[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 978-1] perl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : perl
Version        : 5.14.2-21+deb7u5
CVE ID         : CVE-2017-6512
Debian Bug     : 863870

The cPanel Security Team reported a time of check to time of use
(TOCTTOU) race condition flaw in File::Path, a core module from Perl to
create or remove directory trees. An attacker can take advantage of this
flaw to set the mode on an attacker-chosen file to an attacker-chosen
value.

For Debian 7 "Wheezy", these problems have been fixed in version
5.14.2-21+deb7u5.

We recommend that you upgrade your perl packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlk1oCQACgkQnUbEiOQ2
gwJOdxAAo31oFsKJMeADD4VS1YOjg4B4dXAVIHTQIVlCv0Fd+KAmv1p/aUTHI3/Z
T7cvTtd0anT4ad63wTJfsuyFuoAm3e50GK+PBipS5v5Wzkli6A6Hjyy5DYPH41az
LgXyPtZepRL4XTzfBjehH1A2hy0KU1Q/DmwKhRQC9f1a1lVwGV/IZ4w//eG4cMYD
0XZpBImytsvGSI9b8GJBRpAd57PSm8dHorvwUjzHIkZQxOmZWlH3aY+hQNIfxMn+
QJcXY58FvifkjPF3SV5zl8mN5emhkLi2Ac06QmFJ/XECzrz1YDwO1PNf2pblbNmr
O/4l3oPhjo0TH2VGWx+zzdBXe1aaWasfq1P20GhQEfz80r5hxetK7gU4afleXGi1
cy3qdVM6IiQNBY9qc71LCkAhm/xmpiuL77UkZsAb3zgM4Yl7Yxn+RXL4oz2o7W07
K+zfu6k6sdk54vR5DUeGTANMUF+e+KHm3PjWOZPkyIjyptns2yyEgcRfbi0+5eRa
OiHTz+sZBj8vNIQKpy0cRy1zfcRDuiUiwfohHaaOR8avRLlqWTB7T2T65qQrw2mP
qjHTAXwu74/DIs2n5bXB8XpUYz3QLpRHxzJa7wtasng+GLvjxhy+g88mfrG3SCWg
84fk+TdTiesgPeiYTp+xsO76XIB6ELhlIigm21WxaNtz09/B1pw=
=6S6M
-----END PGP SIGNATURE-----


Reply to: