Apache Mod-Python - [ANNOUNCE] Mod_python 3.2.8 (security)

This is Interesting: Free IT Magazines  
Home > Archive > Apache Mod-Python > February 2006 > [ANNOUNCE] Mod_python 3.2.8 (security)





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author [ANNOUNCE] Mod_python 3.2.8 (security)
Gregory (Grisha) Trubetskoy

2006-02-25, 5:49 pm


The Apache Software Foundation and The Apache HTTP Server Project are
pleased to announce the release of version 3.2.8 of mod_python.

This release addresses a vulnerability in mod_python's FileSession
object whereby a carefully crafted session cookie could potentially
permit an attacker to execute code on the server.

FileSession was introduced in mod_python 3.2.7 released on February 15
2006 and is not enabled by default, therefore only a very small number
of installations, if any, are likely to be affected by this issue.

There are no other changes or improvements from the previous version in
this release.

Mod_python is available for download from:

http://httpd.apache.org/modules/python-download.cgi

For more information about mod_python visit http://www.modpython.org/

Regards,

Gregory Trubetskoy


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com