427665 – CherryPy security hole still unpatched: Malicious cookies may allow access to files outside the session directory

Bug 427665 - CherryPy security hole still unpatched: Malicious cookies may allow access to files outside the session directory

Summary: CherryPy security hole still unpatched: Malicious cookies may allow access to...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	python-cherrypy
Sub Component:
Version:	8
Hardware:	All
OS:	All
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Luke Macken
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-01-06 14:06 UTC by Felix Schwarz
Modified:	2016-09-20 02:38 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-01-14 08:00:20 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Felix Schwarz 2008-01-06 14:06:21 UTC

+++ This bug was initially created as a clone of Bug #427664 +++

In October, a security hole in CherryPy was found, see
http://www.cherrypy.org/ticket/744 for a detailed description and patches.

As far as I can see, this bug was not patched in Fedora 7/8. In Fedora 8, the
latest CherryPy version is 2.2.1-7.fc8.noarch.rpm. Although the RPM changelog
mentions that a backported fix for the problem was applied ("Apply backported
fix from http://www.cherrypy.org/changeset/1766"), sessionfilter.py seems to be
still vulnerable.

Comment 1 Tomas Hoger 2008-01-14 08:00:20 UTC

Packages with backported fix pushed to F7 and F8:

https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0333
https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0299

Note You need to log in before you can comment on or make changes to this bug.