Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2009:1572
HistoryNov 10, 2009 - 9:28 p.m.

4Suite security update

2009-11-1021:28:54
CentOS Project
lists.centos.org
47

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.032 Low

EPSS

Percentile

91.1%

JSON

CentOS Errata and Security Advisory CESA-2009:1572

The 4Suite package contains XML-related tools and libraries for Python,
including 4DOM, 4XSLT, 4XPath, 4RDF, and 4XPointer.

A buffer over-read flaw was found in the way 4Suite’s XML parser handles
malformed UTF-8 sequences when processing XML files. A specially-crafted
XML file could cause applications using the 4Suite library to crash while
parsing the file. (CVE-2009-3720)

Note: In Red Hat Enterprise Linux 3, this flaw only affects a non-default
configuration of the 4Suite package: configurations where the beta version
of the cDomlette module is enabled.

All 4Suite users should upgrade to this updated package, which contains a
backported patch to correct this issue. After installing the updated
package, applications using the 4Suite XML-related tools and libraries must
be restarted for the update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-November/078474.html
https://lists.centos.org/pipermail/centos-announce/2009-November/078475.html
https://lists.centos.org/pipermail/centos-announce/2009-November/078476.html
https://lists.centos.org/pipermail/centos-announce/2009-November/078477.html

Affected packages:
4Suite

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1572

Related

openvas 92
nessus 63
fedora 20
redhat 3
httpd 2
centos 2
altlinux 2
veracode 1
oraclelinux 3
freebsd 2
prion 1
ubuntucve 2
cve 1
debiancve 1
f5 1
ubuntu 2
debian 1
openvas
openvas
Fedora Update for whatsup FEDORA-2011-2801
2011-03-24 00:00:00
Fedora Core 10 FEDORA-2009-10949 (PyXML)
2009-11-11 00:00:00
Fedora Update for udunits2 FEDORA-2010-17819
2010-12-02 00:00:00
nessus
nessus
Fedora 14 : SimGear-2.0.0-5.fc14 (2011-5727)
2011-05-02 00:00:00
RHEL 3 / 4 : 4Suite (RHSA-2009:1572)
2009-11-11 00:00:00
Fedora 12 : libtlen-0-0.10.20060309.fc12 (2010-17762)
2010-11-22 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: SimGear-2.0.0-5.fc15
2011-04-26 16:26:08
[SECURITY] Fedora 14 Update: whatsup-1.12-1.fc14
2011-03-15 21:53:30
[SECURITY] Fedora 10 Update: python-4Suite-XML-1.0.2-8.fc10
2009-11-04 12:20:09
redhat
redhat
(RHSA-2010:0002) Moderate: PyXML security update
2010-01-04 00:00:00
(RHSA-2009:1572) Moderate: 4Suite security update
2009-11-10 00:00:00
(RHSA-2009:1625) Moderate: expat security update
2009-12-07 00:00:00
httpd
httpd
Apache Httpd < 2.0.64 : expat DoS
2009-08-21 00:00:00
Apache Httpd < 2.2.17 : expat DoS
2009-08-21 00:00:00
centos
centos
PyXML security update
2010-01-04 23:32:13
expat security update
2009-12-07 23:34:29
altlinux
altlinux
Security fix for the ALT Linux 5 package centerim version 4.22.10-alt0.M50P.1
2011-01-13 00:00:00
Security fix for the ALT Linux 5 package centerim version 4.22.10-alt1
2010-11-24 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:55:28
oraclelinux
oraclelinux
PyXML security update
2010-01-04 00:00:00
4Suite security update
2009-11-10 00:00:00
expat security update
2009-12-07 00:00:00
freebsd
freebsd
expat2 -- Parser crash with specially formatted UTF-8 sequences
2009-01-17 00:00:00
apr -- multiple vunerabilities
2010-10-02 00:00:00
prion
prion
Buffer overflow
2009-11-03 16:30:00
ubuntucve
ubuntucve
CVE-2009-3720
2009-11-03 00:00:00
CVE-2009-2625
2009-08-06 00:00:00
cve
cve
CVE-2009-3720
2009-11-03 16:30:00
debiancve
debiancve
CVE-2009-3720
2009-11-03 16:30:00
f5
f5
SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2014-12-11 00:00:00
ubuntu
ubuntu
Python 2.4 vulnerabilities
2010-01-22 00:00:00
XML-RPC for C and C++ vulnerabilities
2010-02-18 00:00:00
debian
debian
[SECURITY] [DSA-1977-1] New python packages fix several vulnerabilities
2010-01-25 22:01:20

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.032 Low

EPSS

Percentile

91.1%

JSON
Related for CESA-2009:1572
openvas92nessus63fedora20redhat3httpd2centos2altlinux2veracode1oraclelinux3freebsd2prion1ubuntucve2cve1debiancve1f51ubuntu2debian1