Rapid7 Vulnerability & Exploit Database

RHSA-2009:1572: 4Suite security update

Back to Search

RHSA-2009:1572: 4Suite security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
11/03/2009
Created
07/25/2018
Added
11/12/2009
Modified
07/04/2017

Description

The 4Suite package contains XML-related tools and libraries for Python,including 4DOM, 4XSLT, 4XPath, 4RDF, and 4XPointer.A buffer over-read flaw was found in the way 4Suite's XML parser handlesmalformed UTF-8 sequences when processing XML files. A specially-craftedXML file could cause applications using the 4Suite library to crash whileparsing the file. (CVE-2009-3720)Note: In Red Hat Enterprise Linux 3, this flaw only affects a non-defaultconfiguration of the 4Suite package: configurations where the beta versionof the cDomlette module is enabled.All 4Suite users should upgrade to this updated package, which contains abackported patch to correct this issue. After installing the updatedpackage, applications using the 4Suite XML-related tools and libraries mustbe restarted for the update to take effect.

Solution(s)

  • redhat-upgrade-4suite

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;