Article ID: 2830, created on Oct 29, 2007, last review on Apr 18, 2012

  • Applies to:
  • Pro Control Panel Linux

AdditionalInformation

View Knowledge
Knowledge ID 2250
Product : Ensim Pro for Linux
Version : 3.5
Topic : Hotfix

Title
WEBppliance 3.1.6 Security Update (LS)

Summary
WEBppliance 3.1.6 Security Update (LS)

Prevention


Details

WEBppliance 3.1.6 provides a security update that resolves the predictable temporary file vulnerability in Python 2.2.1.

Compatibility :

This patch requires WEBppliance 3.1.5 for Linux to be installed on your server.

NOTE: This patch will not install on any other version of WEBppliance for Linux, other than 3.1.5.

Major Features of WEBppliance 3.1.6
This patch addresses and fixes the security vulnerability mentioned below:

  1. Predictable temporary file vulnerability in Python.
    os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.

    Advisory details for the security patch are available at the following URL:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1119


Installation Instructions :

Download site: (be sure to download using BINARY mode)
http://download.swsoft.com/ensim/download/webppliance/linux/patches/3.1.6/


To install the patch please follow the instructions below :

1.  Download the file LS-3.1.6-1.tar.gz

2.  Uncompress the file:
    tar -xvzf LS-3.1.6-1.tar.gz

3.  Change the current directory to the directory
    where you have uncompressed the file:
    cd LS-3.1.6-1

4.  Run the following command
    # sh ./patch-install-3.1.6-1.sh
    After checking that this is the LS installation for LWP 3.1.5, this
    install script would upgrade the required rpms (requires root access).


Attachments


Related Knowledge

Related Links
 
Last ModifiedUsageSatisfiedLast Used
6/16/2006 2:25:48 AM5 10/12/2007 4:17:21 AM

4cc899da08664637a8bc437308d3ddd7 3ccb419cf98083f3bb45808fba8dbc7c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF