PyXML-0.8.4-4.AXS3.2

エラータID: AXSA:2010-22:01

Release date: 
Wednesday, January 6, 2010 - 21:42
Subject: 
PyXML-0.8.4-4.AXS3.2
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
Moderate
Description: 

An XML package for Python. The distribution contains a validating XML parser, an implementation of the SAX and DOM programming interfaces and an interface to the Expat parser.
Security bugs fixed with this release:
CVE-2009-3720
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.

Solution: 

Update packages.

CVEs: 
CVE-2009-3720
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.


Additional Info: 

N/A

Download: 

SRPMS
  1. PyXML-0.8.4-4.AXS3.2.src.rpm
    MD5: d249b5bd21b485ea6aff778c6b5a7831
    SHA-256: c21d9668482f68201e5addcda0641003cb8e63edd80f506614bdf1375e3d6950
    Size: 726.74 kB

Asianux Server 3 for x86
  1. PyXML-0.8.4-4.AXS3.2.i386.rpm
    MD5: ac0fcd85c4d5b00ac35e4327a53ae667
    SHA-256: 3744dd541a47f473824a769903867e394a571b06ebfb852530250f9995c8ff60
    Size: 1.06 MB

Asianux Server 3 for x86_64
  1. PyXML-0.8.4-4.AXS3.2.x86_64.rpm
    MD5: 276fb8913881aa66771e301f0977e641
    SHA-256: 9ada02bbdf2b550e48dc1439584d7b10a2aa3a44e3a0164d70947e32bc54259f
    Size: 1.06 MB