Alerta de Segurança Debian

DSA-696-1 perl -- falha de design

Data do Alerta:
22 Mar 2005
Pacotes Afetados:
perl
Vulnerável:
Sim
Referência à base de dados de segurança:
No sistema de acompanhamento de bugs do Debian: Bug 286905, Bug 286922.
No dicionário CVE do Mitre: CVE-2005-0448.
Informações adicionais:

Paul Szabo descobriu outra vulnerabilidade na função File::Path::rmtree do perl, uma linguagem de script popular. Quando um proceso está deletando uma árvore de diretórios, um usuário diferente poderia explorar uma condição de corrida para criar binários setuid nesta árvore de diretório, desde que ele já tenha permissões de escrita em qualquer subdiretório daquela árvore.

Na distribuição estável (woody), este problema foi corrigido na versão 5.6.1-8.9.

Na distribuição instável (sid), este problema foi corrigido na versão 5.8.4-8.

Nós recomandmos que você atualize seus pacotes perl.

Corrigido em:

Debian GNU/Linux 3.0 (woody)

Fonte:
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9.dsc
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9.diff.gz
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
Componente independente de arquitetura:
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.9_all.deb
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.9_all.deb
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.9_all.deb
Alpha:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_alpha.deb
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_alpha.deb
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_alpha.deb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_alpha.deb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_alpha.deb
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_arm.deb
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_arm.deb
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_arm.deb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_arm.deb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_arm.deb
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_i386.deb
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_i386.deb
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_i386.deb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_i386.deb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_i386.deb
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_ia64.deb
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_ia64.deb
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_ia64.deb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_ia64.deb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_ia64.deb
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_hppa.deb
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_hppa.deb
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_hppa.deb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_hppa.deb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_hppa.deb
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_m68k.deb
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_m68k.deb
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_m68k.deb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_m68k.deb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_m68k.deb
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_mips.deb
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mips.deb
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_mips.deb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_mips.deb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_mips.deb
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_mipsel.deb
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mipsel.deb
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_mipsel.deb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_mipsel.deb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_mipsel.deb
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_powerpc.deb
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_powerpc.deb
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_powerpc.deb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_powerpc.deb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_powerpc.deb
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_s390.deb
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_s390.deb
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_s390.deb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_s390.deb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_s390.deb
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_sparc.deb
http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_sparc.deb
http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_sparc.deb
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_sparc.deb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_sparc.deb
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_sparc.deb

Checksums MD5 dos arquivos listados estão disponíveis no alerta original.