLy+Qm8Ja0gCgnP5i
QWxD2WlLJ7n1IXmxd3yM+as=
=comw
-----END PGP SIGNATURE-----

Related

openvas 11
nessus 4
seebug 1
securityvulns 2
gentoo 1
freebsd 1
debiancve 1
prion 1
cve 1
ubuntucve 1
openvas
openvas
Mandrake Security Advisory MDVSA-2009:048 (epiphany)
2009-03-02 00:00:00
Mandrake Security Advisory MDVSA-2009:048-2 (epiphany)
2009-03-02 00:00:00
Mandrake Security Advisory MDVSA-2009:048 (epiphany)
2009-03-02 00:00:00
nessus
nessus
GLSA-200903-16 : Epiphany: Untrusted search path
2009-03-10 00:00:00
Mandriva Linux Security Advisory : epiphany (MDVSA-2009:048-2)
2009-04-23 00:00:00
FreeBSD : epiphany -- untrusted search path vulnerability (e848a92f-0e7d-11de-92de-000bcdc1757a)
2009-03-12 00:00:00
seebug
seebug
Epiphany PySys_SetArgvε‡½ζ•°ε‘½δ»€ζ‰§θ‘ŒζΌ
2009-02-23 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:048 ] epiphany
2009-02-25 00:00:00
blender / gedit / gnumeric / vim / eog python scripts code execution
2009-04-07 00:00:00
gentoo
gentoo
Epiphany: Untrusted search path
2009-03-09 00:00:00
freebsd
freebsd
epiphany -- untrusted search path vulnerability
2009-01-26 00:00:00
debiancve
debiancve
CVE-2008-5985
2009-01-28 11:30:00
prion
prion
Design/Logic Flaw
2009-01-28 11:30:00
cve
cve
CVE-2008-5985
2009-01-28 11:30:00
ubuntucve
ubuntucve
CVE-2008-5985
2009-01-28 00:00:00
JSON
Related for SECURITYVULNS:DOC:21380
openvas11nessus4seebug1securityvulns2gentoo1freebsd1debiancve1prion1cve1ubuntucve1