Headline
Debian Security Advisory 5339-1
Debian Linux Security Advisory 5339-1 - Ikeda Soji reported that libhtml-stripscripts-perl, a Perl module for removing scripts from HTML, is prone to a regular expression denial of service, due to catastrophic backtracking for HTML content with specially crafted style attributes.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5339-1 [email protected]://www.debian.org/security/ Salvatore BonaccorsoFebruary 05, 2023 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : libhtml-stripscripts-perlCVE ID : CVE-2023-24038Debian Bug : 1029400Ikeda Soji reported that libhtml-stripscripts-perl, a Perl module forremoving scripts from HTML, is prone to a regular expression denial ofservice, due to catastrophic backtracking for HTML content withspecially crafted style attributes.For the stable distribution (bullseye), this problem has been fixed inversion 1.06-1+deb11u1.We recommend that you upgrade your libhtml-stripscripts-perl packages.For the detailed security status of libhtml-stripscripts-perl pleaserefer to its security tracker page at:https://security-tracker.debian.org/tracker/libhtml-stripscripts-perlFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmPfzlVfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0QgVg//dibzR/XQ0VrhEowYIFH3j0vIYvs1sIKD/JmrPa7eb/laY7QRY3X/EbYuyhIQkkFe54rXxaReB86tbt3VcFa4cn1Eehve9XuPGGsiThRfHyDlax3eTDfZhNY3B6l3IWgjhDSKl9DP7fvDOoy6DlB9YThM03m/EY9aT6FQIFVvUiG3kQPI2ydD51eyu1jh4fSdZpoHGRR1uIG0JA6NtXL9lXiCu8sxiC1BmrqrrauxihXEKv4iQ8wAgGrbQ05s0X2bmTlwowZv73fmDMSka5mP0siE+pzvtdfjVU7tXl8CWyYQ/0qifsSXukdf4h/tfveQJIZl48Z8+sUsuKxQvD0bWCPQU7Fw9/G+EmZPgYR1G8l8U6B3duf6s/ROMIa7pEqrTyV0C5eHsy2XOUc4SyZxR9iZbKU7djb3vhe5oyveK8Z5z8dmzXyJ9Jc1XWASkRqDK5d9lsDW54fCRLoF3uk/WpNDZ48aiEBjesmoYwQzOPGQ019oxtKzLo2BLE/vdqJFHvYoKXUm7AXCvVf6Y9OBvSRy5R3v/D6PKYfq300MC264m1AuAZ1zzB4OfJVDCEGbF7cyz7u9AMX/t2tPG2YYYdb8bMDxzmzlGggWBRmZ9/MsogOlOkjpROpGP1p4WN7OOv3h1ahrjBfmQ3AH5JDhIBc8M0b8KYZUj05pEswm92E==vLWj-----END PGP SIGNATURE-----Related news
Ubuntu Security Notice USN-6100-1
Ubuntu Security Notice 6100-1 - It was discovered that HTML::StripScripts does not properly parse HTML content with certain style attributes. A remote attacker could use this issue to cause a regular expression denial of service.
CVE-2023-24038: Handler for `style` attribute is vulnerable to reDoS · Issue #3 · clintongormley/perl-html-stripscripts
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.