Mandrake Linux Security Advisory : python (MDKSA-2002:082-1)
Medium Nessus Plugin ID 13980
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method.
The previously released packages for 9.0 had an incorrect dependency on libdb.so.2 instead of libdb.so.3. This update corrects that problem.
SolutionUpdate the affected packages.