Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in perl
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in perl
ID: MDKSA-2005:031
Distribution: Mandrake
Plattformen: Mandrake Corporate Server 2.1, Mandrake 9.2, Mandrake 10.0, Mandrake 10.1, Mandrake Corporate Server 3.0
Datum: Mi, 9. Februar 2005, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0156
Applikationen: Perl

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: perl
Advisory ID: MDKSA-2005:031
Date: February 8th, 2005

Affected versions: 10.0, 10.1, 9.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________

Problem Description:

Jeroen van Wolffelaar discovered that the rmtree() function in the perl
File::Path module would remove directories in an insecure manner which
could lead to the removal of arbitrary files and directories via a
symlink attack (CAN-2004-0452).

Trustix developers discovered several insecure uses of temporary files
in many modules which could allow a local attacker to overwrite files
via symlink attacks (CAN-2004-0976).

"KF" discovered two vulnerabilities involving setuid-enabled perl
scripts. By setting the PERLIO_DEBUG environment variable and calling
an arbitrary setuid-root perl script, an attacker could overwrite
arbitrary files with perl debug messages (CAN-2005-0155). As well,
calling a setuid-root perl script with a very long path would cause a
buffer overflow if PERLIO_DEBUG was set, which could be exploited to
execute arbitrary files with root privileges (CAN-2005-0156).

The provided packages have been patched to resolve these problems.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
03ef7fbe398819df299c12b60037452e 10.0/RPMS/perl-5.8.3-5.3.100mdk.i586.rpm
8c660b1461a18ea5d4115ce97d919400
10.0/RPMS/perl-base-5.8.3-5.3.100mdk.i586.rpm
4cea2d8402078460a305a2d5b35ded3f
10.0/RPMS/perl-devel-5.8.3-5.3.100mdk.i586.rpm
521c1c2a42672a5d8f59dd372a274427 10.0/RPMS/perl-doc-5.8.3-5.3.100mdk.i586.rpm
68a64ab9524c8494b9cafe243ca4207a 10.0/SRPMS/perl-5.8.3-5.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
6ef2826a08789b5a5818a87d5964a1a2
amd64/10.0/RPMS/perl-5.8.3-5.3.100mdk.amd64.rpm
c473bbbfec6d07ef351c5d2e755d873f
amd64/10.0/RPMS/perl-base-5.8.3-5.3.100mdk.amd64.rpm
736ec557782c41dd5e43a2ff31d0cc3e
amd64/10.0/RPMS/perl-devel-5.8.3-5.3.100mdk.amd64.rpm
a9ed51fa1e678f7481c74fc65c886f44
amd64/10.0/RPMS/perl-doc-5.8.3-5.3.100mdk.amd64.rpm
68a64ab9524c8494b9cafe243ca4207a
amd64/10.0/SRPMS/perl-5.8.3-5.3.100mdk.src.rpm

Mandrakelinux 10.1:
dc0072b42ada389f8d948435fb44337b 10.1/RPMS/perl-5.8.5-3.3.101mdk.i586.rpm
1e0c9f3256ff487d95011253abcac637
10.1/RPMS/perl-base-5.8.5-3.3.101mdk.i586.rpm
ff2ff682b097c8ce91d989858cfe87fc
10.1/RPMS/perl-devel-5.8.5-3.3.101mdk.i586.rpm
d2a4f038e99b1742b5e427eb508735c6 10.1/RPMS/perl-doc-5.8.5-3.3.101mdk.i586.rpm
6421bbaac9c9260c34f1503699a9c06d 10.1/SRPMS/perl-5.8.5-3.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
48e3ca61e5cdb1fdb6ab167368de39dd
x86_64/10.1/RPMS/perl-5.8.5-3.3.101mdk.x86_64.rpm
f105736fca96d67e29fedbed60e493d5
x86_64/10.1/RPMS/perl-base-5.8.5-3.3.101mdk.x86_64.rpm
a4d842d0548a9cd8b37ac95bdc3cf76f
x86_64/10.1/RPMS/perl-devel-5.8.5-3.3.101mdk.x86_64.rpm
c994694b34389bbd2f8f31a5a0912abd
x86_64/10.1/RPMS/perl-doc-5.8.5-3.3.101mdk.x86_64.rpm
6421bbaac9c9260c34f1503699a9c06d
x86_64/10.1/SRPMS/perl-5.8.5-3.3.101mdk.src.rpm

