Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Ubuntu 6.06 LTS USN-890-4 Critical: PyXML Denial Of Service Issues

Calendar Jan 26, 2010 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service update critical ubuntu python xml pyxml
USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. 
==========================================================Ubuntu Security Notice USN-890-4           January 26, 2010
python-xml vulnerabilities
CVE-2009-3560, CVE-2009-3720
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  python2.4-xml                   0.8.4-1ubuntu3.1

After a standard system upgrade you need to restart any applications that
use PyXML to effect the necessary changes.

Details follow:

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for PyXML.

Original advisory details:

 Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
 not properly process malformed XML. If a user or application linked against
 Expat were tricked into opening a crafted XML file, an attacker could cause
 a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
 
 It was discovered that Expat did not properly process malformed UTF-8
 sequences. If a user or application linked against Expat were tricked into
 opening a crafted XML file, an attacker could cause a denial of service via
 application crash. (CVE-2009-3560)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    26092 7b735067d5b8494bfa9479a38b1f971f
          Size/MD5:      663 064ad0d03d81132088df42f78850bfd7
          Size/MD5:   734751 04fc1685542b32c1948c2936dfb6ba0e

  Architecture independent packages:

          Size/MD5:    11568 253250bca793d626d3f651a116259b00
          Size/MD5:    25206 e73978eb774cf39690739f0908fb32dc
          Size/MD5:    24392 e4bab68a86bd7fb0dd85d39268716a64

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   717460 763ab0e82cbd3767958753060145c5ab

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   708074 e34c9a1bdaaef83eb885104360d9e94f

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   716638 8ee8326bb735b20b18f0335c4485aadb

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   706208 11751f3c1654c648dd145c88afc3002c

Ubuntu 6.06 LTS USN-890-4 Critical: PyXML Denial Of Service Issues

ubuntu
Calendar Grey January 26, 2010
Dist Ubuntu Esm H88
Explore the essential Python XML security risks present in Ubuntu and follow the guidelines to effectively update your system.
USN-890-1 fixed vulnerabilities in Expat

Summary

Topics%20covered

Topics Covered

security advisory denial of service update critical ubuntu python xml pyxml

Update Instructions

References

Severity
critical
Lowest
Low
Medium
High
Critical

python-xml vulnerabilities

Topics%20covered

Topics Covered

security advisory denial of service update critical ubuntu python xml pyxml

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here