Scientific Linux Security Update : PyXML on SL4.x, SL5.x i386/x86_64

medium Nessus Plugin ID 60713

Synopsis

The remote Scientific Linux host is missing a security update.

Description

A buffer over-read flaw was found in the way PyXML's Expat parser handled malformed UTF-8 sequences when processing XML files. A specially crafted XML file could cause Python applications using PyXML's Expat parser to crash while parsing the file. (CVE-2009-3720)

This update makes PyXML use the system Expat library rather than its own internal copy; therefore, users must install the December 2009 expat security update, together with this PyXML update to resolve the CVE-2009-3720 issue.

After installing this update along with the December 2009 expat security update, applications using the PyXML library must be restarted for the update to take effect.

Solution

Update the affected PyXML package.

See Also

http://www.nessus.org/u?6c05c219

Plugin Details

Severity: Medium

ID: 60713

File Name: sl_20100104_PyXML_on_SL4_x.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/4/2010

Reference Information

CVE: CVE-2009-3720