Corporate Server 2.1:
80ab375d58e13144188efb18d823be02
corporate/2.1/RPMS/perl-5.8.0-14.4.C21mdk.i586.rpm
1669ef10de0c263de5bcb1a6291b80e6
corporate/2.1/RPMS/perl-base-5.8.0-14.4.C21mdk.i586.rpm
b670e055bce7ec7c3cf9fed4c0a1b0bb
corporate/2.1/RPMS/perl-devel-5.8.0-14.4.C21mdk.i586.rpm
c6d3731abbbab36836a10098eec45632
corporate/2.1/RPMS/perl-doc-5.8.0-14.4.C21mdk.i586.rpm
7320d6f6b55b6072b84adce5e8c24564
corporate/2.1/SRPMS/perl-5.8.0-14.4.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
79543c5e27e4fad31b70c3b1f9f78c3e
x86_64/corporate/2.1/RPMS/perl-5.8.0-14.4.C21mdk.x86_64.rpm
df4d687f5974bc8aec71943f916b55e4
x86_64/corporate/2.1/RPMS/perl-base-5.8.0-14.4.C21mdk.x86_64.rpm
6e235994ebfd3d140b0a98a6ced85600
x86_64/corporate/2.1/RPMS/perl-devel-5.8.0-14.4.C21mdk.x86_64.rpm
c3e96a04b20424b4034c38e871110c43
x86_64/corporate/2.1/RPMS/perl-doc-5.8.0-14.4.C21mdk.x86_64.rpm
7320d6f6b55b6072b84adce5e8c24564
x86_64/corporate/2.1/SRPMS/perl-5.8.0-14.4.C21mdk.src.rpm

Corporate 3.0:
3ec85cecac7c9311d84808c4d606fad5
corporate/3.0/RPMS/perl-5.8.3-5.3.C30mdk.i586.rpm
eeb15059224b10ea1e38e7c295238ba2
corporate/3.0/RPMS/perl-base-5.8.3-5.3.C30mdk.i586.rpm
2725bd3ff3a4879e92e2a837d31d371f
corporate/3.0/RPMS/perl-devel-5.8.3-5.3.C30mdk.i586.rpm
83800acb6dff62a0283a4f4a63748769
corporate/3.0/RPMS/perl-doc-5.8.3-5.3.C30mdk.i586.rpm
76f2ba5789d07ada7629f3fb4555214c
corporate/3.0/SRPMS/perl-5.8.3-5.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
6f9cbbbecbd93e0a69f90b87911b975c
x86_64/corporate/3.0/RPMS/perl-5.8.3-5.3.C30mdk.x86_64.rpm
db36c037cd22e733423ee210dae671fe
x86_64/corporate/3.0/RPMS/perl-base-5.8.3-5.3.C30mdk.x86_64.rpm
abb4772f920cc0d2776dfda4e61f7f37
x86_64/corporate/3.0/RPMS/perl-devel-5.8.3-5.3.C30mdk.x86_64.rpm
7e2303ef39f8a35616cd3ee646faf224
x86_64/corporate/3.0/RPMS/perl-doc-5.8.3-5.3.C30mdk.x86_64.rpm
76f2ba5789d07ada7629f3fb4555214c
x86_64/corporate/3.0/SRPMS/perl-5.8.3-5.3.C30mdk.src.rpm

Mandrakelinux 9.2:
e20db560fd730715e15dfa8b86bdf64e 9.2/RPMS/perl-5.8.1-0.RC4.3.3.92mdk.i586.rpm
8b35db60de2b45267e2e7d6b5c91e9c5
9.2/RPMS/perl-base-5.8.1-0.RC4.3.3.92mdk.i586.rpm
938d58ea9c9a14b4562da53f65e6b98d
9.2/RPMS/perl-devel-5.8.1-0.RC4.3.3.92mdk.i586.rpm
826927185050c8390c260ea68e7c9b28
9.2/RPMS/perl-doc-5.8.1-0.RC4.3.3.92mdk.i586.rpm
42336c6aa22474e11e49da1334c01415 9.2/SRPMS/perl-5.8.1-0.RC4.3.3.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
7b90163d3bc050172ef2b962367944f7
amd64/9.2/RPMS/perl-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
3c9e8c95c1d3637111f88924798acfb1
amd64/9.2/RPMS/perl-base-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
28644f1effa1ecd3d4e8dcbc28d56e38
amd64/9.2/RPMS/perl-devel-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
89b774253bad6f9513685eab214680aa
amd64/9.2/RPMS/perl-doc-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
42336c6aa22474e11e49da1334c01415
amd64/9.2/SRPMS/perl-5.8.1-0.RC4.3.3.92mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCCU39mqjQ0CJFipgRAvtbAJ4uFC7w+tZkJWt64S1mQ1dg3SpC6wCg8ff3
hUKmRIv57Eq+S1qE0y6zWyM=
=nw1w
-----END PGP SIGNATURE-----


____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung