---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-140
2005-02-10
---------------------------------------------------------------------
Product : Fedora Core 3
Name : mod_python
Version : 3.1.3
Release : 5.2
Summary : An embedded Python interpreter for the Apache Web server.
Description :
Mod_python is a module that embeds the Python language interpreter within
the server, allowing Apache handlers to be written in Python.
Mod_python brings together the versatility of Python and the power of
the Apache Web server for a considerable boost in flexibility and
performance over the traditional CGI approach.
---------------------------------------------------------------------
Update Information:
Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain access to
objects that should not be visible, leading to an information leak. The
Common Vulnerabilities and Exposures project (
cve.mitre.org) has assigned
the name CAN-2005-0088 to this issue.
This update includes a patch which fixes this issue.
---------------------------------------------------------------------
* Mon Jan 31 2005 Joe Orton <jorton(a)redhat.com> 3.1.3-5.2
- add security fix for CVE CAN-2005-0088 (#146655)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
2f8f27de0ed294fb0df1dbcc4b459d1b SRPMS/mod_python-3.1.3-5.2.src.rpm
14821a1a3b89506fddc51b338f93a800 x86_64/mod_python-3.1.3-5.2.x86_64.rpm
07653b192939283ac05b094f6963af43 x86_64/debug/mod_python-debuginfo-3.1.3-5.2.x86_64.rpm
5908a986650071f30ab180724d3a461b i386/mod_python-3.1.3-5.2.i386.rpm
24f5c62133e734b1b2b109d3fe19a83b i386/debug/mod_python-debuginfo-3.1.3-5.2.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------