Skip to navigation

Security Advisory mod_python security update

Advisory: RHSA-2005:100-04
Type: Security Advisory
Severity: Moderate
Issued on: 2005-02-15
Last updated on: 2005-02-15
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-0088

Details

An updated mod_python package that fixes a security issue in the publisher
handle is now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

Mod_python is a module that embeds the Python language interpreter within
the Apache web server, allowing handlers to be written in Python.

Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain access to
objects that should not be visible, leading to an information leak. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0088 to this issue.

Users of mod_python are advised to upgrade to this updated package,
which contains a backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
mod_python-3.1.3-5.1.src.rpm     MD5: 9b347c87be626bf3db5d6dd48baa3361
 
IA-32:
mod_python-3.1.3-5.1.i386.rpm     MD5: 23fa47b1d2f39be88f9e5822a2285773
 
x86_64:
mod_python-3.1.3-5.1.x86_64.rpm     MD5: d2606f761ce9e4eef03774c052d86720
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
mod_python-3.1.3-5.1.src.rpm     MD5: 9b347c87be626bf3db5d6dd48baa3361
 
IA-32:
mod_python-3.1.3-5.1.i386.rpm     MD5: 23fa47b1d2f39be88f9e5822a2285773
 
IA-64:
mod_python-3.1.3-5.1.ia64.rpm     MD5: 7d0d70022fc49b14cce22a5c9cce2897
 
PPC:
mod_python-3.1.3-5.1.ppc.rpm     MD5: d0ee5d0be27d284ca33ede8d8df802f6
 
s390:
mod_python-3.1.3-5.1.s390.rpm     MD5: 66c04ae4fe581508f12e2de2c8168deb
 
s390x:
mod_python-3.1.3-5.1.s390x.rpm     MD5: e01c827fd8713607826eaae61b7c2723
 
x86_64:
mod_python-3.1.3-5.1.x86_64.rpm     MD5: d2606f761ce9e4eef03774c052d86720
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
mod_python-3.1.3-5.1.src.rpm     MD5: 9b347c87be626bf3db5d6dd48baa3361
 
IA-32:
mod_python-3.1.3-5.1.i386.rpm     MD5: 23fa47b1d2f39be88f9e5822a2285773
 
IA-64:
mod_python-3.1.3-5.1.ia64.rpm     MD5: 7d0d70022fc49b14cce22a5c9cce2897
 
x86_64:
mod_python-3.1.3-5.1.x86_64.rpm     MD5: d2606f761ce9e4eef03774c052d86720
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
mod_python-3.1.3-5.1.src.rpm     MD5: 9b347c87be626bf3db5d6dd48baa3361
 
IA-32:
mod_python-3.1.3-5.1.i386.rpm     MD5: 23fa47b1d2f39be88f9e5822a2285773
 
IA-64:
mod_python-3.1.3-5.1.ia64.rpm     MD5: 7d0d70022fc49b14cce22a5c9cce2897
 
x86_64:
mod_python-3.1.3-5.1.x86_64.rpm     MD5: d2606f761ce9e4eef03774c052d86720
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

146657 - CAN-2005-0088 mod_python information leak


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/