Ubuntu 890-4: PyXML vulnerabilities

    Date26 Jan 2010
    CategoryUbuntu
    84
    Posted ByLinuxSecurity Advisories
    USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML.
    ===========================================================
    Ubuntu Security Notice USN-890-4           January 26, 2010
    python-xml vulnerabilities
    CVE-2009-3560, CVE-2009-3720
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      python2.4-xml                   0.8.4-1ubuntu3.1
    
    After a standard system upgrade you need to restart any applications that
    use PyXML to effect the necessary changes.
    
    Details follow:
    
    USN-890-1 fixed vulnerabilities in Expat. This update provides the
    corresponding updates for PyXML.
    
    Original advisory details:
    
     Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
     not properly process malformed XML. If a user or application linked against
     Expat were tricked into opening a crafted XML file, an attacker could cause
     a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
     
     It was discovered that Expat did not properly process malformed UTF-8
     sequences. If a user or application linked against Expat were tricked into
     opening a crafted XML file, an attacker could cause a denial of service via
     application crash. (CVE-2009-3560)
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4-1ubuntu3.1.diff.gz
          Size/MD5:    26092 7b735067d5b8494bfa9479a38b1f971f
        http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4-1ubuntu3.1.dsc
          Size/MD5:      663 064ad0d03d81132088df42f78850bfd7
        http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4.orig.tar.gz
          Size/MD5:   734751 04fc1685542b32c1948c2936dfb6ba0e
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4-1ubuntu3.1_all.deb
          Size/MD5:    11568 253250bca793d626d3f651a116259b00
        http://security.ubuntu.com/ubuntu/pool/universe/p/python-xml/xbel-utils_0.8.4-1ubuntu3.1_all.deb
          Size/MD5:    25206 e73978eb774cf39690739f0908fb32dc
        http://security.ubuntu.com/ubuntu/pool/universe/p/python-xml/xbel_0.8.4-1ubuntu3.1_all.deb
          Size/MD5:    24392 e4bab68a86bd7fb0dd85d39268716a64
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_amd64.deb
          Size/MD5:   717460 763ab0e82cbd3767958753060145c5ab
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_i386.deb
          Size/MD5:   708074 e34c9a1bdaaef83eb885104360d9e94f
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_powerpc.deb
          Size/MD5:   716638 8ee8326bb735b20b18f0335c4485aadb
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_sparc.deb
          Size/MD5:   706208 11751f3c1654c648dd145c88afc3002c
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.