Paketname
python-lxml
Datum
2014-05-15
Advisory ID
MDVSA-2014:088
Betroffene Versionen
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problembeschreibung

Updated python-lxml packages fix security vulnerability:

The clean_html() function, provided by the lxml.html.clean module,
did not properly clean HTML input if it included non-printed characters
(\x01-\x08). A remote attacker could use this flaw to serve malicious
content to an application using the clean_html() function to process
HTML, possibly allowing the attacker to inject malicious code into
a website generated by this application (CVE-2014-3146).

Aktualisierte Pakete

MES5 i586

 35048c25adfe1871d3f4967407785225  mes5/i586/python-lxml-2.1.1-1.1mdvmes5.2.i586.rpm 
 2693d5ca44dd8804fa8d5f74b855accd  mes5/SRPMS/python-lxml-2.1.1-1.1mdvmes5.2.src.rpm

MBS1 x86_64

 30f3bf2c3b6db68cb633e2e87a13cb9b  mbs1/x86_64/python-lxml-2.3.3-3.1.mbs1.x86_64.rpm 
 8631bd626091dfba02951f2244e62c34  mbs1/SRPMS/python-lxml-2.3.3-3.1.mbs1.src.rpm

MES5 x86_64

 7106b307c87f78a0ccbdcd782b1f2bd3  mes5/x86_64/python-lxml-2.1.1-1.1mdvmes5.2.x86_64.rpm 
 2693d5ca44dd8804fa8d5f74b855accd  mes5/SRPMS/python-lxml-2.1.1-1.1mdvmes5.2.src.rpm

Referenzen