Moderate: PyXML security update
| Advisory: | RHSA-2010:0002-1 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2010-01-04 |
| Last updated on: | 2010-01-04 |
| Affected Products: | Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux AS (v. 4.8.z) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux ES (v. 4.8.z) Red Hat Enterprise Linux EUS (v. 5.4.z server) Red Hat Enterprise Linux WS (v. 4) |
| CVEs (cve.mitre.org): |
CVE-2009-3720 |
Details
An updated PyXML package that fixes one security issue is now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
PyXML provides XML libraries for Python. The distribution contains a
validating XML parser, an implementation of the SAX and DOM programming
interfaces, and an interface to the Expat parser.
A buffer over-read flaw was found in the way PyXML's Expat parser handled
malformed UTF-8 sequences when processing XML files. A specially-crafted
XML file could cause Python applications using PyXML's Expat parser to
crash while parsing the file. (CVE-2009-3720)
This update makes PyXML use the system Expat library rather than its own
internal copy; therefore, users must install the RHSA-2009:1625 expat
update together with this PyXML update to resolve the CVE-2009-3720 issue.
All PyXML users should upgrade to this updated package, which changes PyXML
to use the system Expat library. After installing this update along with
RHSA-2009:1625, applications using the PyXML library must be restarted for
the update to take effect.
Solution
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
Updated packages
| Red Hat Desktop (v. 4) | |
| SRPMS: | |
| PyXML-0.8.3-6.el4_8.2.src.rpm | MD5: 78609e893053df138cf21c50431b4541 |
| IA-32: | |
| PyXML-0.8.3-6.el4_8.2.i386.rpm | MD5: 5c509fac5edbf29e59433fe0fe37e2e5 |
| x86_64: | |
| PyXML-0.8.3-6.el4_8.2.x86_64.rpm | MD5: c4f0780601cd360e1d4a0fbd311237c1 |
| Red Hat Enterprise Linux (v. 5 server) | |
| SRPMS: | |
| PyXML-0.8.4-4.el5_4.2.src.rpm File outdated by: RHBA-2011:1460 |
MD5: 2e6beb351127dce8f641ef3ee0035da1 |
| IA-32: | |
| PyXML-0.8.4-4.el5_4.2.i386.rpm File outdated by: RHBA-2011:1460 |
MD5: 9076db699ab6d468381bd8062feeae46 |
| IA-64: | |
| PyXML-0.8.4-4.el5_4.2.ia64.rpm File outdated by: RHBA-2011:1460 |
MD5: 8823cd74e45de3b2652605188e32ade8 |
| PPC: | |
| PyXML-0.8.4-4.el5_4.2.ppc.rpm File outdated by: RHBA-2011:1460 |
MD5: e8299def033aff39e0230199e92c17ef |
| s390x: | |
| PyXML-0.8.4-4.el5_4.2.s390x.rpm File outdated by: RHBA-2011:1460 |
MD5: 1bf4e093ed68830dd6e11175309c474d |
| x86_64: | |
| PyXML-0.8.4-4.el5_4.2.x86_64.rpm File outdated by: RHBA-2011:1460 |
MD5: bc845497147ef1ca8db8b9da0b3c177c |
| Red Hat Enterprise Linux AS (v. 4) | |
| SRPMS: | |
| PyXML-0.8.3-6.el4_8.2.src.rpm | MD5: 78609e893053df138cf21c50431b4541 |
| IA-32: | |
| PyXML-0.8.3-6.el4_8.2.i386.rpm | MD5: 5c509fac5edbf29e59433fe0fe37e2e5 |
| IA-64: | |
| PyXML-0.8.3-6.el4_8.2.ia64.rpm | MD5: 309dd110f1656c64709241f30439bf7a |
| PPC: | |
| PyXML-0.8.3-6.el4_8.2.ppc.rpm | MD5: 9a986017ca26d0f1e88890204358ee73 |
| s390: | |
| PyXML-0.8.3-6.el4_8.2.s390.rpm | MD5: 5791fcd15192acf429c7519c1c72e14b |
| s390x: | |
| PyXML-0.8.3-6.el4_8.2.s390x.rpm | MD5: b1371fcdccb42558b4ae5225a136db71 |
| x86_64: | |
| PyXML-0.8.3-6.el4_8.2.x86_64.rpm | MD5: c4f0780601cd360e1d4a0fbd311237c1 |
| Red Hat Enterprise Linux AS (v. 4.8.z) | |
| SRPMS: | |
| PyXML-0.8.3-6.el4_8.2.src.rpm | MD5: 78609e893053df138cf21c50431b4541 |
| IA-32: | |
| PyXML-0.8.3-6.el4_8.2.i386.rpm | MD5: 5c509fac5edbf29e59433fe0fe37e2e5 |
| IA-64: | |
| PyXML-0.8.3-6.el4_8.2.ia64.rpm | MD5: 309dd110f1656c64709241f30439bf7a |
| PPC: | |
| PyXML-0.8.3-6.el4_8.2.ppc.rpm | MD5: 9a986017ca26d0f1e88890204358ee73 |
| s390: | |
| PyXML-0.8.3-6.el4_8.2.s390.rpm | MD5: 5791fcd15192acf429c7519c1c72e14b |
| s390x: | |
| PyXML-0.8.3-6.el4_8.2.s390x.rpm | MD5: b1371fcdccb42558b4ae5225a136db71 |
| x86_64: | |
| PyXML-0.8.3-6.el4_8.2.x86_64.rpm | MD5: c4f0780601cd360e1d4a0fbd311237c1 |
| Red Hat Enterprise Linux Desktop (v. 5 client) | |
| SRPMS: | |
| PyXML-0.8.4-4.el5_4.2.src.rpm File outdated by: RHBA-2011:1460 |
MD5: 2e6beb351127dce8f641ef3ee0035da1 |
| IA-32: | |
| PyXML-0.8.4-4.el5_4.2.i386.rpm File outdated by: RHBA-2011:1460 |
MD5: 9076db699ab6d468381bd8062feeae46 |
| x86_64: | |
| PyXML-0.8.4-4.el5_4.2.x86_64.rpm File outdated by: RHBA-2011:1460 |
MD5: bc845497147ef1ca8db8b9da0b3c177c |
| Red Hat Enterprise Linux ES (v. 4) | |
| SRPMS: | |
| PyXML-0.8.3-6.el4_8.2.src.rpm | MD5: 78609e893053df138cf21c50431b4541 |
| IA-32: | |
| PyXML-0.8.3-6.el4_8.2.i386.rpm | MD5: 5c509fac5edbf29e59433fe0fe37e2e5 |
| IA-64: | |
| PyXML-0.8.3-6.el4_8.2.ia64.rpm | MD5: 309dd110f1656c64709241f30439bf7a |
| x86_64: | |
| PyXML-0.8.3-6.el4_8.2.x86_64.rpm | MD5: c4f0780601cd360e1d4a0fbd311237c1 |
| Red Hat Enterprise Linux ES (v. 4.8.z) | |
| SRPMS: | |
| PyXML-0.8.3-6.el4_8.2.src.rpm | MD5: 78609e893053df138cf21c50431b4541 |
| IA-32: | |
| PyXML-0.8.3-6.el4_8.2.i386.rpm | MD5: 5c509fac5edbf29e59433fe0fe37e2e5 |
| IA-64: | |
| PyXML-0.8.3-6.el4_8.2.ia64.rpm | MD5: 309dd110f1656c64709241f30439bf7a |
| x86_64: | |
| PyXML-0.8.3-6.el4_8.2.x86_64.rpm | MD5: c4f0780601cd360e1d4a0fbd311237c1 |
| Red Hat Enterprise Linux EUS (v. 5.4.z server) | |
| SRPMS: | |
| PyXML-0.8.4-4.el5_4.2.src.rpm File outdated by: RHBA-2011:1460 |
MD5: 2e6beb351127dce8f641ef3ee0035da1 |
| IA-32: | |
| PyXML-0.8.4-4.el5_4.2.i386.rpm | MD5: 9076db699ab6d468381bd8062feeae46 |
| IA-64: | |
| PyXML-0.8.4-4.el5_4.2.ia64.rpm | MD5: 8823cd74e45de3b2652605188e32ade8 |
| PPC: | |
| PyXML-0.8.4-4.el5_4.2.ppc.rpm | MD5: e8299def033aff39e0230199e92c17ef |
| s390x: | |
| PyXML-0.8.4-4.el5_4.2.s390x.rpm | MD5: 1bf4e093ed68830dd6e11175309c474d |
| x86_64: | |
| PyXML-0.8.4-4.el5_4.2.x86_64.rpm | MD5: bc845497147ef1ca8db8b9da0b3c177c |
| Red Hat Enterprise Linux WS (v. 4) | |
| SRPMS: | |
| PyXML-0.8.3-6.el4_8.2.src.rpm | MD5: 78609e893053df138cf21c50431b4541 |
| IA-32: | |
| PyXML-0.8.3-6.el4_8.2.i386.rpm | MD5: 5c509fac5edbf29e59433fe0fe37e2e5 |
| IA-64: | |
| PyXML-0.8.3-6.el4_8.2.ia64.rpm | MD5: 309dd110f1656c64709241f30439bf7a |
| x86_64: | |
| PyXML-0.8.3-6.el4_8.2.x86_64.rpm | MD5: c4f0780601cd360e1d4a0fbd311237c1 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences
References
http://www.redhat.com/security/updates/classification/#moderate
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
