Lucene search

UbuntuUSN-890-4

HistoryJan 26, 2010 - 12:00 a.m.

PyXML vulnerabilities

2010-01-2600:00:00

ubuntu.com

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.129 Low

EPSS

Percentile

95.4%

JSON

Releases

Ubuntu 6.06

Packages

python-xml -

Details

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for PyXML.

Original advisory details:

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)

It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560)

OSVersionArchitecturePackageVersionFilename
Ubuntu6.06noarchpython2.4-xml< 0.8.4-1ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	6.06	noarch	python2.4-xml	< 0.8.4-1ubuntu3.1	UNKNOWN

References

ubuntu.com/security/CVE-2009-3560

ubuntu.com/security/CVE-2009-3720

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.129 Low

EPSS

Percentile

95.4%

JSON

Related for USN-890-4