Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-94-1: Perl vulnerability
Posted by Philipp Esselbach on: 03/09/2005 08:07 AM [ Print | 0 comment(s) ]
A Perl security update is available for Ubuntu Linux 4.10
==========================================================
Ubuntu Security Notice USN-94-1 March 09, 2005
perl vulnerability
CAN-2005-0448
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
perl-modules
The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes.
==========================================================
Ubuntu Security Notice USN-94-1 March 09, 2005
perl vulnerability
CAN-2005-0448
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
perl-modules
The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Paul Szabo discovered another vulnerability in the rmtree() function in File::Path.pm. While a process running as root (or another user) was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4.diff.gz
Size/MD5: 60188 30785d1dafe5a3370b6426dabd3496c7
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4.dsc
Size/MD5: 727 9099db2a88c436237baf52e48088f732
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.4_all.deb
Size/MD5: 36912 d5f0870d91cc2b0b66a6a03910b22dfe
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.4_all.deb
Size/MD5: 7049774 8d1513fea3153f18c5d7350e84852b64
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.4_all.deb
Size/MD5: 2181324 e33fed3f59d2a22f9379d5db42d90d7b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 605416 740d538f44a97ba88b729763cacd7fee
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 1034 4ed5f62b1a26a8cb4cbc74cdc439c0c3
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 787144 71155b4d2b2f1e12883648842f7dc9d8
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 3819890 5ffa3928854c94f9cdbf49a7a792e626
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 32834 87f2e690aeb1c557ad91c33e6ebd0f3e
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 3834234 9787bfabcd2ab93bfd11b5109284ea5d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 546898 38bbe978e981caf41c251ff68d96e817
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 494066 862aae6405d50449abfa7908ca006466
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 727586 6a6253b935ce0f62c818c84137cdffa9
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 3631128 a98a367bc60c66212b66f3089d32ffc4
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 30818 5dd4bddd3ebc8e6d659d4be8f34253d1
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 3229880 3bd6faba3e9cd8f578f410ad477ea14f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 561010 ac9cdca909113bd487d97dcbed888bdb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 1034 b373f005aa3003c56ead6e9ed4f1036a
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 718372 7053b926f46dc6b03ea4c14b3a81488b
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 3817108 c00240239a190b98aa6b5ff0c2565d91
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 30556 f177fd548a28e1914ff267da4d59707d
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 3477220 60b40c390a37e0e989d9b8e6406ed709
Paul Szabo discovered another vulnerability in the rmtree() function in File::Path.pm. While a process running as root (or another user) was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4.diff.gz
Size/MD5: 60188 30785d1dafe5a3370b6426dabd3496c7
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4.dsc
Size/MD5: 727 9099db2a88c436237baf52e48088f732
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.4_all.deb
Size/MD5: 36912 d5f0870d91cc2b0b66a6a03910b22dfe
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.4_all.deb
Size/MD5: 7049774 8d1513fea3153f18c5d7350e84852b64
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.4_all.deb
Size/MD5: 2181324 e33fed3f59d2a22f9379d5db42d90d7b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 605416 740d538f44a97ba88b729763cacd7fee
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 1034 4ed5f62b1a26a8cb4cbc74cdc439c0c3
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 787144 71155b4d2b2f1e12883648842f7dc9d8
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 3819890 5ffa3928854c94f9cdbf49a7a792e626
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 32834 87f2e690aeb1c557ad91c33e6ebd0f3e
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4_amd64.deb
Size/MD5: 3834234 9787bfabcd2ab93bfd11b5109284ea5d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 546898 38bbe978e981caf41c251ff68d96e817
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 494066 862aae6405d50449abfa7908ca006466
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 727586 6a6253b935ce0f62c818c84137cdffa9
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 3631128 a98a367bc60c66212b66f3089d32ffc4
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 30818 5dd4bddd3ebc8e6d659d4be8f34253d1
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4_i386.deb
Size/MD5: 3229880 3bd6faba3e9cd8f578f410ad477ea14f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 561010 ac9cdca909113bd487d97dcbed888bdb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 1034 b373f005aa3003c56ead6e9ed4f1036a
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 718372 7053b926f46dc6b03ea4c14b3a81488b
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 3817108 c00240239a190b98aa6b5ff0c2565d91
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 30556 f177fd548a28e1914ff267da4d59707d
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4_powerpc.deb
Size/MD5: 3477220 60b40c390a37e0e989d9b8e6406ed709
