Main Archive Page > Month Archives  > full-disclosure-uk archives

[USN-890-4] PyXML vulnerabilities

From: Jamie Strandboge <jamie_at_nospam>
Date: Tue Jan 26 2010 - 19:23:55 GMT
To: ubuntu-security-announce@lists.ubuntu.com

---

Ubuntu Security Notice USN-890-4 January 26, 2010 python-xml vulnerabilities
CVE-2009-3560, CVE-2009-3720

---

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: python2.4-xml 0.8.4-1ubuntu3.1

After a standard system upgrade you need to restart any applications that use PyXML to effect the necessary changes.

Details follow:

USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML.

Original advisory details:

 Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did  not properly process malformed XML. If a user or application linked against  Expat were tricked into opening a crafted XML file, an attacker could cause  a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)  

 It was discovered that Expat did not properly process malformed UTF-8  sequences. If a user or application linked against Expat were tricked into  opening a crafted XML file, an attacker could cause a denial of service via  application crash. (CVE-2009-3560)

Updated packages for Ubuntu 6.06 LTS:

  Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4-1ubuntu3.1.diff.gz Size/MD5: 26092 7b735067d5b8494bfa9479a38b1f971f http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4-1ubuntu3.1.dsc Size/MD5: 663 064ad0d03d81132088df42f78850bfd7 http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4.orig.tar.gz Size/MD5: 734751 04fc1685542b32c1948c2936dfb6ba0e

  Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8.4-1ubuntu3.1_all.deb Size/MD5: 11568 253250bca793d626d3f651a116259b00 http://security.ubuntu.com/ubuntu/pool/universe/p/python-xml/xbel-utils_0.8.4-1ubuntu3.1_all.deb Size/MD5: 25206 e73978eb774cf39690739f0908fb32dc http://security.ubuntu.com/ubuntu/pool/universe/p/python-xml/xbel_0.8.4-1ubuntu3.1_all.deb Size/MD5: 24392 e4bab68a86bd7fb0dd85d39268716a64

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_amd64.deb       Size/MD5: 717460 763ab0e82cbd3767958753060145c5ab

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_i386.deb       Size/MD5: 708074 e34c9a1bdaaef83eb885104360d9e94f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_powerpc.deb       Size/MD5: 716638 8ee8326bb735b20b18f0335c4485aadb

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_0.8.4-1ubuntu3.1_sparc.deb       Size/MD5: 706208 11751f3c1654c648dd145c88afc3002c

-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

• This message: [ Message body ]
• Next message: Kurt Buff: "Re: [Full-disclosure] Disk wiping -- An alternate approach?"
• Previous message: T Biehn: "Re: [Full-disclosure] Disk wiping -- An alternate approach?"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]