desktop-packages team mailing list archive

Thread
Date

[Bug 322196] Re: Untrusted search path vulnerability in Python and multiple other programs

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: dino99 <322196@xxxxxxxxxxxxxxxxxx>
Date: Sun, 03 May 2015 13:14:34 -0000
Reply-to: Bug 322196 <322196@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Support for this version has ended

** Changed in: python2.4 (Ubuntu)
       Status: Confirmed => Invalid

** Changed in: python2.5 (Ubuntu)
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to eog in Ubuntu.
https://bugs.launchpad.net/bugs/322196

Title:
  Untrusted search path vulnerability in Python and multiple other
  programs

Status in Light-Weight Text Editor for Gnome:
  Fix Released
Status in Python:
  Fix Released
Status in csound package in Ubuntu:
  Fix Released
Status in dia package in Ubuntu:
  Fix Released
Status in eog package in Ubuntu:
  Fix Released
Status in epiphany package in Ubuntu:
  Invalid
Status in epiphany-browser package in Ubuntu:
  Fix Released
Status in gedit package in Ubuntu:
  Fix Released
Status in gnumeric package in Ubuntu:
  Fix Released
Status in nautilus-python package in Ubuntu:
  Fix Released
Status in python2.3 package in Ubuntu:
  Won't Fix
Status in python2.4 package in Ubuntu:
  Invalid
Status in python2.5 package in Ubuntu:
  Invalid
Status in python2.6 package in Ubuntu:
  Fix Released
Status in vim package in Ubuntu:
  Fix Released
Status in xchat package in Ubuntu:
  Fix Released

Bug description:
  There's an interesting bug (or feature?) in Python 2.6 and earlier
  that affects multiple applications using Python. The bug allows local
  or user-assisted remote arbitrary code execution. Here is the
  description of the Python CVE:

  "Untrusted search path vulnerability in the PySys_SetArgv API function
  in Python before 2.6 prepends an empty string to sys.path when the
  argv[0] argument does not contain a path separator, which might allow
  local users to execute arbitrary code via a Trojan horse Python file
  in the current working directory."

  (Python 2.6 is vulnerable, too. See the comments.)

  Affected packages are, at least:

  CVE-2008-4863 - Blender (already fixed in Ubuntu, I think)
  CVE-2008-5983 - Python
  CVE-2008-5984 - Dia
  CVE-2008-5985 - Epiphany
  CVE-2008-5986 - Csound
  CVE-2008-5987 - eog
  CVE-2009-0314 - gedit
  CVE-2009-0315 - xchat
  CVE-2009-0316 - vim
  CVE-2009-0317 - Nautilus
  CVE-2009-0318 - Gnumeric

  I'm not sure which versions of these packages and which Ubuntu
  releases are actually affected, though.

  Source and more information:
  oss-security thread at http://www.openwall.com/lists/oss-security/2009/01/28/2
  http://www.openwall.com/lists/oss-security/2009/01/26/2

To manage notifications about this bug go to:
https://bugs.launchpad.net/gedit/+bug/322196/+subscriptions