Stay Secure with the Latest Linux Advisories

security advisorysecurity updatered hat enterprise linux

Red Hat 6: RHSA-2012:1206-01 Moderate: Python Paste Script Security Update

An updated python-paste-script package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: python-paste-script security update Advisory ID: RHSA-2012:1206-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:1206.html Issue date: 2012-08-27 CVE Names: CVE-2012-0878 ==================================================================== 1. Summary: An updated python-paste-script package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch 3. Description: Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. Running "paster serve" as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application. (CVE-2012-0878) All paster users should upgrade to this updated package, which contains a backported patch to resolve this issue. Allrunning paster instances configured to drop privileges must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 796790 - CVE-2012-0878 python-paste-script: Supplementary groups not dropped when started an application with "paster serve" as root 6. Package List: Red Hat Enterprise Linux Server (v. 6): Source: noarch: python-paste-script-1.7.3-5.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: noarch: python-paste-script-1.7.3-5.el6_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-0878 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFQO3NyXlSAg2UNWIIRAk6VAJ4tpLx5OmM9RKOmKykagQVVJyWUBACfQA5W 6hlGqabDv0LthzBeYukR56I=Lln/ -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https:// . The recent enhancement to the python-paste-script module tackles notable security issues in Red Hat Enterprise Linux 6, accompanied by advisory specifics.. Python Paste Script Update, Red Hat Security Advisory, Moderate Security Impact. . LinuxSecurity.com Team

Aug 27, 2012 Red Hat