"Ubuntu Security Notice USN-855-1 November 05, 2009
libhtml-parser-perl vulnerability
CVE-2009-3627
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libhtml-parser-perl 3.48-1ubuntu0.1
Ubuntu 8.04 LTS:
libhtml-parser-perl 3.56-1ubuntu0.1
Ubuntu 8.10:
libhtml-parser-perl 3.56-1ubuntu2.1
Ubuntu 9.04:
libhtml-parser-perl 3.59-1ubuntu1.1
Ubuntu 9.10:
libhtml-parser-perl 3.61-1ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Mark Martinec discovered that HTML::Parser incorrectly handled strings
with incomplete entities. An attacker could send specially crafted input to
applications that use HTML::Parser and cause a denial of service.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1.diff.gz
Size/MD5: 6020 5e20b1b31734934ef3675f25f200f83a
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1.dsc
Size/MD5: 872 1dcd5059889167cd0a763edf56a35e75
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48.orig.tar.gz
Size/MD5: 82678 3fe8ca230ff8efc55327a12d94193a58
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1_amd64.deb
Size/MD5: 104822 675f04b3e4597bd5f37b3cc2f8be7624
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1_i386.deb
Size/MD5: 103604 3cac785448f5a50af09fdbac4eb9af89
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1_powerpc.deb
Size/MD5: 104868 01c337175212fb4c77100f9bee77ef0b
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.48-1ubuntu0.1_sparc.deb
Size/MD5: 103780 0ea0484df5b8a99a0f1ccdccb7c7f879
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu0.1.diff.gz
Size/MD5: 6251 18a1208395cb520be2b81c1f1d8abfe2
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu0.1.dsc
Size/MD5: 971 0ed26b2e94f55ca531022775dcfd003b
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56.orig.tar.gz
Size/MD5: 86040 bddc432e5ed9df4d4153a62234f04fc2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu0.1_amd64.deb
Size/MD5: 107586 85f881920a5c4153534b9898b0dc1e5b
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu0.1_i386.deb
Size/MD5: 106890 b3e7fa4c17c91de3cef44acefd4d9592
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu0.1_lpia.deb
Size/MD5: 106904 ddd831359f423a853e4f03ddf8d19bae
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu0.1_powerpc.deb
Size/MD5: 109816 70d33ab9837ea9359179d72df02d9c00
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu0.1_sparc.deb
Size/MD5: 106112 720ef03704f474f7acc6b59376e69fef
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu2.1.diff.gz
Size/MD5: 6447 656e10374000f1699aab812e628d09ca
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu2.1.dsc
Size/MD5: 1406 f90b11908b2f746858be35833f59ec2f
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56.orig.tar.gz
Size/MD5: 86040 bddc432e5ed9df4d4153a62234f04fc2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu2.1_amd64.deb
Size/MD5: 111068 6b8422e58a0952c0095b732e3a3ce932
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.56-1ubuntu2.1_i386.deb
Size/MD5: 110390 119b245d5a985f4a9a4d6cca6a3db226
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu2.1_lpia.deb
Size/MD5: 110234 7c0aac642ece40f1d074d9e5704fd8ec
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu2.1_powerpc.deb
Size/MD5: 113094 a6d3551ab048bb2deddffbe3b6db84b7
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.56-1ubuntu2.1_sparc.deb
Size/MD5: 109644 c09e75a35bd9ecdffe682dd1a7db3031
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.59-1ubuntu1.1.diff.gz
Size/MD5: 7156 776e572797f750ad48a5fd337c2fa7d1
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.59-1ubuntu1.1.dsc
Size/MD5: 1622 b722fe175e9ced66084ec4e836c77a69
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.59.orig.tar.gz
Size/MD5: 87314 190950f442ff4a8e59e637714105a01b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.59-1ubuntu1.1_amd64.deb
Size/MD5: 112444 ec63107d297595f7b2e6ea994bd8530d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.59-1ubuntu1.1_i386.deb
Size/MD5: 111810 82ed44cd451170d87caa79a8018fbcf1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.59-1ubuntu1.1_lpia.deb
Size/MD5: 111626 cede79a0ef0de1e1a39cb396d14c3829
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.59-1ubuntu1.1_powerpc.deb
