Please Install the Updated Packages.

Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. Running &quot paster serve&quot as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application. (CVE-2012-0878) All paster users should upgrade to this updated package, which contains a backported patch to resolve this issue. All running paster instances configured to drop privileges must be restarted for this update to take effect.

python-paste-script on CentOS 6

• http://lists.centos.org/pipermail/centos-announce/2012-August/018827.html

---

Updated on 2015-03-25