Alerta de Segurança Debian

DSA-208-1 perl -- compartimento seguro quebrado

Data do Alerta:

12 Dez 2002

Pacotes Afetados:

perl
perl-5.004
perl-5.005

Vulnerável:

Sim

Referência à base de dados de segurança:

Na base de dados do BugTraq (na SecurityFocus): ID BugTraq 6111.
No dicionário CVE do Mitre: CVE-2002-1323.

Informações adicionais:

Um furo de segurança foi descoberto na Safe.pm que é usada em todas as versões da Perl. O módulo de extensão seguro permite a criação de compartimentos nos quais código perl pode ser avaliado em um novo espaço de nomes e o código avaliado no compartimento não pode se referir a variáveis fora desse espaço de nomes. Contudo, quando um compartimento seguro ja foi utilizado não há garantias que ele continuará seguro, uma vez que há uma forma em que o código a ser executado dentro do compartimento seguro altere sua máscara de operacão. De qualquer forma, programas que usam um compartimento seguro somente uma vez não são afetados por esta falha.

Este problema foi corrigido na versão 5.6.1-8.2 para a atual distribuição estável (woody), na versão 5.004.05-6.2 e na 5.005.03-7.2 para a antiga distribuição estável (potato) e na versão 5.8.0-14 para a distribuição instável (sid).

Nós recomendamos que você atualize seus pacotes Perl.

Corrigido em:

Debian GNU/Linux 2.2 (potato)

Fonte:: http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2.dsc; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2.diff.gz; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05.orig.tar.gz; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2.dsc; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2.diff.gz; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03.orig.tar.gz
Componente independente de arquitetura:: http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-doc_5.004.05-6.2_all.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-doc_5.005.03-7.2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_i386.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_m68k.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_powerpc.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004_5.004.05-6.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-base_5.004.05-6.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-debug_5.004.05-6.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl-5.004/perl-5.004-suid_5.004.05-6.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005_5.005.03-7.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-base_5.005.03-7.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-debug_5.005.03-7.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-suid_5.005.03-7.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl-5.005/perl-5.005-thread_5.005.03-7.2_sparc.deb

Debian GNU/Linux 3.0 (woody)

Fonte:: http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2.dsc; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2.diff.gz; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
Componente independente de arquitetura:: http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.2_all.deb; http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.2_all.deb; http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_alpha.deb; http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_arm.deb; http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_i386.deb; http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_ia64.deb; http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_ia64.deb; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_ia64.deb; http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_ia64.deb; http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_ia64.deb; http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_hppa.deb; http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_hppa.deb; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_hppa.deb; http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_hppa.deb; http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_hppa.deb; http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_m68k.deb; http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_mips.deb; http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_mips.deb; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_mips.deb; http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_mips.deb; http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_mips.deb; http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_mipsel.deb; http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_mipsel.deb; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_mipsel.deb; http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_mipsel.deb; http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_mipsel.deb; http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_powerpc.deb; http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_s390.deb; http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_s390.deb; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_s390.deb; http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_s390.deb; http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_s390.deb; http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.2_sparc.deb; http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.2_sparc.deb

Checksums MD5 dos arquivos listados estão disponíveis no alerta original.