[USN-890-2] Python 2.5 vulnerabilities

By | 2010/01/21

The following security announcement applies to Python. If you have Python installed, please see below for details on the vulnerability and instructions on patching your system:

USN-890-1 fixed vulnerabilities in Expat. This update provides the
corresponding updates for the PyExpat module in Python 2.5.

Original advisory details:

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did
not properly process malformed XML. If a user or application linked against
Expat were tricked into opening a crafted XML file, an attacker could cause
a denial of service via application crash. (CVE-2009-2625, CVE-2009-3720)

It was discovered that Expat did not properly process malformed UTF-8
sequences. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of service via
application crash. (CVE-2009-3560).

The above security vulnerabilities apply to the following Ubuntu releases:

  • Ubuntu 8.04 LTS
  • Ubuntu 8.10
  • Ubuntu 9.04
  • Ubuntu 9.10

If you are have this utility installed on your Ubuntu system you’ll need to apply the security update to be protected. Please follow the steps below to ensure your system is properly patched:

Apply Updates

To apply the updates run the following command(s) within your Terminal:

sudo aptitude update
sudo aptitude safe-upgrade

After a standard system upgrade you need to restart any Python applications that use the PyExpat module to effect the necessary changes.

One thought on “[USN-890-2] Python 2.5 vulnerabilities

  1. Theofanis Siampos

    Hopefully,these don’t happen at ubuntu 10

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.