Pardus: [UPDATED] Perl-HTML-Parser:
Posted by Benjamin D. Thomas   
A vulnerability has been found in Perl HTML-Parser module which causes denial of service (infinite loop) via crafted input.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-177           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-10-30
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
======
[UPDATE] Same issue was fixed in Pardus 2009, please update your system.

A vulnerability has been found in Perl HTML-Parser module which  causes
denial of service (infinite loop) via crafted input.


Description
==========
The problem is caused when  parsing  HTML  entity  with  invalid  UTF-8
character. This can lead to application crash.


Affected packages:

  Pardus 2008:
    perl-HTML-Parser, all before 3.64-5-3
  Pardus 2009:
    perl-HTML-Parser, all before 3.64-7-4


Resolution
=========
There are update(s) for  perl-HTML-Parser.  You  can  update  them  via
Package Manager or with a single command from console:

  Pardus 2008:
    pisi up perl-HTML-Parser

  Pardus 2009:
    pisi up perl-HTML-Parser


References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id440
  * https://issues.apache.org/SpamAssassin/show_bug.cgi?idb25
  * http://github.com/gisle/html-
parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3627