python-paste-script-1.7.3-5.AXS4
エラータID: AXSA:2012-895:01
Release date:
Wednesday, September 12, 2012 - 14:15
Subject:
python-paste-script-1.7.3-5.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
Paster is pluggable command-line frontend, including commands to setup package file layouts
Built-in features:
* Creating file layouts for packages. For instance a setuptools-ready file layout.
* Serving up web applications, with configuration based on paste.deploy
Security issues fixed with this release:
CVE-2012-0878
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
Solution:
Update packages.
CVEs:
CVE-2012-0878
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
Additional Info:
N/A
Download:
SRPMS
- python-paste-script-1.7.3-5.AXS4.src.rpm
MD5: cd846ef024acf9d6e5e4e28a4dfe5a9f
SHA-256: 75d28486b1317853ef3b2dfbc74068762e05f4332d1626d398284c05160f2a8e
Size: 132.40 kB
Asianux Server 4 for x86
- python-paste-script-1.7.3-5.AXS4.noarch.rpm
MD5: d70adc1d4756e84ada2b27a290e49464
SHA-256: 79aa5e14a074de2d8cac0a19d7433bfe0624b3bf5c5354068e432b0110b82de5
Size: 204.80 kB
Asianux Server 4 for x86_64
- python-paste-script-1.7.3-5.AXS4.noarch.rpm
MD5: f693c5a32a1a9b47c7a3b3f8603e07c6
SHA-256: 5dfdaf4036ca776e6c3007b43466fc3e9e888e0d533caaa894044651c37569b2
Size: 204.32 kB
日本語