5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.03 Low
EPSS
Percentile
91.0%
CentOS Errata and Security Advisory CESA-2009:1572
The 4Suite package contains XML-related tools and libraries for Python,
including 4DOM, 4XSLT, 4XPath, 4RDF, and 4XPointer.
A buffer over-read flaw was found in the way 4Suite’s XML parser handles
malformed UTF-8 sequences when processing XML files. A specially-crafted
XML file could cause applications using the 4Suite library to crash while
parsing the file. (CVE-2009-3720)
Note: In Red Hat Enterprise Linux 3, this flaw only affects a non-default
configuration of the 4Suite package: configurations where the beta version
of the cDomlette module is enabled.
All 4Suite users should upgrade to this updated package, which contains a
backported patch to correct this issue. After installing the updated
package, applications using the 4Suite XML-related tools and libraries must
be restarted for the update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-November/078474.html
https://lists.centos.org/pipermail/centos-announce/2009-November/078475.html
https://lists.centos.org/pipermail/centos-announce/2009-November/078476.html
https://lists.centos.org/pipermail/centos-announce/2009-November/078477.html
Affected packages:
4Suite
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1572
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | 4suite | < 0.11.1-15 | 4Suite-0.11.1-15.i386.rpm |
CentOS | 3 | i386 | 4suite | < 0.11.1-15 | 4Suite-0.11.1-15.i386.rpm |
CentOS | 3 | x86_64 | 4suite | < 0.11.1-15 | 4Suite-0.11.1-15.x86_64.rpm |
CentOS | 3 | x86_64 | 4suite | < 0.11.1-15 | 4Suite-0.11.1-15.x86_64.rpm |
CentOS | 4 | i386 | 4suite | < 1.0-3.el4_8.1 | 4Suite-1.0-3.el4_8.1.i386.rpm |
CentOS | 4 | i386 | 4suite | < 1.0-3.el4_8.1 | 4Suite-1.0-3.el4_8.1.i386.rpm |
CentOS | 4 | x86_64 | 4suite | < 1.0-3.el4_8.1 | 4Suite-1.0-3.el4_8.1.x86_64.rpm |
CentOS | 4 | x86_64 | 4suite | < 1.0-3.el4_8.1 | 4Suite-1.0-3.el4_8.1.x86_64.rpm |