Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in perl (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in perl (Aktualisierung)
ID: DSA-1678-2
Distribution: Debian
Plattformen: Debian etch
Datum: So, 21. Dezember 2008, 11:09
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5303
Applikationen: Perl
Update von: Ausführen beliebiger Kommandos in perl

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1678-2 security@debian.org
http://www.debian.org/security/ Florian Weimer
December 21, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : perl
Vulnerability : design flaws
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-5302 CVE-2008-5303
Debian Bug : 286905 286922 479317

The perl update in DSA-1678-1 contains a regression which is triggered
by some Perl scripts which have changed into the directory tree
removed by File::Path::rmtree. In particular, this happens if
File::Temp::tempdir is used. This new update corrects this
regression.

For the stable distribution (etch), this problem has been fixed in
version 5.8.8-7etch6.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your perl packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6.diff.gz
Size/MD5 checksum: 104841 38685bce67f7761753883e8e6073f5b7
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6.dsc
Size/MD5 checksum: 742 f9545587e032939494a6a9b22abd112c
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz
Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7

Architecture independent packages:

perl-doc_5.8.8-7etch6_all.deb
Size/MD5 checksum: 7377460 cf3c6b08cfa947eb989e5a376790c4c3
libcgi-fast-perl_5.8.8-7etch6_all.deb
Size/MD5 checksum: 41276 f9e491829ef0ea295d2c5b88e48c895d
perl-modules_5.8.8-7etch6_all.deb
Size/MD5 checksum: 2328214 6d995effacda8ecc2a935dc4527ed342

alpha architecture (DEC Alpha)

perl_5.8.8-7etch6_alpha.deb
Size/MD5 checksum: 4150250 3c575d6d8e1b101066a89e1482f081cf
libperl-dev_5.8.8-7etch6_alpha.deb
Size/MD5 checksum: 821806 8d3bd143f7b3d6243b42277c5c63a93f
perl-base_5.8.8-7etch6_alpha.deb
Size/MD5 checksum: 880284 5636ce04377a056db7d369b7b8770428
perl-debug_5.8.8-7etch6_alpha.deb
Size/MD5 checksum: 2928840 4d5717f310740a654eab999bc4993e5a
libperl5.8_5.8.8-7etch6_alpha.deb
Size/MD5 checksum: 1010 9ccd001ddccacbf99510508937c9ca47
perl-suid_5.8.8-7etch6_alpha.deb
Size/MD5 checksum: 36236 db6be7a7cf887edfefcb7c2c50b0a3db

amd64 architecture (AMD x86_64 (AMD64))

libperl5.8_5.8.8-7etch6_amd64.deb
Size/MD5 checksum: 1014 6222c5da15781a0191a162ee74e0f9a2
perl-base_5.8.8-7etch6_amd64.deb
Size/MD5 checksum: 806670 c654435b6632fb800929870df3f0daf8
perl-suid_5.8.8-7etch6_amd64.deb
Size/MD5 checksum: 32780 bcc928299ffd2e4d97ee2d9d7fdb1512
perl_5.8.8-7etch6_amd64.deb
Size/MD5 checksum: 4249060 a10ee694a5d164b8ef12d0f566e4f02d
libperl-dev_5.8.8-7etch6_amd64.deb
Size/MD5 checksum: 630778 f318294099b5c0ae4469073988731f7f
perl-debug_5.8.8-7etch6_amd64.deb
Size/MD5 checksum: 2735120 21c2ed7bba2de01983156e720c4eea14

arm architecture (ARM)

perl-suid_5.8.8-7etch6_arm.deb
Size/MD5 checksum: 30346 1f51b45f45fd8a1bbc4732812c348b3a
perl-base_5.8.8-7etch6_arm.deb
Size/MD5 checksum: 760238 a230824f93118e65af853c9a8448aeb5
libperl-dev_5.8.8-7etch6_arm.deb
Size/MD5 checksum: 562086 e7fc6a0323bc5898dd09ff7a9c937ac1
libperl5.8_5.8.8-7etch6_arm.deb
Size/MD5 checksum: 1010 9a67f67e98a45b6e02fe09aa50518794
perl-debug_5.8.8-7etch6_arm.deb
Size/MD5 checksum: 2548186 91c5ccb36e82705931c07d8a14d95490
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6_arm.deb
Size/MD5 checksum: 3410336 77df1024bf9e02b0cdce65423bc84eeb

