Package name
python
Date
2009-12-04
Advisory ID
MDVSA-2009:212-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).

This update fixes this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 d299993b7e9e67f4dd9d8174a3303e33  2008.0/i586/libpython2.5-2.5.2-2.4mdv2008.0.i586.rpm
 3a3065367761a3f4adafcdb5db47fa24  2008.0/i586/libpython2.5-devel-2.5.2-2.4mdv2008.0.i586.rpm
 6c10b6e2dbb2cfe401b999951488741c  2008.0/i586/python-2.5.2-2.4mdv2008.0.i586.rpm
 d4f8d49c7345d3473acca6c392918d5f  2008.0/i586/python-base-2.5.2-2.4mdv2008.0.i586.rpm
 4c1cd90bd7f0690617acdc2140d063b6  2008.0/i586/python-docs-2.5.2-2.4mdv2008.0.i586.rpm
 e0cc1c4c45cd6059866ffd5cb1885a1f  2008.0/i586/tkinter-2.5.2-2.4mdv2008.0.i586.rpm
 12b668dc2b0704a999522026bace8311  2008.0/i586/tkinter-apps-2.5.2-2.4mdv2008.0.i586.rpm 
 3073a21fea81d8057f02af09e1c18d28  2008.0/SRPMS/python-2.5.2-2.4mdv2008.0.src.rpm

2008.0 x86_64

 c6e53e252fde2114632fef291f75933f  2008.0/x86_64/lib64python2.5-2.5.2-2.4mdv2008.0.x86_64.rpm
 0af7036a37c0233041403f9c92348a53  2008.0/x86_64/lib64python2.5-devel-2.5.2-2.4mdv2008.0.x86_64.rpm
 46c8486c87a8c54f467ce63168c878a5  2008.0/x86_64/python-2.5.2-2.4mdv2008.0.x86_64.rpm
 0b1407a7c3563ef4a248c705e2ba7d57  2008.0/x86_64/python-base-2.5.2-2.4mdv2008.0.x86_64.rpm
 4c898fbaa2a089bc11d30b9ac9d7c42f  2008.0/x86_64/python-docs-2.5.2-2.4mdv2008.0.x86_64.rpm
 d09f93b33ceefa8db2077092822ef16f  2008.0/x86_64/tkinter-2.5.2-2.4mdv2008.0.x86_64.rpm
 a465678469faaedb9ecc4eb2ea881886  2008.0/x86_64/tkinter-apps-2.5.2-2.4mdv2008.0.x86_64.rpm 
 3073a21fea81d8057f02af09e1c18d28  2008.0/SRPMS/python-2.5.2-2.4mdv2008.0.src.rpm

References