Size/MD5: 114632 a29ae197e03d49948a8cfae4a00d8619
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.59-1ubuntu1.1_sparc.deb
Size/MD5: 111076 aa9a8dc65044b72d4eee576be5a34a0a
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.61-1ubuntu0.1.diff.gz
Size/MD5: 6905 721edd6408f7ae8359e177440030efe0
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.61-1ubuntu0.1.dsc
Size/MD5: 1725 c93a277c8bba6fce57dd497d6c63c21a
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.61.orig.tar.gz
Size/MD5: 88269 098d9551721d29d55a0a4ad83a3ebef5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.61-1ubuntu0.1_amd64.deb
Size/MD5: 112854 ec6767383c1aff96ed1b395794af5a8f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/li=
bhtml-parser-perl_3.61-1ubuntu0.1_i386.deb
Size/MD5: 112302 c020b828d39f2f1456df8c988aebd4fd
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.61-1ubuntu0.1_lpia.deb
Size/MD5: 112194 338bb4738ec2501286379642a0e7e740
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.61-1ubuntu0.1_powerpc.deb
Size/MD5: 113172 0d8e8bc85c07fd91b65e0792d6eec9a0
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-pars=
er-perl_3.61-1ubuntu0.1_sparc.deb
Size/MD5: 111260 de6ee17857af6dbdfdd6a42a207e8714
--=-kPJ0vYPoBpMTmYiEnliO
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkrzNW8ACgkQLMAs/0C4zNqBvgCfQXvCzCi5YCSNOSaViq4PvmqL
1lMAoKJJ+rm7imvwUDdEymeoj0xjAx/B
=7KLn
-----END PGP SIGNATURE-----
"
DSA 1923-1: New libhtml-parser-perl packages fix denial of serviceSka Legends launch Liverpool Music Week
This entry was posted
on 3:46 PM
.
Archives
-
▼
2009
(488)
-
▼
November
(49)
- RHSA-2009:1620-01 Moderate: bind security update
- RHSA-2009:1615-01 Moderate: xerces-j2 security update
- DSA 1942-1: New wireshark packages fix several vul...
- GLSA 200911-04 dstat: Untrusted search path
- GLSA 200911-06 PEAR Net_Traceroute: Command injec...
- DSA 1939-1: New libvorbis packages fix several vul...
- DSA 1941-1: New poppler packages fix several vulne...
- RHSA-2009:1601-01 Critical: kdelibs security update
- GLSA 200911-05 Wireshark: Multiple vulnerabilities
- USN-861-1: libvorbis vulnerabilities
- DSA 1938-1: New php-mail packages fix insufficient...
- DSA 1937-1: New gforge packages fix cross-site scr...
- DSA-1934-1: New apache2 packages fix several issues
- USN-859-1: OpenJDK vulnerabilities
- USN-860-1: Apache vulnerabilities
- RHSA-2009:1595-01 Moderate: cups security update
- RHSA-2009:1587-01 Important: kernel security and b...
- GLSA 200911-02 Sun JDK/JRE: Multiple vulnerabilites
- DSA 1936-1: New libgd2 packages fix several vulner...
- RHSA-2009:1588-02 Important: kernel security update
- DSA 1935-1: New gnutls23/gnutls26 packages fix SSL...
- RHSA-2009:1585-01 Moderate: samba3x security and b...
- RHSA-2009:1584-01 Important: java-1.6.0-openjdk se...
- RHSA-2009:1580-02 Moderate: httpd security update
- DSA 1933-1: New cups packages fix cross-site scrip...
- USN-858-1: OpenLDAP vulnerability
- DSA 1932-1: New pidgin packages fix arbitrary code...
- RHSA-2009:1582-01 Critical: java-1.6.0-ibm securit...
- RHSA-2009:1561-01 Important: libvorbis security up...
- RHSA-2009:1562-01 Important: tomcat security update
- USN-853-2: Firefox and Xulrunner regression
- USN-854-1: GD library vulnerabilities
- DSA 1928-1: New Linux 2.6.24 packages fix several ...
- RHSA-2009:1540-01 Important: kernel-rt security, b...
- RHSA-2009:1550-01 Important: kernel security and b...
- RHSA-2009:1541-01 Important: kernel security update
- USN-850-3: poppler vulnerabilities
- DSA 1927-1: New Linux 2.6.26 packages fix several ...
- USN-855-1: libhtml-parser-perl vulnerability
- RHSA-2009:1548-01 Important: kernel security and b...
- RHSA-2009:1530-01 Critical: firefox security update
- DSA 1924-1: New mahara packages fix several vulner...
- USN-853-1: Firefox and Xulrunner vulnerabilities
- RHSA-2009:1528-01 Moderate: samba security and bug...
- RHSA-2009:1531-01 Critical: seamonkey security update
- DSA 1922-1: New xulrunner packages fix several vul...
- DSA 1923-1: New libhtml-parser-perl packages fix d...
- RHSA-2009:1535-01 Moderate: pidgin security update
- DSA 1921-1: New expat packages fix denial of service
-
▼
November
(49)