Scientific Linux Security Update : PyXML on SL4.x, SL5.x i386/x86_64
Medium Nessus Plugin ID 60713
SynopsisThe remote Scientific Linux host is missing a security update.
DescriptionA buffer over-read flaw was found in the way PyXML's Expat parser handled malformed UTF-8 sequences when processing XML files. A specially crafted XML file could cause Python applications using PyXML's Expat parser to crash while parsing the file. (CVE-2009-3720)
This update makes PyXML use the system Expat library rather than its own internal copy; therefore, users must install the December 2009 expat security update, together with this PyXML update to resolve the CVE-2009-3720 issue.
After installing this update along with the December 2009 expat security update, applications using the PyXML library must be restarted for the update to take effect.
SolutionUpdate the affected PyXML package.