RHSA-2010:0002: Moderate: PyXML security update
PyXML provides XML libraries for Python. The distribution contains avalidating XML parser, an implementation of the SAX and DOM programminginterfaces, and an interface to the Expat parser.A buffer over-read flaw was found in the way PyXML's Expat parser handledmalformed UTF-8 sequences when processing XML files. A specially-craftedXML file could cause Python applications using PyXML's Expat parser tocrash while parsing the file. (CVE-2009-3720)This update makes PyXML use the system Expat library rather than its owninternal copy; therefore, users must install the RHSA-2009:1625 expatupdate together with this PyXML update to resolve the CVE-2009-3720 issue.All PyXML users should upgrade to this updated package, which changes PyXMLto use the system Expat library. After installing this update along withRHSA-2009:1625, applications using the PyXML library must be restarted forthe update to take effect.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2010:0002?
The severity of RHSA-2010:0002 is classified as moderate.
How do I fix RHSA-2010:0002?
To fix RHSA-2010:0002, it is recommended to update the PyXML package to the latest version provided by your distribution.
What type of vulnerability is associated with RHSA-2010:0002?
RHSA-2010:0002 describes a buffer over-read flaw in the Expat parser used by PyXML.
Which software components are affected by RHSA-2010:0002?
RHSA-2010:0002 affects the PyXML library which provides XML parsing capabilities for Python.
What can be exploited in RHSA-2010:0002?
The vulnerability in RHSA-2010:0002 can potentially be exploited through specially crafted XML data leading to an application crash or unexpected behavior.