USN-855-1: libhtml-parser-perl vulnerability

view full story

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-3627 Description:  =========================================================== Ubuntu Security Notice USN-855-1 November 05, 2009 libhtml-parser-perl vulnerability CVE-2009-3627 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libhtml-parser-perl 3.48-1ubuntu0.1 Ubuntu 8.04 LTS: libhtml-parser-perl 3.56-1ubuntu0.1 Ubuntu 8.10: libhtml-parser-perl 3.56-1ubuntu2.1 Ubuntu 9.04: libhtml-parser-perl 3.59-1ubuntu1.1 Ubuntu 9.10: libhtml-parser-perl 3.61-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Mark Martinec discovered that HTML::Parser incorrectly handled strings with incomplete entities. An attacker could send specially crafted input to applications that use HTML::Parser and cause a denial of service. (Distributions)