Ubuntu 855-1: libhtml-parser-perl vulnerability

    Date05 Nov 2009
    CategoryUbuntu
    45
    Posted ByLinuxSecurity Advisories
    Mark Martinec discovered that HTML::Parser incorrectly handled strings with incomplete entities. An attacker could send specially crafted input to applications that use HTML::Parser and cause a denial of service. [More...]
    ===========================================================
    Ubuntu Security Notice USN-855-1          November 05, 2009
    libhtml-parser-perl vulnerability
    CVE-2009-3627
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    Ubuntu 9.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      libhtml-parser-perl             3.48-1ubuntu0.1
    
    Ubuntu 8.04 LTS:
      libhtml-parser-perl             3.56-1ubuntu0.1
    
    Ubuntu 8.10:
      libhtml-parser-perl             3.56-1ubuntu2.1
    
    Ubuntu 9.04:
      libhtml-parser-perl             3.59-1ubuntu1.1
    
    Ubuntu 9.10:
      libhtml-parser-perl             3.61-1ubuntu0.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    Mark Martinec discovered that HTML::Parser incorrectly handled strings
    with incomplete entities. An attacker could send specially crafted input to
    applications that use HTML::Parser and cause a denial of service.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1.diff.gz
          Size/MD5:     6020 5e20b1b31734934ef3675f25f200f83a
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1.dsc
          Size/MD5:      872 1dcd5059889167cd0a763edf56a35e75
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48.orig.tar.gz
          Size/MD5:    82678 3fe8ca230ff8efc55327a12d94193a58
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_amd64.deb
          Size/MD5:   104822 675f04b3e4597bd5f37b3cc2f8be7624
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_i386.deb
          Size/MD5:   103604 3cac785448f5a50af09fdbac4eb9af89
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_powerpc.deb
          Size/MD5:   104868 01c337175212fb4c77100f9bee77ef0b
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_sparc.deb
          Size/MD5:   103780 0ea0484df5b8a99a0f1ccdccb7c7f879
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1.diff.gz
          Size/MD5:     6251 18a1208395cb520be2b81c1f1d8abfe2
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1.dsc
          Size/MD5:      971 0ed26b2e94f55ca531022775dcfd003b
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56.orig.tar.gz
          Size/MD5:    86040 bddc432e5ed9df4d4153a62234f04fc2
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_amd64.deb
          Size/MD5:   107586 85f881920a5c4153534b9898b0dc1e5b
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_i386.deb
          Size/MD5:   106890 b3e7fa4c17c91de3cef44acefd4d9592
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_lpia.deb
          Size/MD5:   106904 ddd831359f423a853e4f03ddf8d19bae
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_powerpc.deb
          Size/MD5:   109816 70d33ab9837ea9359179d72df02d9c00
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_sparc.deb
          Size/MD5:   106112 720ef03704f474f7acc6b59376e69fef
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1.diff.gz
          Size/MD5:     6447 656e10374000f1699aab812e628d09ca
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1.dsc
          Size/MD5:     1406 f90b11908b2f746858be35833f59ec2f
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56.orig.tar.gz
          Size/MD5:    86040 bddc432e5ed9df4d4153a62234f04fc2
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_amd64.deb
          Size/MD5:   111068 6b8422e58a0952c0095b732e3a3ce932
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_i386.deb
          Size/MD5:   110390 119b245d5a985f4a9a4d6cca6a3db226
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_lpia.deb
          Size/MD5:   110234 7c0aac642ece40f1d074d9e5704fd8ec
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_powerpc.deb
          Size/MD5:   113094 a6d3551ab048bb2deddffbe3b6db84b7
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_sparc.deb
          Size/MD5:   109644 c09e75a35bd9ecdffe682dd1a7db3031
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1.diff.gz
          Size/MD5:     7156 776e572797f750ad48a5fd337c2fa7d1
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1.dsc
          Size/MD5:     1622 b722fe175e9ced66084ec4e836c77a69
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59.orig.tar.gz
          Size/MD5:    87314 190950f442ff4a8e59e637714105a01b
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_amd64.deb
          Size/MD5:   112444 ec63107d297595f7b2e6ea994bd8530d
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_i386.deb
          Size/MD5:   111810 82ed44cd451170d87caa79a8018fbcf1
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_lpia.deb
          Size/MD5:   111626 cede79a0ef0de1e1a39cb396d14c3829
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_powerpc.deb
          Size/MD5:   114632 a29ae197e03d49948a8cfae4a00d8619
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_sparc.deb
          Size/MD5:   111076 aa9a8dc65044b72d4eee576be5a34a0a
    
    Updated packages for Ubuntu 9.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1.diff.gz
          Size/MD5:     6905 721edd6408f7ae8359e177440030efe0
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1.dsc
          Size/MD5:     1725 c93a277c8bba6fce57dd497d6c63c21a
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61.orig.tar.gz
          Size/MD5:    88269 098d9551721d29d55a0a4ad83a3ebef5
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_amd64.deb
          Size/MD5:   112854 ec6767383c1aff96ed1b395794af5a8f
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_i386.deb
          Size/MD5:   112302 c020b828d39f2f1456df8c988aebd4fd
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_lpia.deb
          Size/MD5:   112194 338bb4738ec2501286379642a0e7e740
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_powerpc.deb
          Size/MD5:   113172 0d8e8bc85c07fd91b65e0792d6eec9a0
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_sparc.deb
          Size/MD5:   111260 de6ee17857af6dbdfdd6a42a207e8714
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.