[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 620-1] New perl packages fix several vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 620-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
December 30th, 2004                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : perl
Vulnerability  : insecure temporary files / directories
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0452 CAN-2004-0976

Several vulnerabilities have been discovered in Perl, the popular
scripting language.  The Common Vulnerabilities and Exposures project
identifies the following problems:

CAN-2004-0452

    Jeroen van Wolffelaar discovered that the rmtree() function in the
    File::Path module removes directory trees in an insecure manner
    which could lead to the removal of arbitrary files and directories
    through a symlink attack.

CAN-2004-0976

    Trustix developers discovered several insecure uses of temporary
    files in many modules which allow a local attacker to overwrite
    files via a symlink attack.

For the stable distribution (woody) these problems have been fixed in
version 5.6.1-8.8.

For the unstable distribution (sid) these problems have been fixed in
version 5.8.4-5.

We recommend that you upgrade your perl packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8.dsc
      Size/MD5 checksum:      687 bdc819ee60db1a3b36c3dca291f52ace
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8.diff.gz
      Size/MD5 checksum:   172848 fd37736eb59a9818267ee7d857392ad7
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
      Size/MD5 checksum:  5983695 ec1ff15464809b562aecfaa2e65edba6

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.8_all.deb
      Size/MD5 checksum:    31398 b3770a464c4829cffc57b6200d7aea5a
    http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.8_all.deb
      Size/MD5 checksum:  3885590 67218848fb7f8d1c957c544e65cfec6f
    http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.8_all.deb
      Size/MD5 checksum:  1278678 f9096ccecd9a4498710918630f5d1c33

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_alpha.deb
      Size/MD5 checksum:   620330 89d10e31a2d585a5e21f03ced90588ae
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_alpha.deb
      Size/MD5 checksum:   435780 f3f58d63f33ea7329643f3018557567c
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_alpha.deb
      Size/MD5 checksum:  1217954 ddc314501497c8fccce05836440725b7
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_alpha.deb
      Size/MD5 checksum:   209206 47f3505b8f00c927c8418ee7f738a4e4
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_alpha.deb
      Size/MD5 checksum:  2826662 fcfc45b3c132e3cbe611e938f107dfc4
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_alpha.deb
      Size/MD5 checksum:    34554 55824148ee93769d5cfa37b38e19ac8a

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_arm.deb
      Size/MD5 checksum:   516708 6282cf2711efc7fa7e5d64ee3cb1878a
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_arm.deb
      Size/MD5 checksum:   362942 726aead8125fdf9511da4b9a78b7bbf0
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_arm.deb
      Size/MD5 checksum:  1164478 13138bd197201c32b928e4e5c3e0da54
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_arm.deb
      Size/MD5 checksum:   545864 650daeadb1be2bc86226e1807dc2e57c
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_arm.deb
      Size/MD5 checksum:  2307242 7e28620ac4894efdb57f9b57a8af0309
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_arm.deb
      Size/MD5 checksum:    29192 fadf45170059bf5215dd759c32c79c83

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_i386.deb
      Size/MD5 checksum:   424662 217c74330cb9c12cbd906aec43abe92f
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_i386.deb
      Size/MD5 checksum:   347978 15e1c64f422e6495fd92e09f02991814
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_i386.deb
      Size/MD5 checksum:  1150484 1569e8cbc55a2ec5babdadac0b925b12
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_i386.deb
      Size/MD5 checksum:   497242 250b97b266658e9b3c98967dd6947c99
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_i386.deb
      Size/MD5 checksum:  2119362 13ab60aa1701b7fce4b96de9a78e9261
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_i386.deb
      Size/MD5 checksum:    28422 e5235115cc02003dd3515a0d38f23b42

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_ia64.deb
      Size/MD5 checksum:   703874 ea071c083351f2e07dc6e22bcc9dd1e8
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_ia64.deb
      Size/MD5 checksum:   599450 87da2520a1ff7b157f7414999483ea7f
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_ia64.deb
      Size/MD5 checksum:  1266726 2378fb694f478f3fe2549e0e792ceccb
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_ia64.deb
      Size/MD5 checksum:   226952 43de968717f3e066e7e45aca8a0bb2e7
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_ia64.deb
      Size/MD5 checksum:  3312698 46633fe22b1172ff9308bcf84633ab09
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_ia64.deb
      Size/MD5 checksum:    44922 cee01e78831eb62247721e2599e28111

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_hppa.deb
      Size/MD5 checksum:   623320 ffa469711a7cacb5da07c6792b6c1f8a
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_hppa.deb
      Size/MD5 checksum:   473736 428829e842147dcb2f4ec7dbe796bf44
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_hppa.deb
      Size/MD5 checksum:  1211876 c3aa141e650e34c176f4ef33679b28e9
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_hppa.deb
      Size/MD5 checksum:   209036 fbe5e0e56e8bef503795adb8fb84f7e6
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_hppa.deb
      Size/MD5 checksum:  2288242 c7332174e8aa431a6af401f56db5b0b0
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_hppa.deb
      Size/MD5 checksum:    33804 b912570681c8ce55f5231136ec9dd0bc

