USN-855-1: libhtml-parser-perl vulnerability  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-855-1 November 05, 2009
libhtml-parser-perl vulnerability
CVE-2009-3627
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libhtml-parser-perl 3.48-1ubuntu0.1

Ubuntu 8.04 LTS:
libhtml-parser-perl 3.56-1ubuntu0.1

Ubuntu 8.10:
libhtml-parser-perl 3.56-1ubuntu2.1

Ubuntu 9.04:
libhtml-parser-perl 3.59-1ubuntu1.1

Ubuntu 9.10:
libhtml-parser-perl 3.61-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Mark Martinec discovered that HTML::Parser incorrectly handled strings
with incomplete entities. An attacker could send specially crafted input to
applications that use HTML::Parser and cause a denial of service.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1.diff.gz
Size/MD5: 6020 5e20b1b31734934ef3675f25f200f83a
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1.dsc
Size/MD5: 872 1dcd5059889167cd0a763edf56a35e75
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48.orig.tar.gz
Size/MD5: 82678 3fe8ca230ff8efc55327a12d94193a58

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1_amd64.deb
Size/MD5: 104822 675f04b3e4597bd5f37b3cc2f8be7624

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1_i386.deb
Size/MD5: 103604 3cac785448f5a50af09fdbac4eb9af89

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1_powerpc.deb
Size/MD5: 104868 01c337175212fb4c77100f9bee77ef0b

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1_sparc.deb
Size/MD5: 103780 0ea0484df5b8a99a0f1ccdccb7c7f879

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu0.1.diff.gz
Size/MD5: 6251 18a1208395cb520be2b81c1f1d8abfe2
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu0.1.dsc
Size/MD5: 971 0ed26b2e94f55ca531022775dcfd003b
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56.orig.tar.gz
Size/MD5: 86040 bddc432e5ed9df4d4153a62234f04fc2

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu0.1_amd64.deb
Size/MD5: 107586 85f881920a5c4153534b9898b0dc1e5b

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu0.1_i386.deb
Size/MD5: 106890 b3e7fa4c17c91de3cef44acefd4d9592

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu0.1_lpia.deb
Size/MD5: 106904 ddd831359f423a853e4f03ddf8d19bae

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu0.1_powerpc.deb
Size/MD5: 109816 70d33ab9837ea9359179d72df02d9c00

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu0.1_sparc.deb
Size/MD5: 106112 720ef03704f474f7acc6b59376e69fef

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu2.1.diff.gz
Size/MD5: 6447 656e10374000f1699aab812e628d09ca
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu2.1.dsc
Size/MD5: 1406 f90b11908b2f746858be35833f59ec2f
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56.orig.tar.gz
Size/MD5: 86040 bddc432e5ed9df4d4153a62234f04fc2

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu2.1_amd64.deb
Size/MD5: 111068 6b8422e58a0952c0095b732e3a3ce932

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu2.1_i386.deb
Size/MD5: 110390 119b245d5a985f4a9a4d6cca6a3db226

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu2.1_lpia.deb
Size/MD5: 110234 7c0aac642ece40f1d074d9e5704fd8ec

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu2.1_powerpc.deb
Size/MD5: 113094 a6d3551ab048bb2deddffbe3b6db84b7

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu2.1_sparc.deb
Size/MD5: 109644 c09e75a35bd9ecdffe682dd1a7db3031

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.59-1ubuntu1.1.diff.gz
Size/MD5: 7156 776e572797f750ad48a5fd337c2fa7d1
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.59-1ubuntu1.1.dsc
Size/MD5: 1622 b722fe175e9ced66084ec4e836c77a69
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.59.orig.tar.gz
Size/MD5: 87314 190950f442ff4a8e59e637714105a01b

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.59-1ubuntu1.1_amd64.deb
Size/MD5: 112444 ec63107d297595f7b2e6ea994bd8530d

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.59-1ubuntu1.1_i386.deb
Size/MD5: 111810 82ed44cd451170d87caa79a8018fbcf1

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.59-1ubuntu1.1_lpia.deb
Size/MD5: 111626 cede79a0ef0de1e1a39cb396d14c3829

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.59-1ubuntu1.1_powerpc.deb
Size/MD5: 114632 a29ae197e03d49948a8cfae4a00d8619

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.59-1ubuntu1.1_sparc.deb
Size/MD5: 111076 aa9a8dc65044b72d4eee576be5a34a0a

Updated packages for Ubuntu 9.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.61-1ubuntu0.1.diff.gz
Size/MD5: 6905 721edd6408f7ae8359e177440030efe0
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.61-1ubuntu0.1.dsc
Size/MD5: 1725 c93a277c8bba6fce57dd497d6c63c21a
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.61.orig.tar.gz
Size/MD5: 88269 098d9551721d29d55a0a4ad83a3ebef5

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.61-1ubuntu0.1_amd64.deb
Size/MD5: 112854 ec6767383c1aff96ed1b395794af5a8f

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.61-1ubuntu0.1_i386.deb
Size/MD5: 112302 c020b828d39f2f1456df8c988aebd4fd

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.61-1ubuntu0.1_lpia.deb
Size/MD5: 112194 338bb4738ec2501286379642a0e7e740

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.61-1ubuntu0.1_powerpc.deb
Size/MD5: 113172 0d8e8bc85c07fd91b65e0792d6eec9a0

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.61-1ubuntu0.1_sparc.deb
Size/MD5: 111260 de6ee17857af6dbdfdd6a42a207e8714




--=-kPJ0vYPoBpMTmYiEnliO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkrzNW8ACgkQLMAs/0C4zNqBvgCfQXvCzCi5YCSNOSaViq4PvmqL
1lMAoKJJ+rm7imvwUDdEymeoj0xjAx/B
=7KLn
-----END PGP SIGNATURE-----
"

DSA 1923-1: New libhtml-parser-perl packages fix denial of serviceSka Legends launch Liverpool Music Week

This entry was posted on 3:46 PM .