CESA-2010:0002 -- centos 4 i386 PyXMLID: oval:org.secpod.oval:def:200053 | Date: (C)2012-01-31 (M)2024-02-29 |
Class: PATCH | Family: unix |
PyXML provides XML libraries for Python. The distribution contains a validating XML parser, an implementation of the SAX and DOM programming interfaces, and an interface to the Expat parser. A buffer over-read flaw was found in the way PyXML"s Expat parser handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause Python applications using PyXML"s Expat parser to crash while parsing the file. This update makes PyXML use the system Expat library rather than its own internal copy; therefore, users must install the RHSA-2009:1625 expat update together with this PyXML update to resolve the CVE-2009-3720 issue. All PyXML users should upgrade to this updated package, which changes PyXML to use the system Expat library. After installing this update along with RHSA-2009:1625, applications using the PyXML library must be restarted for the update to take effect.