Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 159-2 (python)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to python announced via advisory DSA 159-2.
Insight
Insight
The bugfix we distributed in DSA 159-1 unfortunately caused Python to sometimes behave improperly when a non-executable file existed earlier in the path and an executable file of the same name existed later in the path. Zack Weinberg fixed this in the Python source. For reference, here's the original advisory text: Zack Weinberg discovered an insecure use of a temporary file in os._execvpe from os.py. It uses a predictable name which could lead execution of arbitrary code. This problem has been fixed in several versions of Python: For the current stable distribution (woody) it has been fixed in version 1.5.2-23.2 of Python 1.5, in version 2.1.3-3.2 of Python 2.1 and in version 2.2.1-4.2 of Python 2.2. For the old stable distribution (potato) this has been fixed in version 1.5.2-10potato13 for Python 1.5. For the unstable distribution (sid) this has been fixed in version 1.5.2-25 of Python 1.5, in version 2.1.3-9 of Python 2.1 and in version 2.2.1-11 of Python 2.2. Python 2.3 is not affected by the original problem. We recommend that you upgrade your Python packages.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20159-2