drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in HTMLStripScripts
Name: |
Denial of Service in HTMLStripScripts |
|
ID: |
USN-6100-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, Ubuntu 16.04 LTS (Available with Ubuntu Pro), Ubuntu 14.04 LTS (Available with Ubuntu Pro) |
|
Datum: |
Do, 25. Mai 2023, 07:37 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24038 |
|
Applikationen: |
HTMLStripScripts |
|
Originalnachricht |
--===============7625454699273738519== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="fx44odvydwskq3lh" Content-Disposition: inline
--fx44odvydwskq3lh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-6100-1 May 23, 2023
libhtml-stripscripts-perl vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
HTML::StripScripts could be made to crash if it received specially crafted input.
Software Description: - libhtml-stripscripts-perl: module for removing scripts from HTML
Details:
It was discovered that HTML::StripScripts does not properly parse HTML content with certain style attributes. A remote attacker could use this issue to cause a regular expression denial of service (ReDoS).
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: libhtml-stripscripts-perl 1.06-2ubuntu0.1
Ubuntu 22.04 LTS: libhtml-stripscripts-perl 1.06-1ubuntu0.22.04.1
Ubuntu 20.04 LTS: libhtml-stripscripts-perl 1.06-1ubuntu0.20.04.1
Ubuntu 18.04 LTS: libhtml-stripscripts-perl 1.06-1ubuntu0.18.04.1
Ubuntu 16.04 LTS (Available with Ubuntu Pro): libhtml-stripscripts-perl 1.05-2ubuntu0.1~esm1
Ubuntu 14.04 LTS (Available with Ubuntu Pro): libhtml-stripscripts-perl 1.05-1ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-6100-1 CVE-2023-24038
Package Information: https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-1ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-1ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-1ubuntu0.18.04.1
--fx44odvydwskq3lh Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAmRuiFIACgkQbUp5kL3i zGb3YA/+KsoGl5PMGN/x4lbvkIPoqHTJa1D2XSO+vX2bIG9xzEtIGCo/HMGWPRyY QwMQ/MNUx8qGlWKO04QIuoAKOZwtQmTEJIaED6RrBrf7voqw7rR5XShvpomKfvuO cLl8hZSNxTLDx9AYzwvqTQrlsMSy0bdPDJakRnbt7UIRfJSvSyw/QYIz4PbJHNZK mQawGYw8XpUTitfY7On5BvfI/d/QAPt5ueNHbqYeaU53RyQNhiLWgliyNc2dg4rh 4d5ycaVfA01loewENNXeGod67jtP8tl/GGG67mlK1WG4VRubQ8HcaswOeOuC74bu BBmZvIrmB2f22OH8d/sj2GRVDOVAdsqrCV+a/OdNRFCQ1czw6YO9dj6pwoG2YdFz RgbPid+H5g7UkgPB1t5q0M9VesYYe4DqOL3cwGklbbItS9QsdYe4o0VSRjM1m9Ge ksLG8/ebG2Xg0JZSP8PkevBD/WwwWVL2HZoX7fNmgPM5m2AAxHiHKe1phh8Xq68p mLk6g+B8a77ZV2bggPZrYP6bpNXB32lSx3HxEv1uNfKQzkIUAUx1lPObrBzndCnb DnAg1uaaL7MrsWMEBAT9OzuuFVmUSj+oKrbIAbvaIV8fOhUvvNLdyWfbeALlNh3r r9e06RJZqpKiTOSqGBhnDhuWgi/7DqITIxg+0QA0GdBsoA8UrhU= =NnWQ -----END PGP SIGNATURE-----
--fx44odvydwskq3lh--
--===============7625454699273738519== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
--===============7625454699273738519==--
|
|
|
|