Mandriva Linux Security Advisory 2009-063 – Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current eog working directory. This update provides fix for that vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/75339/MDVSA-2009-063.txt
Source: https://packetstormsecurity.com/files/75339/Mandriva-Linux-Security-Advisory-2009-063.html