drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in PyXML (Aktualisierung)
Name: |
Denial of Service in PyXML (Aktualisierung) |
|
ID: |
USN-890-4 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 6.06 |
|
Datum: |
Mi, 27. Januar 2010, 08:20 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 |
|
Applikationen: |
PyXML |
|
Update von: |
Denial of Service in expat |
|
Originalnachricht |
--===============5921653704158175119== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="M9NhX3UHpAaciwkO" Content-Disposition: inline
--M9NhX3UHpAaciwkO Content-Type: text/plain; charset=us-ascii Content-Disposition: inlin Content-Transfer-Encoding: quoted-printable
=========================================================== Ubuntu Security Notice USN-890-4 January 26, 2010 python-xml vulnerabilities CVE-2009-3560, CVE-2009-3720 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: python2.4-xml 0.8.4-1ubuntu3.1
After a standard system upgrade you need to restart any applications that use PyXML to effect the necessary changes.
Details follow:
USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML.
Original advisory details:
Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720) It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. (CVE-2009-3560)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
python-xml_0.8.4-1ubuntu3.1.diff.gz Size/MD5: 26092 7b735067d5b8494bfa9479a38b1f971f python-xml_0.8.4-1ubuntu3.1.dsc Size/MD5: 663 064ad0d03d81132088df42f78850bfd7 python-xml_0.8.4.orig.tar.gz Size/MD5: 734751 04fc1685542b32c1948c2936dfb6ba0e
Architecture independent packages:
python-xml_0.8.4-1ubuntu3.1_all.deb Size/MD5: 11568 253250bca793d626d3f651a116259b00 xbel-utils_0.8.4-1ubuntu3.1_all.deb Size/MD5: 25206 e73978eb774cf39690739f0908fb32dc xbel_0.8.4-1ubuntu3.1_all.deb Size/MD5: 24392 e4bab68a86bd7fb0dd85d39268716a64
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
python2.4-xml_0.8.4-1ubuntu3.1_amd64.deb Size/MD5: 717460 763ab0e82cbd3767958753060145c5ab
i386 architecture (x86 compatible Intel/AMD):
python2.4-xml_0.8.4-1ubuntu3.1_i386.deb Size/MD5: 708074 e34c9a1bdaaef83eb885104360d9e94f
powerpc architecture (Apple Macintosh G3/G4/G5):
python2.4-xml_0.8.4-1ubuntu3.1_powerpc.deb Size/MD5: 716638 8ee8326bb735b20b18f0335c4485aadb
sparc architecture (Sun SPARC/UltraSPARC):
python2.4-xml_0.8.4-1ubuntu3.1_sparc.deb Size/MD5: 706208 11751f3c1654c648dd145c88afc3002c
--M9NhX3UHpAaciwkO Content-Type: application/pgp-signature; name,ignature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAktfQUoACgkQW0JvuRdL8Bp4UwCdE/Ajq29Rkk85/1lsmQlFWCul ZD8An3hhQZZ631h0hVPYd0iLjyrHDIq8
|
|
|
|