RHSA-2003:048 - Security Advisory

Topic

An insecure use of a temporary file has been found in Python.

Description

Python is an interpreted, interactive, object-oriented programming
language.

Zack Weinberg discovered that os._execvpe from os.py in Python 2.2.1 and
earlier creates temporary files with predictable names. This could allow
local users to execute arbitrary code via a symlink attack

All users should upgrade to these errata packages which include a patch to
python 1.5.2 to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

• Red Hat Enterprise Linux Server 2 ia64
• Red Hat Enterprise Linux Workstation 2 ia64

Fixes

• BZ - 77253 - An insecure use of a temporary file has been found in Python.

CVEs

• CVE-2002-1119

References

(none)