1.43. dstat
1.43.1. RHSA-2009:1619: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1619
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Dstat is a versatile replacement for the vmstat, iostat, and netstat tools. Dstat can be used for performance tuning tests, benchmarks, and troubleshooting.
Robert Buchholz of the Gentoo Security Team reported a flaw in the Python module search path used in dstat. If a local attacker could trick a local user into running dstat from a directory containing a Python script that is named like an importable module, they could execute arbitrary code with the privileges of the user running dstat. (CVE-2009-3894)
All dstat users should upgrade to this updated package, which contains a backported patch to correct this issue.