CVE-2009-0367

Publication date 5 March 2009

Last updated 24 July 2024

Ubuntu priority

Description

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
wesnoth	8.10 intrepid	Fixed 1:1.4.5-1ubuntu0.2
	8.04 LTS hardy	Fixed 1:1.4-1ubuntu0.1
	7.10 gutsy	Fixed 1.2.6-1ubuntu2.5
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
wesnoth	Debdiff: https://bugs.launchpad.net/ubuntu/hardy/+source/wesnoth/+bug/336396

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0367