LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: PyXML vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720) It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)
===========================================================
Ubuntu Security Notice USN-890-4           January 26, 2010
python-xml vulnerabilities
CVE-2009-3560, CVE-2009-3720
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  python2.4-xml                   0.8.4-1ubuntu3.1

After a standard system upgrade you need to restart any applications that
use PyXML to effect the necessary changes.

Details follow:

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for PyXML.

Original advisory details:

 Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
 not properly process malformed XML. If a user or application linked against
 Expat were tricked into opening a crafted XML file, an attacker could cause
 a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
 
 It was discovered that Expat did not properly process malformed UTF-8
 sequences. If a user or application linked against Expat were tricked into
 opening a crafted XML file, an attacker could cause a denial of service via
 application crash. (CVE-2009-3560)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4-1ubuntu3.1.diff.gz
      Size/MD5:    26092 7b735067d5b8494bfa9479a38b1f971f
    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4-1ubuntu3.1.dsc
      Size/MD5:      663 064ad0d03d81132088df42f78850bfd7
    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4.orig.tar.gz
      Size/MD5:   734751 04fc1685542b32c1948c2936dfb6ba0e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4-1ubuntu3.1_all.deb
      Size/MD5:    11568 253250bca793d626d3f651a116259b00
    http://security.ubuntu.com/ubuntu/pool/universe/p/python-xml/xbel-utils_0.8.4-1ubuntu3.1_all.deb
      Size/MD5:    25206 e73978eb774cf39690739f0908fb32dc
    http://security.ubuntu.com/ubuntu/pool/universe/p/python-xml/xbel_0.8.4-1ubuntu3.1_all.deb
      Size/MD5:    24392 e4bab68a86bd7fb0dd85d39268716a64

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_amd64.deb
      Size/MD5:   717460 763ab0e82cbd3767958753060145c5ab

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_i386.deb
      Size/MD5:   708074 e34c9a1bdaaef83eb885104360d9e94f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_powerpc.deb
      Size/MD5:   716638 8ee8326bb735b20b18f0335c4485aadb

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_sparc.deb
      Size/MD5:   706208 11751f3c1654c648dd145c88afc3002c




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.