"Ubuntu Security Notice USN-890-4 January 26, 2010
python-xml vulnerabilities
CVE-2009-3560, CVE-2009-3720
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
python2.4-xml 0.8.4-1ubuntu3.1
After a standard system upgrade you need to restart any applications that
use PyXML to effect the necessary changes.
Details follow:
USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for PyXML.
Original advisory details:
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)
It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8=
.4-1ubuntu3.1.diff.gz
Size/MD5: 26092 7b735067d5b8494bfa9479a38b1f971f
http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8=
.4-1ubuntu3.1.dsc
Size/MD5: 663 064ad0d03d81132088df42f78850bfd7
http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8=
.4.orig.tar.gz
Size/MD5: 734751 04fc1685542b32c1948c2936dfb6ba0e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python-xml_0.8=
.4-1ubuntu3.1_all.deb
Size/MD5: 11568 253250bca793d626d3f651a116259b00
http://security.ubuntu.com/ubuntu/pool/universe/p/python-xml/xbel-utils=
_0.8.4-1ubuntu3.1_all.deb
Size/MD5: 25206 e73978eb774cf39690739f0908fb32dc
http://security.ubuntu.com/ubuntu/pool/universe/p/python-xml/xbel_0.8.4=
-1ubuntu3.1_all.deb
Size/MD5: 24392 e4bab68a86bd7fb0dd85d39268716a64
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_=
0.8.4-1ubuntu3.1_amd64.deb
Size/MD5: 717460 763ab0e82cbd3767958753060145c5ab
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_=
0.8.4-1ubuntu3.1_i386.deb
Size/MD5: 708074 e34c9a1bdaaef83eb885104360d9e94f
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_=
0.8.4-1ubuntu3.1_powerpc.deb
Size/MD5: 716638 8ee8326bb735b20b18f0335c4485aadb
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/p/python-xml/python2.4-xml_=
0.8.4-1ubuntu3.1_sparc.deb
Size/MD5: 706208 11751f3c1654c648dd145c88afc3002c
--M9NhX3UHpAaciwkO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAktfQUoACgkQW0JvuRdL8Bp4UwCdE/Ajq29Rkk85/1lsmQlFWCul
ZD8An3hhQZZ631h0hVPYd0iLjyrHDIq8
=/SfE
-----END PGP SIGNATURE-----
"
Victoria fumes as David Beckham has his balls grabbedUSN-890-3: Python 2.4 vulnerabilities
This entry was posted
on 2:32 PM
.
Archives
-
▼
2010
(391)
-
▼
January
(47)
- USN-892-1: FUSE vulnerability
- DSA 1985-1: New sendmail packages fix SSL certific...
- DSA 1978-1: New phpgroupware packages fix several ...
- USN-890-4: PyXML vulnerabilities
- USN-890-3: Python 2.4 vulnerabilities
- DSA 1980-1: New ircd-hybrid/ircd-ratbox packages f...
- USN-890-1: Expat vulnerabilities
- RHSA-2010:0062-02 Moderate: bind security update
- RHSA-2010:0053-01 Important: kernel security and b...
- RHSA-2010:0061-02 Moderate: gzip security update
- DSA-1976-1: New dokuwiki packages fix several vuln...
- DSA-1975-1: Security Support for Debian 4.0 to be ...
- DSA 1974-1: New gzip packages fix arbitrary code e...
- DSA-1972-2: New audiofile packages fix buffer over...
- RHSA-2010:0054-01 Moderate: openssl security update
- RHSA-2010:0041-01 Important: kernel-rt security an...
- DSA-1972-1: New audiofile packages fix buffer over...
- USN-885-1: LibThai vulnerability
- GLSA 201001-06 aria2: Multiple vulnerabilities
- RHSA-2010:0046-01 Important: kernel security and b...
- USN-884-1: OpenSSL vulnerability
- USN-883-1: network-manager-applet vulnerabilities
- USN-886-1: Pidgin vulnerabilities
- DSA-1971-1: New libthai packages fix arbitrary cod...
- GLSA 201001-09 Ruby: Terminal Control Character I...
- RHSA-2010:0044-01 Important: pidgin security update
- RHSA-2010:0029-01 Critical: krb5 security update
- USN-885-1: Transmission vulnerabilities
- GLSA 201001-08 SquirrelMail: Multiple vulnerabili...
- RHSA-2010:0020-01 Important: kernel security update
- RHSA-2010:0038-01 Critical: acroread security update
- DSA-1969-1: New krb5 packages fix denial of service
- USN-878-1: Firefox 3.5 and Xulrunner 1.9.1 regression
- DSA 1968-1: New pdns-recursor packages fix potenti...
- RHSA-2010:0019-01 Important: kernel security update
- RHSA-2010:0018-01 Moderate: dbus security update
- USN-880-1: GIMP vulnerabilities
- USN-877-1: Firefox 3.0 and Xulrunner 1.9 regression
- DSA 1966-1: New horde3 packages fix cross-site scr...
- DSA-1965-1: New phpldapadmin packages fix remote f...
- GLSA 201001-03 PHP: Multiple vulnerabilities
- USN-879-1: Kerberos vulnerability
- RHSA-2010:0003-01 Moderate: gd security update
- RHSA-2010:0002-01 Moderate: PyXML security update
- GLSA 201001-01 NTP: Denial of Service
- GLSA 201001-02 Adobe Flash Player: Multiple vulne...
- DSA-1953-2: New expat packages fix regression
-
▼
January
(47)