Apache News Online: 13 February 2005 - Mod_python 3.1.4 and 2.7.11 (Security Release)

« 10 February 2005 - ApacheCon Europe 2005 Call for Participation Is Open | Main | 14 February 2005 - Jakarta Lucene Moves Up To Apache TOP-LEVEL »

February 13, 2005

13 February 2005 - Mod_python 3.1.4 and 2.7.11 (Security Release)

The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of versions 3.1.4 and 2.7.11 of mod_python.

This release addresses a vulnerability in mod_python's publisher handler whereby a carefully crafted URL would expose objects that should not be visible, leading to an information leak. The Common Vulnerabilities and Exposures project (http://cve.mitre.org/) has assigned the name CAN-2005-0088 to this issue.

Users of the publisher handler are urged to upgrade as soon as possible.

There are no other changes or improvements from the previous version in this release.

At this point the new version is only available as a source code archive. Users of mod_python on Win32 platform can update their installation by simply replacing the publisher.py file with the latest version from the source code archive.

Mod_python is available for download from:

http://httpd.apache.org/modules/python-download.cgi

For more information about mod_python visit
http://www.modpython.org/

Regards,

----

-- The Apache HTTP Server Project

Posted by Tetsuya Kitahata at February 13, 2005 05:07 AM
http://www.apachenews.org/archives/000562.html
[ Category : Apache HTTP ] (PDF)(XML)