Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in perl
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in perl
ID: MDVSA-2008:165
Distribution: Mandriva
Plattformen: Mandriva 2008.1
Datum: Mo, 11. August 2008, 21:25
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2827
Applikationen: Perl

Originalnachricht

This is a multi-part message in MIME format...

------------=_1218482735-11275-8097


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:165
http://www.mandriva.com/security/
_______________________________________________________________________

Package : perl
Date : August 11, 2008
Affected: 2008.1
_______________________________________________________________________

Problem Description:

The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly
check permissions before performing a chmod, which allows local users
to modify the permissions of arbitrary files via a symlink attack.

The updated packages have been patched to fix this.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2827
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
a94542e9e9504a4d11be4acb0977cbca
2008.1/i586/perl-5.10.0-13.1mdv2008.1.i586.rpm
95515e6c74da5d6b28e954d68a3c06f2
2008.1/i586/perl-base-5.10.0-13.1mdv2008.1.i586.rpm
b39451214d71c3cc151ce1c2c2e6969c
2008.1/i586/perl-devel-5.10.0-13.1mdv2008.1.i586.rpm
0ed618fc4dda3f804bd051af35d1073e
2008.1/i586/perl-doc-5.10.0-13.1mdv2008.1.i586.rpm
5c8292c188b1cfbd9509013060a8832e
2008.1/i586/perl-suid-5.10.0-13.1mdv2008.1.i586.rpm
894e08eab70f76a470e5faaccd35c684
2008.1/SRPMS/perl-5.10.0-13.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
9cbac47b99f5619c99c0bf127036728f
2008.1/x86_64/perl-5.10.0-13.1mdv2008.1.x86_64.rpm
28affc527b9b3fa016a15a8b334c12ad
2008.1/x86_64/perl-base-5.10.0-13.1mdv2008.1.x86_64.rpm
8a1015ddbf192d5d288c27eb887c2ea0
2008.1/x86_64/perl-devel-5.10.0-13.1mdv2008.1.x86_64.rpm
9e42182860712bed39366687feaebfa7
2008.1/x86_64/perl-doc-5.10.0-13.1mdv2008.1.x86_64.rpm
89f28b330583f90b4655f77e9740cc88
2008.1/x86_64/perl-suid-5.10.0-13.1mdv2008.1.x86_64.rpm
894e08eab70f76a470e5faaccd35c684
2008.1/SRPMS/perl-5.10.0-13.1mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIoGdPmqjQ0CJFipgRAp4mAJoCpHxauxYDW1nbfmVX8a2JUl21vgCg5k8H
HGMbkEpJ/3sCupxLk6GCiBg=
=2DHh
-----END PGP SIGNATURE-----


------------=_1218482735-11275-8097
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1218482735-11275-8097--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung