RHSA-2005:880-01 Moderate: perl security update
Posted on: 12/20/2005 05:32 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: perl security update
Advisory ID: RHSA-2005:880-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-880.html
Issue date: 2005-12-20
Updated on: 2005-12-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3962
- ---------------------------------------------------------------------

1. Summary:

Updated Perl packages that fix security issues and bugs are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

An integer overflow bug was found in Perl's format string processor. It is
possible for an attacker to cause perl to crash or execute arbitrary code
if the attacker is able to process a malicious format string. This issue
is only exploitable through a script which passes arbitrary untrusted
strings to the format string processor. The Common Vulnerabilities and
Exposures project assigned the name CVE-2005-3962 to this issue.

Users of Perl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues as well as fixes for
several bugs.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

170088 - bits/resource.ph has syntax errors
171111 - (libperl) could not run system-config-printer
172327 - getgrnam() crashes with "Out of memory" if /etc/group contains long lines
174683 - CVE-2005-3962 Perl integer overflow issue
175104 - MakeMaker::MM_Unix doesn't honor LD_RUN_PATH requirements
175129 - missing C standard headers


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm
44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm

i386:
41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm
fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm

ia64:
bce950fab06eac39fabf74060746e50a perl-5.8.5-24.RHEL4.ia64.rpm
70ab2ffbeac438218a37f295dac5308e perl-suidperl-5.8.5-24.RHEL4.ia64.rpm

ppc:
9865ec5607eb3ef32a39d1ba5969d34a perl-5.8.5-24.RHEL4.ppc.rpm
62c2ce1ff78671de1fca6bb34fc29fc5 perl-suidperl-5.8.5-24.RHEL4.ppc.rpm

s390:
b62ef568796c54ef8e0d8defb3931f41 perl-5.8.5-24.RHEL4.s390.rpm
e3fe98dd7c5b19aefc38597bab186327 perl-suidperl-5.8.5-24.RHEL4.s390.rpm

s390x:
b76f72b60b736d4c143bf8cbb435c789 perl-5.8.5-24.RHEL4.s390x.rpm
c55fbbc676950f192923a526fa0c2177 perl-suidperl-5.8.5-24.RHEL4.s390x.rpm

x86_64:
21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm
20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm
44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm

i386:
41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm
fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm

x86_64:
21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm
20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm
44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm

i386:
41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm
fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm

ia64:
bce950fab06eac39fabf74060746e50a perl-5.8.5-24.RHEL4.ia64.rpm
70ab2ffbeac438218a37f295dac5308e perl-suidperl-5.8.5-24.RHEL4.ia64.rpm

x86_64:
21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm
20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/perl-5.8.5-24.RHEL4.src.rpm
44fee2aba88f5e9f95c6380f59d96168 perl-5.8.5-24.RHEL4.src.rpm

i386:
41acc2458d49e5993f2166e4e3011158 perl-5.8.5-24.RHEL4.i386.rpm
fc333a6a5b0823ae264ccc0034d16d3b perl-suidperl-5.8.5-24.RHEL4.i386.rpm

ia64:
bce950fab06eac39fabf74060746e50a perl-5.8.5-24.RHEL4.ia64.rpm
70ab2ffbeac438218a37f295dac5308e perl-suidperl-5.8.5-24.RHEL4.ia64.rpm

x86_64:
21b444319af3893c7dfc522fd81b8a3f perl-5.8.5-24.RHEL4.x86_64.rpm
20880d1430449d763eb54688e2ab6f24 perl-suidperl-5.8.5-24.RHEL4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDqCFnXlSAg2UNWIIRAlmEAJ9WwF1K5PXv6gboYPhhjxFz0ZOyCACeLcYR
AJEcdbkFKKYfo/JGrjFkTeE=
=R4d5
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2005880_01_moderate_perl_security_update.html)