Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com
Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

 






Current Newswire:

Raspberry Pi benchmarked against Beagleboard, low price is long term

20 popular Ubuntu Linux apps you may want to try

A Selection of the Very Best Open Source Tutorials and Tools

Android Ice Cream Sandwich ported to x86 tablets, netbooks and notebooks

SECURITY: Google Chrome 17 Improves Security

How to read a CSV file in Perl?

Red Hat Brings Gluster to Amazon Cloud

New Linux kernel fixes power-saving issues

Using Wii remote with Android Device- Taking Gaming to the Next Level

Commercial Support now available for the open-source NGINX Web server



Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Justtechjobs.com Post A Job | Post A Resume
:Advisories, March 2, 2005
Advisories, March 2, 2005
Mar 3, 2005, 04 :45 UTC (0 Talkback[s]) (2153 reads)

Conectiva Linux

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : mod_python
SUMMARY : Fix for mod_python vulnerability
DATE : 2005-03-02 12:14:00
ID : CLA-2005:926
RELEVANT RELEASES : 9, 10

DESCRIPTION
The package mod_python[1] provides an Apache module that embeds the Python interpreter within the server.

This annoucement fixes an information leak vulnerability[2] in mod_python which could allow a remote attacker to obtain access to restricted objects via a specially crafted URL.

SOLUTION
All mod_python users should do the upgrade. Notice that after the installation you have to restart the httpd service manually in order to load the new module. To achieve this you may execute the following command (as root):

# service httpd restart

REFERENCES
1.http://www.modpython.org/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0088

UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/mod_python-3.1.3-51944U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_python-3.1.3-51944U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_python-doc-3.1.3-51944U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/mod_python-3.0.4-28605U90_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_python-3.0.4-28605U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_python-doc-3.0.4-28605U90_2cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com


No talkbacks posted.
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!

..............................




All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP