[Please upgrade Perl on all platforms -- Raju] This is an RFC 1153 digest. (1 message) ----------------------------------------------------------------------
Message-Id: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] (Martin Schulze) To: bugtraq@securityfocus.com Subject: [SECURITY] [DSA 620-1] New perl packages fix several vulnerabilities Date: Thu, 30 Dec 2004 17:50:22 +0100 (CET) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 620-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze December 30th, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : perl Vulnerability : insecure temporary files / directories Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0452 CAN-2004-0976 Several vulnerabilities have been discovered in Perl, the popular scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2004-0452 Jeroen van Wolffelaar discovered that the rmtree() function in the File::Path module removes directory trees in an insecure manner which could lead to the removal of arbitrary files and directories through a symlink attack. CAN-2004-0976 Trustix developers discovered several insecure uses of temporary files in many modules which allow a local attacker to overwrite files via a symlink attack. For the stable distribution (woody) these problems have been fixed in version 5.6.1-8.8. For the unstable distribution (sid) these problems have been fixed in version 5.8.4-5. We recommend that you upgrade your perl packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8.dsc Size/MD5 checksum: 687 bdc819ee60db1a3b36c3dca291f52ace http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8.diff.gz Size/MD5 checksum: 172848 fd37736eb59a9818267ee7d857392ad7 http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz Size/MD5 checksum: 5983695 ec1ff15464809b562aecfaa2e65edba6 Architecture independent components: http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.8_all.deb Size/MD5 checksum: 31398 b3770a464c4829cffc57b6200d7aea5a http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.8_all.deb Size/MD5 checksum: 3885590 67218848fb7f8d1c957c544e65cfec6f http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.8_all.deb Size/MD5 checksum: 1278678 f9096ccecd9a4498710918630f5d1c33 Alpha architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_alpha.deb Size/MD5 checksum: 620330 89d10e31a2d585a5e21f03ced90588ae http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_alpha.deb Size/MD5 checksum: 435780 f3f58d63f33ea7329643f3018557567c http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_alpha.deb Size/MD5 checksum: 1217954 ddc314501497c8fccce05836440725b7 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_alpha.deb Size/MD5 checksum: 209206 47f3505b8f00c927c8418ee7f738a4e4 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_alpha.deb Size/MD5 checksum: 2826662 fcfc45b3c132e3cbe611e938f107dfc4 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_alpha.deb Size/MD5 checksum: 34554 55824148ee93769d5cfa37b38e19ac8a ARM architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_arm.deb Size/MD5 checksum: 516708 6282cf2711efc7fa7e5d64ee3cb1878a http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_arm.deb Size/MD5 checksum: 362942 726aead8125fdf9511da4b9a78b7bbf0 http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_arm.deb Size/MD5 checksum: 1164478 13138bd197201c32b928e4e5c3e0da54 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_arm.deb Size/MD5 checksum: 545864 650daeadb1be2bc86226e1807dc2e57c http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_arm.deb Size/MD5 checksum: 2307242 7e28620ac4894efdb57f9b57a8af0309 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_arm.deb Size/MD5 checksum: 29192 fadf45170059bf5215dd759c32c79c83 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_i386.deb Size/MD5 checksum: 424662 217c74330cb9c12cbd906aec43abe92f http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_i386.deb Size/MD5 checksum: 347978 15e1c64f422e6495fd92e09f02991814 http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_i386.deb Size/MD5 checksum: 1150484 1569e8cbc55a2ec5babdadac0b925b12 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_i386.deb Size/MD5 checksum: 497242 250b97b266658e9b3c98967dd6947c99 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_i386.deb Size/MD5 checksum: 2119362 13ab60aa1701b7fce4b96de9a78e9261 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_i386.deb Size/MD5 checksum: 28422 e5235115cc02003dd3515a0d38f23b42 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_ia64.deb Size/MD5 checksum: 703874 ea071c083351f2e07dc6e22bcc9dd1e8 http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_ia64.deb Size/MD5 checksum: 599450 87da2520a1ff7b157f7414999483ea7f http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_ia64.deb Size/MD5 checksum: 1266726 2378fb694f478f3fe2549e0e792ceccb http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_ia64.deb Size/MD5 checksum: 226952 43de968717f3e066e7e45aca8a0bb2e7 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_ia64.deb Size/MD5 checksum: 3312698 46633fe22b1172ff9308bcf84633ab09 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_ia64.deb Size/MD5 checksum: 44922 cee01e78831eb62247721e2599e28111 HP Precision architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_hppa.deb Size/MD5 checksum: 623320 ffa469711a7cacb5da07c6792b6c1f8a http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_hppa.deb Size/MD5 checksum: 473736 428829e842147dcb2f4ec7dbe796bf44 http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_hppa.deb Size/MD5 checksum: 1211876 c3aa141e650e34c176f4ef33679b28e9 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_hppa.deb Size/MD5 checksum: 209036 fbe5e0e56e8bef503795adb8fb84f7e6 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_hppa.deb Size/MD5 checksum: 2288242 c7332174e8aa431a6af401f56db5b0b0 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_hppa.deb Size/MD5 checksum: 33804 b912570681c8ce55f5231136ec9dd0bc Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_m68k.deb Size/MD5 checksum: 399798 49186a13c85be2507929b0088c80f936 http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_m68k.deb Size/MD5 checksum: 332256 89e19e7d6342f136eb61bad61f18ba25 http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_m68k.deb Size/MD5 checksum: 1149714 0371c82b59198887645e622b72e7773e http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_m68k.deb Size/MD5 checksum: 192800 bc262c2f107d988d01f2225fe4a28045 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_m68k.deb Size/MD5 checksum: 2132060 43e96b020e61cffc3a8424bc4456e6c7 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_m68k.deb Size/MD5 checksum: 27480 e02b54b1d96473086606a0186de84fb9 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_mips.deb Size/MD5 checksum: 522884 ee28c8b9de23b790c88b09d911200c71 http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_mips.deb Size/MD5 checksum: 364942 623317099dcf47d9f965540f85bdf61d http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_mips.deb Size/MD5 checksum: 1159462 2ebd6824e7dca7f318e34c503c892c87 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_mips.deb Size/MD5 checksum: 186418 f34f09eaa7c7cb665a853e67bd8bc5ca http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_mips.deb Size/MD5 checksum: 2408728 004e8b320e65ebaf43c214f17315fd4f http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_mips.deb Size/MD5 checksum: 28782 ef0b0c2d068d59101a0e6a7a52394d9f Little endian MIPS architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_mipsel.deb Size/MD5 checksum: 516638 f5d7aa7fd6a188e52343715f565cd985 http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_mipsel.deb Size/MD5 checksum: 361566 20506e6d81d71a9f524ba8c9f0b46766 http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_mipsel.deb Size/MD5 checksum: 1160560 6e52910c6d52fef4af1854273efc6b97 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_mipsel.deb Size/MD5 checksum: 185892 cb780795dc3a9f89dd3e928916d5697b http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_mipsel.deb Size/MD5 checksum: 2265696 faf3e90cf33d4a05ee89ad2dce10a731 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_mipsel.deb Size/MD5 checksum: 28350 8e100b6ffcc92dbb7ad8c39141a8fc13 PowerPC architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_powerpc.deb Size/MD5 checksum: 567822 a389ce2f331fa7c6179b6acfe74b6fba http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_powerpc.deb Size/MD5 checksum: 400788 d7aa3166a880255702741a6ce677451d http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_powerpc.deb Size/MD5 checksum: 1183696 0516786d16de1fe0dc8d2bfbbb75802e http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_powerpc.deb Size/MD5 checksum: 202748 e0bc5ac3f0db9994cc5daee971ceb8ef http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_powerpc.deb Size/MD5 checksum: 2301288 1949a1e1e17ce1d72a8a4e63d9ae265b http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_powerpc.deb Size/MD5 checksum: 30562 ec46e881824909b063e7cefabb447232 IBM S/390 architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_s390.deb Size/MD5 checksum: 456372 22ecdb672891c78e7a470879e10c52ff http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_s390.deb Size/MD5 checksum: 405162 71f677c4161e3facd5495072f8b2e0d8 http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_s390.deb Size/MD5 checksum: 1168228 90823f3eb7a2dfcf8dd3daa1ae001c80 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_s390.deb Size/MD5 checksum: 191856 88ef0c0df432ed437a279c4945317833 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_s390.deb Size/MD5 checksum: 2210676 f7b7b1cbcda411f528eba1f8e6da1e85 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_s390.deb Size/MD5 checksum: 32538 15fe4b25d51edf730c078b49e16ac349 Sun Sparc architecture: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_sparc.deb Size/MD5 checksum: 529204 c90d262455edb178c5ed486a84ce2c96 http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_sparc.deb Size/MD5 checksum: 404524 f7b7312b2e051d98c16278d329c0dfaf http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_sparc.deb Size/MD5 checksum: 1192124 97287b68053e822bca53f5ae70e69eb4 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_sparc.deb Size/MD5 checksum: 211732 0eb3277630c94eba2a98fa06a5fcd13e http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_sparc.deb Size/MD5 checksum: 2285598 07d4569b34a0c0ec031b692ef4e06dc1 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_sparc.deb Size/MD5 checksum: 30726 d5aaccf1c638201fdcaa9796f853fd50 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB1DHNW5ql+IAeqTIRAqyiAKCD1/wwqeL8Ducrcc/ofu1AtEjUUgCgsFhd ygk4bUA3X+eVrXHnxR5zn/Y= =1IvP -----END PGP SIGNATURE----- ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
