Scientific Linux Security Update : PyXML on SL4.x, SL5.x i386/x86_64

medium Nessus Plugin ID 60713
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Scientific Linux host is missing a security update.

Description

A buffer over-read flaw was found in the way PyXML's Expat parser handled malformed UTF-8 sequences when processing XML files. A specially crafted XML file could cause Python applications using PyXML's Expat parser to crash while parsing the file. (CVE-2009-3720)

This update makes PyXML use the system Expat library rather than its own internal copy; therefore, users must install the December 2009 expat security update, together with this PyXML update to resolve the CVE-2009-3720 issue.

After installing this update along with the December 2009 expat security update, applications using the PyXML library must be restarted for the update to take effect.

Solution

Update the affected PyXML package.

See Also

http://www.nessus.org/u?6c05c219

Plugin Details

Severity: Medium

ID: 60713

File Name: sl_20100104_PyXML_on_SL4_x.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/4/2010

Reference Information

CVE: CVE-2009-3720