drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Perl
Name: |
Mehrere Probleme in Perl |
|
ID: |
USN-222-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 4.10, Ubuntu 5.04, Ubuntu 5.10 |
|
Datum: |
Fr, 2. Dezember 2005, 14:38 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962 |
|
Applikationen: |
Perl |
|
Originalnachricht |
--===============1407714973== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="KDt/GgjP6HVcx58l" Content-Disposition: inline
--KDt/GgjP6HVcx58l Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-222-1 December 02, 2005 perl vulnerability CVE-2005-3962 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
perl-base
The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.5 (for Ubuntu 4.10), 5.8.4-6ubuntu1.1 (for Ubuntu 5.04), or 5.8.7-5ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program.
However, this attack was only possible in insecure Perl programs which use variables with user-defined values in string interpolations without checking their validity.
Updated packages for Ubuntu 4.10:
Source archives:
perl_5.8.4-2ubuntu0.5.diff.gz Size/MD5: 60449 138a02883a2dbe7a64ab04afdd66e9d9 perl_5.8.4-2ubuntu0.5.dsc Size/MD5: 727 703d3ffd2a87bde7c541c6e8e837aadb http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent packages:
libcgi-fast-perl_5.8.4-2ubuntu0.5_all.deb Size/MD5: 37058 bd3315452eecd9d428dabe16e53f2ded perl-doc_5.8.4-2ubuntu0.5_all.deb Size/MD5: 7049780 5786917c60337ce874fe75bd3356ca12 perl-modules_5.8.4-2ubuntu0.5_all.deb Size/MD5: 2181250 7c97e5758dfff350f684ba84aab0a2dc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libperl-dev_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 605446 b75c1a5bf7e1663f74c99fe3b42ceab7 libperl5.8_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 1030 010890e33535d7a9b5f3c29fb18c2278 perl-base_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 787320 7028286655aa8f1583cbc33de1769810 perl-debug_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 3819880 c0234ca782a1821ceb46a6e3f31c5040 perl-suid_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 32838 298ae33f6e488bb5676358862672bf7d perl_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 3834290 ea9cb2fe0d5da2cf9f41280d82af236f
i386 architecture (x86 compatible Intel/AMD)
libperl-dev_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 546916 c1696ad6b6cc8b135ef8b9b3c4d641dc libperl5.8_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 494116 6969f99be7a08e72397f88141cf792fa perl-base_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 727682 8df403b46255458380f8f1cc470695cf perl-debug_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 3631196 8b2c590421d6fb1990c10cbbd082127e perl-suid_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 30812 e59daea11508610cce6fbfe1d1d27352 perl_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 3229772 b29f36a2a1d486b13b021785ae7416e4
powerpc architecture (Apple Macintosh G3/G4/G5)
libperl-dev_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 561030 3d81dd76a5b743776b4c8b9596199075 libperl5.8_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 1036 febc4be8e86ba57988038b2245098602 perl-base_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 718498 5e1d9871793e853806968c95d065da8c perl-debug_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 3817110 71b313d4d4e8fbaf159c570ca8a67ccc perl-suid_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 30564 869d07e824d69d9eb729ffac2ee3e307 perl_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 3477134 5bc641ebc225d4df2d758a27bc4b076d
Updated packages for Ubuntu 5.04:
Source archives:
perl_5.8.4-6ubuntu1.1.diff.gz Size/MD5: 85222 f860ad98b388fe9b8bb86cc7e35345c7 perl_5.8.4-6ubuntu1.1.dsc Size/MD5: 744 a7ed7714ee125e9ef47ad3815ef631d9 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent packages:
libcgi-fast-perl_5.8.4-6ubuntu1.1_all.deb Size/MD5: 37848 e127ed7dfc844352edc5decfce571304 perl-doc_5.8.4-6ubuntu1.1_all.deb Size/MD5: 7050018 04f464518415aba917f23fb92aa2c692 perl-modules_5.8.4-6ubuntu1.1_all.deb Size/MD5: 2178096 dd899c9f55a68afd7b9fbfd20be24e6d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libperl-dev_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 605492 e7ced10f4d56325865215644ca3cf206 libperl5.8_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 1032 0de0991b480a41be576e0eb314cf9076 perl-base_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 791098 48622e7501239e1bf514a478958e641f perl-debug_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 3825826 86680f4b3ec293e8ff7d6766aa8e34fc perl-suid_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 32840 9087597015a77995be3fae92dc8875dd perl_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 3833986 0e950b7f25c2c2d133cdc5deeed083bc
i386 architecture (x86 compatible Intel/AMD)
libperl-dev_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 547172 be2b0d1b086af1fe4de25456d8db0a32 libperl5.8_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 494206 a23e58dc0ed626af909d7b5d6992665c perl-base_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 731022 5cbdd58be91bec1b8bda5b9e0ce5041c perl-debug_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 3630452 340473c47f02b82e3ab58ebce8a2cb4c perl-suid_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 30464 5c493e827dcd495f0a74be1cb7d76d26 perl_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 3230234 6dfd8e1ffc89ab95f380093ae676829a
powerpc architecture (Apple Macintosh G3/G4/G5)
libperl-dev_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 625218 71310d2d768fe03cf6a9a23a4d43298a libperl5.8_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 1044 45d4349e536701ce7ed8032056da3ba0 perl-base_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 789578 1ff2f2abd2469dc46cb7cbda0d9be51d perl-debug_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 3588104 2fbb1cb36d1f38af8a165397bbe08695 perl-suid_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 33578 9b2011b06bf9837f88d24cbc4051067c perl_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 3509086 5029a74793ea9a46ddf8053a94193d21
Updated packages for Ubuntu 5.10:
Source archives:
perl_5.8.7-5ubuntu1.1.diff.gz Size/MD5: 134597 d5eb14b2a7b72b5fef014284cb989404 perl_5.8.7-5ubuntu1.1.dsc Size/MD5: 724 cc3cd8ed85ab22c3dc5bcc28e4dfa166 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz Size/MD5: 12512211 dacefa1fe3c5b6d7bbc334ad94826131
Architecture independent packages:
libcgi-fast-perl_5.8.7-5ubuntu1.1_all.deb Size/MD5: 39132 1698e69173383d40dbf7265ea9c31c75 perl-doc_5.8.7-5ubuntu1.1_all.deb Size/MD5: 7206644 da242594035cf2bf1e7f7e73e67c2562 perl-modules_5.8.7-5ubuntu1.1_all.deb Size/MD5: 2325766 7f69e0426eca9092f4e0da8c12be7cb5
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
libperl-dev_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 641136 5f3b2d6818b93ce69f45c2225475f994 libperl5.8_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 1008 909ca536921167aa03a9bcfe17504ecc perl-base_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 819570 323c17484cbcdd2325016faa41954d9d perl-debug_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 2689162 81924c3f4ea92a95efe6ca26a9e93d35 perl-suid_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 31392 7b62c900f9d4226baf46536f33aa43cb perl_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 3974714 ec727b329279874b06c3a1ff4eaf013d
i386 architecture (x86 compatible Intel/AMD)
libperl-dev_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 560106 4a7bfbf041785c53c17549b9fe8b5651 libperl5.8_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 505946 8b87d461dd40e550869ab377449cd07b perl-base_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 737400 49b7d3f90c86c53c75dddaf1c7451b01 perl-debug_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 2453904 932044f5e5b32e7cbe7ebe7ba1787806 perl-suid_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 28828 1824f7c1147d4039b5ad8e0880329fc2 perl_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 3297136 39cdfaba9743158eb0f770e2caec2adc
powerpc architecture (Apple Macintosh G3/G4/G5)
libperl-dev_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 656086 7fbb2c2885063467fb63ceadf83856e0 libperl5.8_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 1008 c463dda6c6b94f4a279d8180924c1fa3 perl-base_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 814770 ba1a2147b2717afdeb6bc6c603748684 perl-debug_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 2646280 c7debfc211977a5587eeb353dcf9ac09 perl-suid_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 31994 635f808e87308177acc302816f65a566 perl_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 3657374 cbe8f520cc8e821b288c06af052822f6
--KDt/GgjP6HVcx58l Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDkErIDecnbV4Fd/IRAr8jAJ9ChMNbIiEYAoKklQdrN5ICCyqMRACfQRJg sJ+A5TtjPyyldjMd/b2+W6I= =LbyI -----END PGP SIGNATURE-----
--KDt/GgjP6HVcx58l--
--===============1407714973== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1407714973==--
|
|
|
|