Rapid7 Vulnerability & Exploit Database

RHSA-2010:0002: PyXML security update

Back to Search

RHSA-2010:0002: PyXML security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
11/03/2009
Created
07/25/2018
Added
01/13/2010
Modified
07/04/2017

Description

PyXML provides XML libraries for Python. The distribution contains avalidating XML parser, an implementation of the SAX and DOM programminginterfaces, and an interface to the Expat parser.A buffer over-read flaw was found in the way PyXML's Expat parser handledmalformed UTF-8 sequences when processing XML files. A specially-craftedXML file could cause Python applications using PyXML's Expat parser tocrash while parsing the file. (CVE-2009-3720)This update makes PyXML use the system Expat library rather than its owninternal copy; therefore, users must install the RHSA-2009:1625 expatupdate together with this PyXML update to resolve the CVE-2009-3720 issue.All PyXML users should upgrade to this updated package, which changes PyXMLto use the system Expat library. After installing this update along withRHSA-2009:1625, applications using the PyXML library must be restarted forthe update to take effect.

Solution(s)

  • redhat-upgrade-pyxml

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;