Python 2.4 vulnerabilities

2010-01-2200:00:00

ubuntu.com

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.077 Low

EPSS

Percentile

94.1%

JSON

Releases

Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 6.06

Packages

python2.4 -

Details

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for the PyExpat module in Python 2.4.

Original advisory details:

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)

It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchpython2.4-minimal< 2.4.6-1ubuntu3.2.9.10.1UNKNOWN
Ubuntu9.10noarchpython2.4< 2.4.6-1ubuntu3.2.9.10.1UNKNOWN
Ubuntu9.10noarchpython2.4-dbg< 2.4.6-1ubuntu3.2.9.10.1UNKNOWN
Ubuntu9.10noarchpython2.4-dev< 2.4.6-1ubuntu3.2.9.10.1UNKNOWN
Ubuntu9.04noarchpython2.4-minimal< 2.4.6-1ubuntu3.2.9.04.1UNKNOWN
Ubuntu9.04noarchpython2.4< 2.4.6-1ubuntu3.2.9.04.1UNKNOWN
Ubuntu9.04noarchpython2.4-dbg< 2.4.6-1ubuntu3.2.9.04.1UNKNOWN
Ubuntu9.04noarchpython2.4-dev< 2.4.6-1ubuntu3.2.9.04.1UNKNOWN
Ubuntu8.10noarchpython2.4-minimal< 2.4.5-5ubuntu1.2UNKNOWN
Ubuntu8.10noarchpython2.4< 2.4.5-5ubuntu1.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	9.10	noarch	python2.4-minimal	< 2.4.6-1ubuntu3.2.9.10.1	UNKNOWN
Ubuntu	9.10	noarch	python2.4	< 2.4.6-1ubuntu3.2.9.10.1	UNKNOWN
Ubuntu	9.10	noarch	python2.4-dbg	< 2.4.6-1ubuntu3.2.9.10.1	UNKNOWN
Ubuntu	9.10	noarch	python2.4-dev	< 2.4.6-1ubuntu3.2.9.10.1	UNKNOWN
Ubuntu	9.04	noarch	python2.4-minimal	< 2.4.6-1ubuntu3.2.9.04.1	UNKNOWN
Ubuntu	9.04	noarch	python2.4	< 2.4.6-1ubuntu3.2.9.04.1	UNKNOWN
Ubuntu	9.04	noarch	python2.4-dbg	< 2.4.6-1ubuntu3.2.9.04.1	UNKNOWN
Ubuntu	9.04	noarch	python2.4-dev	< 2.4.6-1ubuntu3.2.9.04.1	UNKNOWN
Ubuntu	8.10	noarch	python2.4-minimal	< 2.4.5-5ubuntu1.2	UNKNOWN
Ubuntu	8.10	noarch	python2.4	< 2.4.5-5ubuntu1.2	UNKNOWN