This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Oracle Linux host is missing a security update.
From Red Hat Security Advisory 2010:0002 :
An updated PyXML package that fixes one security issue is now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
PyXML provides XML libraries for Python. The distribution contains a
validating XML parser, an implementation of the SAX and DOM
programming interfaces, and an interface to the Expat parser.
A buffer over-read flaw was found in the way PyXML's Expat parser
handled malformed UTF-8 sequences when processing XML files. A
specially crafted XML file could cause Python applications using
PyXML's Expat parser to crash while parsing the file. (CVE-2009-3720)
This update makes PyXML use the system Expat library rather than its
own internal copy
therefore, users must install the RHSA-2009:1625
expat update together with this PyXML update to resolve the
All PyXML users should upgrade to this updated package, which changes
PyXML to use the system Expat library. After installing this update
along with RHSA-2009:1625, applications using the PyXML library must
be restarted for the update to take effect.
See also :
Update the affected pyxml package.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true