i386 architecture (Intel ia32)

perl-debug_5.8.8-7etch6_i386.deb
Size/MD5 checksum: 2492644 ebb57292ae6986f812c2233511565fb3
libperl-dev_5.8.8-7etch6_i386.deb
Size/MD5 checksum: 585446 bedf9d40486ebab6ef251101ed0d2402
perl-base_5.8.8-7etch6_i386.deb
Size/MD5 checksum: 762766 f667327e7cd4044ee6fb3c900b75a181
libperl5.8_5.8.8-7etch6_i386.deb
Size/MD5 checksum: 527166 8770a7e8302aaa2ef7c99b8339a1579e
perl-suid_5.8.8-7etch6_i386.deb
Size/MD5 checksum: 32104 53085baadd6fa2a16f5ca27dbcae5b72
perl_5.8.8-7etch6_i386.deb
Size/MD5 checksum: 3599182 6c141bd9447670a86b0691adafb51596

ia64 architecture (Intel ia64)

perl-base_5.8.8-7etch6_ia64.deb
Size/MD5 checksum: 1154160 b640fe2f395f9161560fd9dd52532f85
libperl5.8_5.8.8-7etch6_ia64.deb
Size/MD5 checksum: 1006 62ffe7a5b8823f925b2537941fe48ae1
perl-suid_5.8.8-7etch6_ia64.deb
Size/MD5 checksum: 51272 b93cfd432ead7fb85cab0acbe53c2994
libperl-dev_5.8.8-7etch6_ia64.deb
Size/MD5 checksum: 978108 7e50dafffed7382b35042ad86032b7a4
perl_5.8.8-7etch6_ia64.deb
Size/MD5 checksum: 4336650 fe46d1d4fa0b18770631f9d2a544d072
perl-debug_5.8.8-7etch6_ia64.deb
Size/MD5 checksum: 3364466 15f332c898209c5c5cb8d864762cf445

mips architecture (MIPS (Big Endian))

perl-base_5.8.8-7etch6_mips.deb
Size/MD5 checksum: 786168 5da358d316af22485a29c364afee453c
libperl5.8_5.8.8-7etch6_mips.deb
Size/MD5 checksum: 1008 0c27fb854eabf1e73840bf2cc07b8b3c
libperl-dev_5.8.8-7etch6_mips.deb
Size/MD5 checksum: 694016 78af4921744de0e03ba173d79d7f7d39
perl-suid_5.8.8-7etch6_mips.deb
Size/MD5 checksum: 32220 fcd144768fee4a14664a962d0d1e4a55
perl_5.8.8-7etch6_mips.deb
Size/MD5 checksum: 3679064 cdd8810ba2b3e8c293df4acc06510fb7
perl-debug_5.8.8-7etch6_mips.deb
Size/MD5 checksum: 2782124 a16a21e716647c74c24224b9752d56c2

mipsel architecture (MIPS (Little Endian))

perl-suid_5.8.8-7etch6_mipsel.deb
Size/MD5 checksum: 32326 55417bfc7195b2907c76a170ded4fb91
perl-debug_5.8.8-7etch6_mipsel.deb
Size/MD5 checksum: 2730626 7d13f3931edcdd3b22ff6e851de332d5
perl_5.8.8-7etch6_mipsel.deb
Size/MD5 checksum: 3413592 f087bc2dcefcd3069ac7db96b84af4ab
perl-base_5.8.8-7etch6_mipsel.deb
Size/MD5 checksum: 784946 a5b574a6e9e1bf919ab88bd1b5beb964
libperl-dev_5.8.8-7etch6_mipsel.deb
Size/MD5 checksum: 687508 90078c3c9692c6e50c5a5cb0fe25ece2
libperl5.8_5.8.8-7etch6_mipsel.deb
Size/MD5 checksum: 1016 10942b8d2f2c5441d0dd7d65afc83151

