Synopsis: Moderate: PyXML security update
Issue date: 2010-01-04
CVE Names: CVE-2009-3720
A buffer over-read flaw was found in the way PyXML's Expat parser
handled malformed UTF-8 sequences when processing XML files. A
specially-crafted XML file could cause Python applications using PyXML's
Expat parser to crash while parsing the file. (CVE-2009-3720)
This update makes PyXML use the system Expat library rather than its own
internal copy; therefore, users must install the December 2009 expat
security update, together with this PyXML update to resolve the
CVE-2009-3720 issue.
After installing this update along with the December 2009 expat security
update, applications using the PyXML library must be restarted for the
update to take effect.
SL 4.x
SRPMS:
PyXML-0.8.3-6.el4_8.2.src.rpm
i386:
PyXML-0.8.3-6.el4_8.2.i386.rpm
x86_64:
PyXML-0.8.3-6.el4_8.2.x86_64.rpm
SL 5.x
SRPMS:
PyXML-0.8.4-4.el5_4.2.src.rpm
i386:
PyXML-0.8.4-4.el5_4.2.i386.rpm
x86_64:
PyXML-0.8.4-4.el5_4.2.x86_64.rpm
-Connie Sieh
-Troy Dawson
