Säkerhetsbulletin från Debian
DSA-371-1 perl -- serveröverskridande skriptproblem
- Rapporterat den:
- 2003-08-11
- Berörda paket:
- perl
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 8231.
I Mitres CVE-förteckning: CVE-2003-0615. - Ytterligare information:
-
Det finns en serveröverskridande skriptsårbarhet i start_form()-funktionen i CGI.pm. Denna funktion skriver ut data kontrollerad av användaren i action-attributet i ett form-element utan att det städas upp, vilket gör det möjligt för en angripare utifrån att exekvera godtyckliga webbskript i den genererade sidans kontext. Alla program som använder denna funktion i CGI.pm-modulen kan vara påverkade.
För den nuvarande stabila utgåvan (Woody) har detta problem rättats i version 5.6.1-8.3.
För den instabila utgåvan (Sid) har detta problem rättats i version 5.8.0-19.
Vi rekommenderar att ni uppgraderar ert perl-paket.
- Rättat i:
-
Debian GNU/Linux 3.0 (woody)
- Källkod:
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3.dsc
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3.diff.gz
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.3_all.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.3_all.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.3_all.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.3_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.3_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.3_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.3_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.3_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.3_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.3_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.