Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in Perl
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in Perl
ID: MDVSA-2011:091
Distribution: Mandriva
Plattformen: Mandriva 2009.0, Mandriva Enterprise Server 5.0, Mandriva 2010.1
Datum: Mi, 18. Mai 2011, 14:39
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1487
Applikationen: Perl

Originalnachricht

This is a multi-part message in MIME format...

------------=_1305721088-2533-45

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:091
http://www.mandriva.com/security/
_______________________________________________________________________

Package : perl
Date : May 18, 2011
Affected: 2009.0, 2010.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in perl:

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl
5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11,
do not apply the taint attribute to the return value upon processing
tainted input, which might allow context-dependent attackers to bypass
the taint protection mechanism via a crafted string (CVE-2011-1487).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1487
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
2a65372592d0aa2c0cef14fa13ba5077
2009.0/i586/perl-5.10.0-25.3mdv2009.0.i586.rpm
6f58332a55ba293deadfbb80827f3df2
2009.0/i586/perl-base-5.10.0-25.3mdv2009.0.i586.rpm
9b84814dc9335dfcb0dc3ad402ba289c
2009.0/i586/perl-devel-5.10.0-25.3mdv2009.0.i586.rpm
15809dc26b65fb45bd2990890da238c8
2009.0/i586/perl-doc-5.10.0-25.3mdv2009.0.i586.rpm
7ddd98eb40b0fc7665b6c9ac031726c4
2009.0/i586/perl-suid-5.10.0-25.3mdv2009.0.i586.rpm
1f77907edc97bdcf531167624d550f28
2009.0/SRPMS/perl-5.10.0-25.3mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
d2967b835c46d4a50799f687e63537c2
2009.0/x86_64/perl-5.10.0-25.3mdv2009.0.x86_64.rpm
21fb8ac662f6f9cc95e144799c3eeea7
2009.0/x86_64/perl-base-5.10.0-25.3mdv2009.0.x86_64.rpm
0307aa3f955e16707bff7eaec5ca57a5
2009.0/x86_64/perl-devel-5.10.0-25.3mdv2009.0.x86_64.rpm
958e3ebf4bb38459ff3d21d38119df68
2009.0/x86_64/perl-doc-5.10.0-25.3mdv2009.0.x86_64.rpm
a14c1467114914387ceddf49093f6bc5
2009.0/x86_64/perl-suid-5.10.0-25.3mdv2009.0.x86_64.rpm
1f77907edc97bdcf531167624d550f28
2009.0/SRPMS/perl-5.10.0-25.3mdv2009.0.src.rpm

Mandriva Linux 2010.1:
6a0a7a6bda22faddbaddb2c66c1b11be
2010.1/i586/perl-5.10.1-10.1mdv2010.2.i586.rpm
e798818652a1441aaad1f0add4af3fc2
2010.1/i586/perl-base-5.10.1-10.1mdv2010.2.i586.rpm
e05a85dacf0addcc34a80f785778ffe7
2010.1/i586/perl-devel-5.10.1-10.1mdv2010.2.i586.rpm
881b5bfbc78edeef78d3e69783c9583b
2010.1/i586/perl-doc-5.10.1-10.1mdv2010.2.i586.rpm
c96eb3207cb689bdf7bdd25d91198c00
2010.1/i586/perl-suid-5.10.1-10.1mdv2010.2.i586.rpm
7f53e901f0d6a3298da34c4886b3002a
2010.1/SRPMS/perl-5.10.1-10.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
c532e3e57436bb60698a64e7cd0f0865
2010.1/x86_64/perl-5.10.1-10.1mdv2010.2.x86_64.rpm
9ee737d8a025526d9148b45459e5366c
2010.1/x86_64/perl-base-5.10.1-10.1mdv2010.2.x86_64.rpm
523c62e21eba8794b02e1de16e9ea7ef
2010.1/x86_64/perl-devel-5.10.1-10.1mdv2010.2.x86_64.rpm
e8bc7352e949fe1633f49243838a91e6
2010.1/x86_64/perl-doc-5.10.1-10.1mdv2010.2.x86_64.rpm
74ffa4ed9f3830c2a1994e0c7ccbb462
2010.1/x86_64/perl-suid-5.10.1-10.1mdv2010.2.x86_64.rpm
7f53e901f0d6a3298da34c4886b3002a
2010.1/SRPMS/perl-5.10.1-10.1mdv2010.2.src.rpm

Mandriva Enterprise Server 5:
184b241715dfb45ab0462b4c162a7f80 mes5/i586/perl-5.10.0-25.3mdvmes5.2.i586.rpm
3a1b3fcdc01c9e057ad9e188948d7e4e
mes5/i586/perl-base-5.10.0-25.3mdvmes5.2.i586.rpm
a6560d89ae718928aecbb8084dfc37d6
mes5/i586/perl-devel-5.10.0-25.3mdvmes5.2.i586.rpm
beff68da2c44504c13eaa935f1febd94
mes5/i586/perl-doc-5.10.0-25.3mdvmes5.2.i586.rpm
25fa94fb16affee8234d0b393318238c
mes5/i586/perl-suid-5.10.0-25.3mdvmes5.2.i586.rpm
b7595e3b4c5c860bd6cde2d9148e36a7 mes5/SRPMS/perl-5.10.0-25.3mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
9cb402b02a1535c0d6fb84d32189a325
mes5/x86_64/perl-5.10.0-25.3mdvmes5.2.x86_64.rpm
f57820d42b7c7b6371cb8d7d45f83e11
mes5/x86_64/perl-base-5.10.0-25.3mdvmes5.2.x86_64.rpm
1711e6bcdcea29f57481f20dd1f8e185
mes5/x86_64/perl-devel-5.10.0-25.3mdvmes5.2.x86_64.rpm
d7ecd8441d5c9ed909c7ad8e084469b3
mes5/x86_64/perl-doc-5.10.0-25.3mdvmes5.2.x86_64.rpm
4549c6ee80c14e38a1a85fff5a262ec4
mes5/x86_64/perl-suid-5.10.0-25.3mdvmes5.2.x86_64.rpm
b7595e3b4c5c860bd6cde2d9148e36a7 mes5/SRPMS/perl-5.10.0-25.3mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFN04kBmqjQ0CJFipgRAhhmAKCJ6p7gXv/dw58YZnh3ApL+EthUJQCgr/sz
/InIkPKUNVJBsEI7nWnLx3w=
=9jqJ
-----END PGP SIGNATURE-----


------------=_1305721088-2533-45
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1305721088-2533-45--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung