USN-80-1: mod_python vulnerability
Posted on: 02/11/2005 07:55 AM

A mod_python security update is available for Ubuntu Linux 4.10

Ubuntu Security Notice USN-80-1 February 11, 2005
libapache2-mod-python vulnerabilities

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to version 3.1.3-1ubuntu3.2. After a standard system upgrade you need to restart the Apache 2 web server using

sudo /etc/init.d/apache2 restart

to effect the necessary changes.

Details follow:

Graham Dumpleton discovered an information disclosure in the "publisher" handle of mod_python. By requesting a carefully crafted URL for a published module page, anybody can obtain extra information about internal variables, objects, and other information which is not intended to be visible.

Source archives:
Size/MD5: 24067 485183927dd680eedb351cedbd0bb882
Size/MD5: 806 3b141dd6a13c2abc0c1780ff8d9c34aa
Size/MD5: 293548 2e1983e35edd428f308b0dfeb1c23bfe

Architecture independent packages:
Size/MD5: 100700 6890472b77b13191bf5106123bbebc6c
Size/MD5: 12462 b48ab5f2c09c47bfe0c7c02243766c4f

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 87564 e331d0cbb7aacadc64ef44d41d326587
Size/MD5: 87650 0dcbdb227cae1b4721c4b8e0454b4ea6

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 80502 003d29054ae210f2f81826bac8de7856
Size/MD5: 80538 1813380c5c39583e9311e117f2823aca

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 85218 d56d5f3a5cda43096dda9d1d7fc3fc0b
Size/MD5: 85350 9df8b87f95570137d2402818a252b38d

Printed from Linux Compatible (