Linux Compatible
  • News
    • Channels
    • Archive
    • Search
    • Submit
  • Articles
    • Categories
  • Knowledgebase
  • Compatibility
    • Search
  • Links
  • Forums
  • Twitter
Advertisement

Latest News
[ Windows | Linux | Apple ]

· MySQL-5.5 Security Update for Debian 8
· AMD 2nd Gen Ryzen Reviews and more
· Windows 10 Insider Preview Build 17650 released
· MySQL and Libreoffice Updates for Debian 7 LTS
· Apache and OpenSSL Security Update for Ubuntu Linux
· MySQL 8.0.11 released
· Popular YouTuber Says Apple Won't Fix His iMac Pro Damaged While Disassembled and more
· GD Update (SSA:2018-108-01) for Slackware
· Wieshark and Opencv Updates for Debian 7 LTS
· 16 Oracle Linux Updates

Upcoming News
· Samsung 860 Pro SSD Review @ Vortez
· Raijintek Orcus 240 @ TechPowerUp
· Team Group Cardea Zero 240 GB @ TechPowerUp
· Guru3D Rig of the Month - January 2018
· Cooler Master MK750 Review @ Vortez
· Seagate Skyhawk 10TB SATA III HDD Review
· Vulkan Continues To Show Its Gaming Strength On Low-End Hardware
· Seagate IronWolf ST12000VN0007 12TB Hard Drive Review @ APH Networks
· Sennheiser Game One @ TechPowerUp
· be quiet! Straight Power 11 1000W Power Supply Review

Linux Compatibility
· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics
· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 1193 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 2367 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 4251 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 2855 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 4774 views

News Channels
· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New
Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Linux Compatible » News » February 2005 » USN-72-1: Perl vulnerabilities

USN-72-1: Perl vulnerabilities

Posted by Philipp Esselbach on: 02/02/2005 04:14 PM [ Print | 0 comment(s) ]

A Perl security update has been released for Ubuntu Linux 4.10

===========================================================
Ubuntu Security Notice USN-72-1 February 02, 2005
perl vulnerabilities
CAN-2005-0155, CAN-2005-0156
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

perl

The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.3. In general, a standard system upgrade is sufficient to effect the necessary changes.




Details follow:

Two exploitable vulnerabilities involving setuid-enabled perl scripts have been discovered. The package "perl-suid" provides a wrapper around perl which allows to use setuid-root perl scripts, i.e. user-callable Perl scripts which have full root privileges.

Previous versions allowed users to overwrite arbitrary files by setting the PERLIO_DEBUG environment variable and calling an arbitrary setuid-root perl script. The file that PERLIO_DEBUG points to was then overwritten by Perl debug messages. This did not allow precise control over the file content, but could destroy important data. PERLIO_DEBUG is now ignored for setuid scripts. (CAN-2005-0155)

In addition, calling a setuid-root perl script with a very long path caused a buffer overflow if PERLIO_DEBUG was set. This buffer overflow could be exploited to execute arbitrary files with full root privileges. (CAN-2005-0156)

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.
3.diff.gz
Size/MD5: 57791 6838d5eb8b01a50895f60f899b7f9970
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.
3.dsc
Size/MD5: 727 424d777c7a4f7e01e142bd907ec49134
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.
gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl
_5.8.4-2ubuntu0.3_all.deb
Size/MD5: 36762 3187be1f92d688e34fca60c46f688ca9
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubun
tu0.3_all.deb
Size/MD5: 7049796 f64050a4658b325918e1d853d0f2cbc0
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2
ubuntu0.3_all.deb
Size/MD5: 2181384 b2a50b4f2dde034430bc84bbabc791cc

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2u
buntu0.3_amd64.deb
Size/MD5: 605434 2ca037b813fe14be47cafa2f27acd77b
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ub
untu0.3_amd64.deb
Size/MD5: 1032 2bb8737a384a3786171d2ae2a3ed4a7a
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubu
ntu0.3_amd64.deb
Size/MD5: 787086 e5bb5502b6e90a29c74acc032b9e55c5
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4
-2ubuntu0.3_amd64.deb
Size/MD5: 3819860 1daaaa3016ad679e80199e19c5b901ef
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubu
ntu0.3_amd64.deb
Size/MD5: 32832 0cb6d5e891a5524a8d88a2c42c866e57
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.
3_amd64.deb
Size/MD5: 3834226 442c1ace9f9ea25dc24075c37ee2365b

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2u
buntu0.3_i386.deb
Size/MD5: 546882 60034b55abcae07a3d6c6052a3213463
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ub
untu0.3_i386.deb
Size/MD5: 494062 6588b891ea5946652fbfa57529ab63c7
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubu
ntu0.3_i386.deb
Size/MD5: 727402 9f372c22dbe904e4986c20db27ca4eab
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4
-2ubuntu0.3_i386.deb
Size/MD5: 3631146 a4e235f9ee4b5b4c00af9681c462f9cb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubu
ntu0.3_i386.deb
Size/MD5: 30812 70923ad1d98c214f7d74b3fcd33fd8a3
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.
3_i386.deb
Size/MD5: 3229674 c1eefcf39facb03157c59a0f87ff7471

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2u
buntu0.3_powerpc.deb
Size/MD5: 560992 17dd72a903ea7cb68dde0b937c18dbbd
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ub
untu0.3_powerpc.deb
Size/MD5: 1032 b30fdccfa2463633641622427cbcaa73
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubu
ntu0.3_powerpc.deb
Size/MD5: 718224 c200522dfa69b9810d66dd94a5102f6f
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4
-2ubuntu0.3_powerpc.deb
Size/MD5: 3817106 3fbeaca89ae2b2a54adb0b01b282f8bd
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubu
ntu0.3_powerpc.deb
Size/MD5: 30558 606caf5631780c2941118a5bbd6b2fd4
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.
3_powerpc.deb
Size/MD5: 3477176 d1e921f275e597dc1b59d6ca5680c07e


Bookmark and Share

« Sample solution for Sarbanes-Oxley · Mandrakesoft to participate in IGGI supercomputer project »

Linux Compatible » News » February 2005 » USN-72-1: Perl vulnerabilities
All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition