Scientific Linux Security Update : PyXML on SL4.x, SL5.x i386/x86_64

Medium Nessus Plugin ID 60713


The remote Scientific Linux host is missing a security update.


A buffer over-read flaw was found in the way PyXML's Expat parser handled malformed UTF-8 sequences when processing XML files. A specially crafted XML file could cause Python applications using PyXML's Expat parser to crash while parsing the file. (CVE-2009-3720)

This update makes PyXML use the system Expat library rather than its own internal copy; therefore, users must install the December 2009 expat security update, together with this PyXML update to resolve the CVE-2009-3720 issue.

After installing this update along with the December 2009 expat security update, applications using the PyXML library must be restarted for the update to take effect.


Update the affected PyXML package.

See Also

Plugin Details

Severity: Medium

ID: 60713

File Name: sl_20100104_PyXML_on_SL4_x.nasl

Version: $Revision: 1.2 $

Type: local

Agent: unix

Published: 2012/08/01

Modified: 2014/08/16

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2010/01/04

Reference Information

CVE: CVE-2009-3720