powerpc architecture (PowerPC)

perl-base_5.8.8-7etch6_powerpc.deb
Size/MD5 checksum: 811106 367dec1df2404742380c2c06e0809a20
perl-debug_5.8.8-7etch6_powerpc.deb
Size/MD5 checksum: 2710134 50f1c3ecb9f1023935f153c1d605aa41
libperl5.8_5.8.8-7etch6_powerpc.deb
Size/MD5 checksum: 1014 16877860b93d044bf7f914a857737fc0
perl_5.8.8-7etch6_powerpc.deb
Size/MD5 checksum: 3825218 b4f50f6735fc446fb22665cff53cd064
libperl-dev_5.8.8-7etch6_powerpc.deb
Size/MD5 checksum: 653450 92671c8bcd39e6f4a84b2a01401ef408
perl-suid_5.8.8-7etch6_powerpc.deb
Size/MD5 checksum: 32904 adb2e70ca2b2f0cc809bcc2903036bdf

s390 architecture (IBM S/390)

perl_5.8.8-7etch6_s390.deb
Size/MD5 checksum: 4100084 14bc00f090ce3dc1ba7bfacfa5b88218
perl-suid_5.8.8-7etch6_s390.deb
Size/MD5 checksum: 33094 fb66e60a4fa21a647bc053920a842d5b
libperl-dev_5.8.8-7etch6_s390.deb
Size/MD5 checksum: 633600 9df5a899f601a14ce3b0496df2bc116d
perl-base_5.8.8-7etch6_s390.deb
Size/MD5 checksum: 823704 1b3f1afaef5fc0c5fb36048d82c1c3d6
perl-debug_5.8.8-7etch6_s390.deb
Size/MD5 checksum: 2796566 83e073cf9d1f2a22f366483d250a95c0
libperl5.8_5.8.8-7etch6_s390.deb
Size/MD5 checksum: 1008 f983117eb556d27b343d6a64d5774cfd

sparc architecture (Sun SPARC/UltraSPARC)

libperl-dev_5.8.8-7etch6_sparc.deb
Size/MD5 checksum: 594470 8bfdaa1611e2ce31f21dcb83714eed1f
perl-suid_5.8.8-7etch6_sparc.deb
Size/MD5 checksum: 31058 12713b89c5b12616fe4344c6e725b8a5
perl-debug_5.8.8-7etch6_sparc.deb
Size/MD5 checksum: 2565978 b062a3274b40bf1524a9d02315c711cd
perl-base_5.8.8-7etch6_sparc.deb
Size/MD5 checksum: 782402 5c2d4e8b4eb521aecac7c496591c1e7a
libperl5.8_5.8.8-7etch6_sparc.deb
Size/MD5 checksum: 1010 0fde672bbaad262571d8646364b3c10a
perl_5.8.8-7etch6_sparc.deb
Size/MD5 checksum: 3813262 f1095b35b28e4d2eb80cba8b978d8119


These files will probably be moved into the stable distribution on
its next update.

-
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJThLvAAoJEL97/wQC1SS+WSYIAI0vvTnjN/DDAhxatTQhcqft
M4KlTjE5xLF1qtLH+9XWmCf9nPGQyOfrZk8lRyAVG3xyI4shuMrRIrZlgW70Z9rk
C5p0ApU81yIWEMXQI/OIawbx0gXqg5O26KMQHWYNOflXfg7P/S3PrlVRgtJeG3ED
QptsDATvJaIFOBN/QGENr0vpJ70kxlO8xB/YqiRXecBVDBywL4xK6mDg11q3ZEt5
2v+hn4by0mhd29xQz2rq0tG2K+xWidQd6UsbvekhAVBhzonH2fPgZX5YaqxT5m6i
hAtwMXAnPIJXK1FWzEK0kdWuULkcNdXF5rKZnYgILF7opiXbzylPKwQmbK8biUA=
=ttG8
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung