drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Perl
Name: |
Mehrere Probleme in Perl |
|
ID: |
USN-1643-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
Datum: |
Fr, 30. November 2012, 12:20 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526 |
|
Applikationen: |
Perl |
|
Originalnachricht |
--===============2910599072812161963== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="azLHFNyN32YCQGCU" Content-Disposition: inline
--azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-1643-1 November 30, 2012
perl vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
Perl programs could be made to crash or run programs if they receive specially crafted network traffic or other input.
Software Description: - perl: Larry Wall's Practical Extraction and Report Language
Details:
It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. (CVE-2011-2939)
It was discovered that the 'new' constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. (CVE-2011-3597)
It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code. (CVE-2012-5195)
Ryo Anazawa discovered that the CGI.pm module does not properly escape newlines in Set-Cookie or P3P (Platform for Privacy Preferences Project) headers. An attacker could use this to inject arbitrary headers into responses from applications that use CGI.pm. (CVE-2012-5526)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: perl 5.14.2-13ubuntu0.1
Ubuntu 12.04 LTS: perl 5.14.2-6ubuntu2.2
Ubuntu 11.10: perl 5.12.4-4ubuntu0.1
Ubuntu 10.04 LTS: perl 5.10.1-8ubuntu2.2
Ubuntu 8.04 LTS: perl 5.8.8-12ubuntu0.7
Perl programs need to be restarted after a standard system update to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1643-1 CVE-2011-2939, CVE-2011-3597, CVE-2012-5195, CVE-2012-5526
Package Information: https://launchpad.net/ubuntu/+source/perl/5.14.2-13ubuntu0.1 https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.2 https://launchpad.net/ubuntu/+source/perl/5.12.4-4ubuntu0.1 https://launchpad.net/ubuntu/+source/perl/5.10.1-8ubuntu2.2 https://launchpad.net/ubuntu/+source/perl/5.8.8-12ubuntu0.7
--azLHFNyN32YCQGCU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBAgAGBQJQuEW2AAoJEPMhclmdjS6XNR8H/36Dfy0qvRz/GuXiqd9Yvcgb apRG64HyEuT9/GNcuEDvo+p1uHBXzbz6/ADrgMujSRM+OHXMMPrnJH57kH4nIqHz ggkljgMq2oIeOtvbiIn/EjP7jIfaDmfiZ/h/iV4DDJrAKbC7CSroaFTR9OGvMEYx hPPmn/VZpb6LXhm8lot1p0d6u5SMECtydV6tu+BHUDDCVbxo2rx08mOUv+Eyq3BV l9WV13KoN+HPIOUEJFLus4Hgt1y6y6Rphzwo0XWeXPoAkq67KjpWQYpSCuIhvaYO i+WPeEXUgcQBkDbQWSs8AXePlZEn5H4aM/G5y0JZd6aRdzB+5vzeI+oC+F2xMKw= =0z4z -----END PGP SIGNATURE-----
--azLHFNyN32YCQGCU--
--===============2910599072812161963== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2910599072812161963==--
|
|
|
|