A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
python2.2 python2.3
The problem can be corrected by upgrading the affected package to version 2.2.3-10ubuntu0.1 (python2.2) and 2.3.4-2ubuntu0.1 (python2.3). After a standard system upgrade you must restart all running Python server applications that use XML-RPC to effect the necessary changes.
Details follow:
The Python developers discovered a flaw in the SimpleXMLRPCServer module. Python XML-RPC servers that used the register_instance() method to register an object, but do not have a _dispatch() method, allowed remote users to access or change function internals using the im_* and func_* attributes.