LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 31st, 2014
Linux Security Week: October 27th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: libhtml-parser-perl vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Mark Martinec discovered that HTML::Parser incorrectly handled strings with incomplete entities. An attacker could send specially crafted input to applications that use HTML::Parser and cause a denial of service.
===========================================================
Ubuntu Security Notice USN-855-1          November 05, 2009
libhtml-parser-perl vulnerability
CVE-2009-3627
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libhtml-parser-perl             3.48-1ubuntu0.1

Ubuntu 8.04 LTS:
  libhtml-parser-perl             3.56-1ubuntu0.1

Ubuntu 8.10:
  libhtml-parser-perl             3.56-1ubuntu2.1

Ubuntu 9.04:
  libhtml-parser-perl             3.59-1ubuntu1.1

Ubuntu 9.10:
  libhtml-parser-perl             3.61-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Mark Martinec discovered that HTML::Parser incorrectly handled strings
with incomplete entities. An attacker could send specially crafted input to
applications that use HTML::Parser and cause a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1.diff.gz
      Size/MD5:     6020 5e20b1b31734934ef3675f25f200f83a
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1.dsc
      Size/MD5:      872 1dcd5059889167cd0a763edf56a35e75
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48.orig.tar.gz
      Size/MD5:    82678 3fe8ca230ff8efc55327a12d94193a58

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_amd64.deb
      Size/MD5:   104822 675f04b3e4597bd5f37b3cc2f8be7624

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_i386.deb
      Size/MD5:   103604 3cac785448f5a50af09fdbac4eb9af89

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_powerpc.deb
      Size/MD5:   104868 01c337175212fb4c77100f9bee77ef0b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.48-1ubuntu0.1_sparc.deb
      Size/MD5:   103780 0ea0484df5b8a99a0f1ccdccb7c7f879

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1.diff.gz
      Size/MD5:     6251 18a1208395cb520be2b81c1f1d8abfe2
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1.dsc
      Size/MD5:      971 0ed26b2e94f55ca531022775dcfd003b
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56.orig.tar.gz
      Size/MD5:    86040 bddc432e5ed9df4d4153a62234f04fc2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_amd64.deb
      Size/MD5:   107586 85f881920a5c4153534b9898b0dc1e5b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_i386.deb
      Size/MD5:   106890 b3e7fa4c17c91de3cef44acefd4d9592

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_lpia.deb
      Size/MD5:   106904 ddd831359f423a853e4f03ddf8d19bae

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_powerpc.deb
      Size/MD5:   109816 70d33ab9837ea9359179d72df02d9c00

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu0.1_sparc.deb
      Size/MD5:   106112 720ef03704f474f7acc6b59376e69fef

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1.diff.gz
      Size/MD5:     6447 656e10374000f1699aab812e628d09ca
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1.dsc
      Size/MD5:     1406 f90b11908b2f746858be35833f59ec2f
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56.orig.tar.gz
      Size/MD5:    86040 bddc432e5ed9df4d4153a62234f04fc2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_amd64.deb
      Size/MD5:   111068 6b8422e58a0952c0095b732e3a3ce932

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_i386.deb
      Size/MD5:   110390 119b245d5a985f4a9a4d6cca6a3db226

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_lpia.deb
      Size/MD5:   110234 7c0aac642ece40f1d074d9e5704fd8ec

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_powerpc.deb
      Size/MD5:   113094 a6d3551ab048bb2deddffbe3b6db84b7

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1ubuntu2.1_sparc.deb
      Size/MD5:   109644 c09e75a35bd9ecdffe682dd1a7db3031

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1.diff.gz
      Size/MD5:     7156 776e572797f750ad48a5fd337c2fa7d1
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1.dsc
      Size/MD5:     1622 b722fe175e9ced66084ec4e836c77a69
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59.orig.tar.gz
      Size/MD5:    87314 190950f442ff4a8e59e637714105a01b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_amd64.deb
      Size/MD5:   112444 ec63107d297595f7b2e6ea994bd8530d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_i386.deb
      Size/MD5:   111810 82ed44cd451170d87caa79a8018fbcf1

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_lpia.deb
      Size/MD5:   111626 cede79a0ef0de1e1a39cb396d14c3829

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_powerpc.deb
      Size/MD5:   114632 a29ae197e03d49948a8cfae4a00d8619

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.59-1ubuntu1.1_sparc.deb
      Size/MD5:   111076 aa9a8dc65044b72d4eee576be5a34a0a

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1.diff.gz
      Size/MD5:     6905 721edd6408f7ae8359e177440030efe0
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1.dsc
      Size/MD5:     1725 c93a277c8bba6fce57dd497d6c63c21a
    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61.orig.tar.gz
      Size/MD5:    88269 098d9551721d29d55a0a4ad83a3ebef5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_amd64.deb
      Size/MD5:   112854 ec6767383c1aff96ed1b395794af5a8f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_i386.deb
      Size/MD5:   112302 c020b828d39f2f1456df8c988aebd4fd

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_lpia.deb
      Size/MD5:   112194 338bb4738ec2501286379642a0e7e740

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_powerpc.deb
      Size/MD5:   113172 0d8e8bc85c07fd91b65e0792d6eec9a0

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.61-1ubuntu0.1_sparc.deb
      Size/MD5:   111260 de6ee17857af6dbdfdd6a42a207e8714




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.