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_m68k.deb
      Size/MD5 checksum:   399798 49186a13c85be2507929b0088c80f936
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_m68k.deb
      Size/MD5 checksum:   332256 89e19e7d6342f136eb61bad61f18ba25
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_m68k.deb
      Size/MD5 checksum:  1149714 0371c82b59198887645e622b72e7773e
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_m68k.deb
      Size/MD5 checksum:   192800 bc262c2f107d988d01f2225fe4a28045
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_m68k.deb
      Size/MD5 checksum:  2132060 43e96b020e61cffc3a8424bc4456e6c7
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_m68k.deb
      Size/MD5 checksum:    27480 e02b54b1d96473086606a0186de84fb9

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_mips.deb
      Size/MD5 checksum:   522884 ee28c8b9de23b790c88b09d911200c71
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_mips.deb
      Size/MD5 checksum:   364942 623317099dcf47d9f965540f85bdf61d
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_mips.deb
      Size/MD5 checksum:  1159462 2ebd6824e7dca7f318e34c503c892c87
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_mips.deb
      Size/MD5 checksum:   186418 f34f09eaa7c7cb665a853e67bd8bc5ca
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_mips.deb
      Size/MD5 checksum:  2408728 004e8b320e65ebaf43c214f17315fd4f
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_mips.deb
      Size/MD5 checksum:    28782 ef0b0c2d068d59101a0e6a7a52394d9f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_mipsel.deb
      Size/MD5 checksum:   516638 f5d7aa7fd6a188e52343715f565cd985
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_mipsel.deb
      Size/MD5 checksum:   361566 20506e6d81d71a9f524ba8c9f0b46766
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_mipsel.deb
      Size/MD5 checksum:  1160560 6e52910c6d52fef4af1854273efc6b97
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_mipsel.deb
      Size/MD5 checksum:   185892 cb780795dc3a9f89dd3e928916d5697b
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_mipsel.deb
      Size/MD5 checksum:  2265696 faf3e90cf33d4a05ee89ad2dce10a731
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_mipsel.deb
      Size/MD5 checksum:    28350 8e100b6ffcc92dbb7ad8c39141a8fc13

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_powerpc.deb
      Size/MD5 checksum:   567822 a389ce2f331fa7c6179b6acfe74b6fba
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_powerpc.deb
      Size/MD5 checksum:   400788 d7aa3166a880255702741a6ce677451d
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_powerpc.deb
      Size/MD5 checksum:  1183696 0516786d16de1fe0dc8d2bfbbb75802e
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_powerpc.deb
      Size/MD5 checksum:   202748 e0bc5ac3f0db9994cc5daee971ceb8ef
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_powerpc.deb
      Size/MD5 checksum:  2301288 1949a1e1e17ce1d72a8a4e63d9ae265b
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_powerpc.deb
      Size/MD5 checksum:    30562 ec46e881824909b063e7cefabb447232

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_s390.deb
      Size/MD5 checksum:   456372 22ecdb672891c78e7a470879e10c52ff
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_s390.deb
      Size/MD5 checksum:   405162 71f677c4161e3facd5495072f8b2e0d8
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_s390.deb
      Size/MD5 checksum:  1168228 90823f3eb7a2dfcf8dd3daa1ae001c80
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_s390.deb
      Size/MD5 checksum:   191856 88ef0c0df432ed437a279c4945317833
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_s390.deb
      Size/MD5 checksum:  2210676 f7b7b1cbcda411f528eba1f8e6da1e85
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_s390.deb
      Size/MD5 checksum:    32538 15fe4b25d51edf730c078b49e16ac349

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.8_sparc.deb
      Size/MD5 checksum:   529204 c90d262455edb178c5ed486a84ce2c96
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.8_sparc.deb
      Size/MD5 checksum:   404524 f7b7312b2e051d98c16278d329c0dfaf
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.8_sparc.deb
      Size/MD5 checksum:  1192124 97287b68053e822bca53f5ae70e69eb4
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.8_sparc.deb
      Size/MD5 checksum:   211732 0eb3277630c94eba2a98fa06a5fcd13e
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.8_sparc.deb
      Size/MD5 checksum:  2285598 07d4569b34a0c0ec031b692ef4e06dc1
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.8_sparc.deb
      Size/MD5 checksum:    30726 d5aaccf1c638201fdcaa9796f853fd50


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB1DHNW5ql+IAeqTIRAqyiAKCD1/wwqeL8Ducrcc/ofu1AtEjUUgCgsFhd
ygk4bUA3X+eVrXHnxR5zn/Y=
=1IvP
-----END PGP SIGNATURE-----



Reply to: