安全研究
安全漏洞
HTML-Parser无效HTML实体解析拒绝服务漏洞
发布日期:2009-10-23
更新日期:2009-10-26
受影响系统:
HTML-Parser HTML-Parser 3.54不受影响系统:
HTML-Parser HTML-Parser 3.63描述:
BUGTRAQ ID: 36807
CVE(CAN) ID: CVE-2009-3627
HTML Parser是用于解析线性或嵌套式HTML的Java库。
HTML Parser在解析HTML实体中无效的UTF-8字符时可能触发死循环,导致拒绝服务的情况。
<*来源:Mark Martinec (Mark.Martinec@ijs.si)
链接:https://issues.apache.org/SpamAssassin/show_bug.cgi?format=multiple&id=6225
http://permalink.gmane.org/gmane.comp.security.oss.general/2237
http://www.debian.org/security/2009/dsa-1923
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1923-1)以及相应补丁:
DSA-1923-1:New libhtml-parser-perl packages fix denial of service
链接:http://www.debian.org/security/2009/dsa-1923
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55.orig.tar.gz
Size/MD5 checksum: 84746 75eb683f1fb7aa7c0ffa46ded4564b54
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1.diff.gz
Size/MD5 checksum: 6136 8c713a84e3df953ae77d83d9f2cff5bc
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1.dsc
Size/MD5 checksum: 882 0f38d699bda26190ea4764aa74eac2c8
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_alpha.deb
Size/MD5 checksum: 108540 a6d69a440e25b3d3b4e9c5057f6b6908
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_amd64.deb
Size/MD5 checksum: 108168 ddafcee82387004c4d55a39a8ca54eb6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_arm.deb
Size/MD5 checksum: 106962 9842d5bc00c6b308d01fae6d20676e9e
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_hppa.deb
Size/MD5 checksum: 109602 2d4a2d3ff134cfdd70135e71caf9043a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_i386.deb
Size/MD5 checksum: 108032 b542502d5b1d4fff66c2d730e8c02790
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_ia64.deb
Size/MD5 checksum: 117524 ce065d8d05996cdc4c436104b578ed0a
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_mips.deb
Size/MD5 checksum: 106518 25feabc68e1aa4aff02b6aff00a2a9df
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_mipsel.deb
Size/MD5 checksum: 105742 17a4f0fafa183a3794fad636e4e26ce4
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_powerpc.deb
Size/MD5 checksum: 106504 beb784e9d723ba717d207c6e9c58414b
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_s390.deb
Size/MD5 checksum: 106630 1de105f77b55dd920dbfccb7712e3dc1
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.55-1+etch1_sparc.deb
Size/MD5 checksum: 106222 bd1cd736644c4f2dceb76cc5192f18d0
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1.diff.gz
Size/MD5 checksum: 6147 18b2407d8b26d6225b82a880b16a0e05
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1.dsc
Size/MD5 checksum: 1316 5a923d6089e2ffddf050ea5b017a7956
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56.orig.tar.gz
Size/MD5 checksum: 86040 bddc432e5ed9df4d4153a62234f04fc2
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_alpha.deb
Size/MD5 checksum: 111160 928145a65d633d76bf3db6a42bcf9173
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_amd64.deb
Size/MD5 checksum: 111614 9152d47982c212aa1ee9ec8d6293c97e
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_arm.deb
Size/MD5 checksum: 109442 e559abada6a045e2a8d51b1c54a89655
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_armel.deb
Size/MD5 checksum: 109388 47e0480a189e752018d27ffb4b19d9e1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_hppa.deb
Size/MD5 checksum: 112026 52d258a94e332f7f1c527ae0c47d77d6
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_i386.deb
Size/MD5 checksum: 109680 da9426f29d77127b954a77263a5b7665
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_ia64.deb
Size/MD5 checksum: 121744 90933c7e204254b4c308424af76917b2
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_mips.deb
Size/MD5 checksum: 109378 f46f9971f7d22fe40a1d15cc224cdc70
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_mipsel.deb
Size/MD5 checksum: 109870 af19cea178841be6c1fc658cac4c468d
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_powerpc.deb
Size/MD5 checksum: 112450 1a2d490c6120185ec0cbddc2bb73e792
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_s390.deb
Size/MD5 checksum: 110958 2f21853d729b141554b39132ecf21f5c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libh/libhtml-parser-perl/libhtml-parser-perl_3.56-1+lenny1_sparc.deb
Size/MD5 checksum: 108682 a1831a4919f5c7b30eab0def292928b5
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
HTML-Parser
-----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/HTML-Parser-3.63.tar.gz
浏览次数:2788
严重程度:0(网友投票)
绿盟科技给您安全的保障