The Apache Software Foundation and The Apache HTTP Server
Project are
pleased to announce the release of version 3.2.8 of
mod_python.
This release addresses a vulnerability in mod_python's
FileSession
object whereby a carefully crafted session cookie could
potentially
permit an attacker to execute code on the server.
FileSession was introduced in mod_python 3.2.7 released on
February 15
2006 and is not enabled by default, therefore only a very
small number
of installations, if any, are likely to be affected by this
issue.
There are no other changes or improvements from the previous
version in
this release.
Mod_python is available for download from:
h
ttp://httpd.apache.org/modules/python-download.cgi
For more information about mod_python visit http://www.modpython.org/
Regards,
Gregory Trubetskoy
|