drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in HTMLStripScripts
| Name: |
Denial of Service in HTMLStripScripts |
|
| ID: |
USN-6100-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, Ubuntu 16.04 LTS (Available with Ubuntu Pro), Ubuntu 14.04 LTS (Available with Ubuntu Pro) |
|
| Datum: |
Do, 25. Mai 2023, 07:37 |
|
| Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24038 |
|
| Applikationen: |
HTMLStripScripts |
|
Originalnachricht |
--===============7625454699273738519==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="fx44odvydwskq3lh"
Content-Disposition: inline
--fx44odvydwskq3lh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================================
Ubuntu Security Notice USN-6100-1
May 23, 2023
libhtml-stripscripts-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
HTML::StripScripts could be made to crash if it received specially crafted
input.
Software Description:
- libhtml-stripscripts-perl: module for removing scripts from HTML
Details:
It was discovered that HTML::StripScripts does not properly parse HTML
content with certain style attributes. A remote attacker could use this issue
to cause a regular expression denial of service (ReDoS).
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
libhtml-stripscripts-perl 1.06-2ubuntu0.1
Ubuntu 22.04 LTS:
libhtml-stripscripts-perl 1.06-1ubuntu0.22.04.1
Ubuntu 20.04 LTS:
libhtml-stripscripts-perl 1.06-1ubuntu0.20.04.1
Ubuntu 18.04 LTS:
libhtml-stripscripts-perl 1.06-1ubuntu0.18.04.1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libhtml-stripscripts-perl 1.05-2ubuntu0.1~esm1
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
libhtml-stripscripts-perl 1.05-1ubuntu0.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6100-1
CVE-2023-24038
Package Information:
https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-1ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-1ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-1ubuntu0.18.04.1
--fx44odvydwskq3lh
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAmRuiFIACgkQbUp5kL3i
zGb3YA/+KsoGl5PMGN/x4lbvkIPoqHTJa1D2XSO+vX2bIG9xzEtIGCo/HMGWPRyY
QwMQ/MNUx8qGlWKO04QIuoAKOZwtQmTEJIaED6RrBrf7voqw7rR5XShvpomKfvuO
cLl8hZSNxTLDx9AYzwvqTQrlsMSy0bdPDJakRnbt7UIRfJSvSyw/QYIz4PbJHNZK
mQawGYw8XpUTitfY7On5BvfI/d/QAPt5ueNHbqYeaU53RyQNhiLWgliyNc2dg4rh
4d5ycaVfA01loewENNXeGod67jtP8tl/GGG67mlK1WG4VRubQ8HcaswOeOuC74bu
BBmZvIrmB2f22OH8d/sj2GRVDOVAdsqrCV+a/OdNRFCQ1czw6YO9dj6pwoG2YdFz
RgbPid+H5g7UkgPB1t5q0M9VesYYe4DqOL3cwGklbbItS9QsdYe4o0VSRjM1m9Ge
ksLG8/ebG2Xg0JZSP8PkevBD/WwwWVL2HZoX7fNmgPM5m2AAxHiHKe1phh8Xq68p
mLk6g+B8a77ZV2bggPZrYP6bpNXB32lSx3HxEv1uNfKQzkIUAUx1lPObrBzndCnb
DnAg1uaaL7MrsWMEBAT9OzuuFVmUSj+oKrbIAbvaIV8fOhUvvNLdyWfbeALlNh3r
r9e06RJZqpKiTOSqGBhnDhuWgi/7DqITIxg+0QA0GdBsoA8UrhU=
=NnWQ
-----END PGP SIGNATURE-----
--fx44odvydwskq3lh--
--===============7625454699273738519==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
--===============7625454699273738519==--
|
|
|
|
