[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 696-1] New perl packages fix privilege escalation



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 696-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
March 22nd, 2005                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : perl
Vulnerability  : design flaw
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-0448
Debian Bug     : 286905 286922

Paul Szabo discovered another vulnerability in the File::Path::rmtree
function of perl, the popular scripting language.  When a process is
deleting a directory tree, a different user could exploit a race
condition to create setuid binaries in this directory tree, provided
that he already had write permissions in any subdirectory of that
tree.

For the stable distribution (woody) this problem has been fixed in
version 5.6.1-8.9.

For the unstable distribution (sid) this problem has been fixed in
version 5.8.4-8.

We recommend that you upgrade your perl packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9.dsc
      Size/MD5 checksum:      687 bf8f434e157f15546953ae89dfb2f932
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9.diff.gz
      Size/MD5 checksum:   176889 5f8583904c8f261d31f0935611ca7314
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
      Size/MD5 checksum:  5983695 ec1ff15464809b562aecfaa2e65edba6

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.9_all.deb
      Size/MD5 checksum:    31524 2516eb570a001c6a3376042ff85e3ff9
    http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.9_all.deb
      Size/MD5 checksum:  3885588 d2ccba71035e7b24bed20b0d50e6cd3c
    http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.9_all.deb
      Size/MD5 checksum:  1278636 ba2dbf867e05ce0a238a6bb0655ae88f

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:   620238 f6f8096076b94b0ac14a7e76f5cba5e8
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:   435790 e0d74ac7f28bea04ad599a34e3c860c3
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:  1218044 4d4cbcd9b01f010f0ca55a324a7f5052
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:   209396 5227c51b7c3669e6351b60fdfc71ac4a
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:  2826616 46388e257e6870a5625fa0d90e52dbe2
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_alpha.deb
      Size/MD5 checksum:    34564 ee65e15d8617f998669827f2b462d91c

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_arm.deb
      Size/MD5 checksum:   516690 39fbf1d488a709588bf624f0371e6330
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_arm.deb
      Size/MD5 checksum:   362946 2d443d23489a01a8b69c837d1c4c6f9f
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_arm.deb
      Size/MD5 checksum:  1164488 813bb81756ee700c9f0fa7b59082fb2e
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_arm.deb
      Size/MD5 checksum:   546032 3e6acd2b374169ac6b5baeacb64489a5
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_arm.deb
      Size/MD5 checksum:  2307832 c7e285156f4d87fd35c1229585ef8782
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_arm.deb
      Size/MD5 checksum:    29198 ad16061b652d47e4c424b66b97f1975a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_i386.deb
      Size/MD5 checksum:   424620 325554fce57546f366bd8eb8eae13d0d
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_i386.deb
      Size/MD5 checksum:   347980 e896258f9bab36868a62f2d4abf38f3b
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_i386.deb
      Size/MD5 checksum:  1150462 7eb6c4b69d60aa1aa203c8e121001b08
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_i386.deb
      Size/MD5 checksum:   497350 46ad051a8314caccc5bb58c0c63f21fb
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_i386.deb
      Size/MD5 checksum:  2119332 d32af3c6b914565feef67bbc88d26fac
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_i386.deb
      Size/MD5 checksum:    28422 2d35d5c7bf825e4ee402a2ee2d1e9961

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:   703848 88b2bba779fad35e4c4a0b8d19238e08
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:   599458 9eed98c89d18626a780acad02c548394
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:  1266698 2e8b9cc7c51ff5f83543cc8f72062db1
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:   227016 ae999032a6292a8bc1afeaa779338a65
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:  3312646 cb9590ae70e82d03809b6dd0cdf6adbb
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_ia64.deb
      Size/MD5 checksum:    44922 e938aea805dbcc82a6b51c45808ba117

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:   623294 8a37db2a531ceac76b5ff58b63c7dea0
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:   473742 4bfb532b44c575d9ac162721e53a3296
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:  1211970 5f02f7b3827b5bcccfae2d55d2abb3e8
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:   209228 61b8c26d1fd0cf1efe199f8c2f0114dd
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:  2288236 c9c35fe2b162d6c221996dceff59227e
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_hppa.deb
      Size/MD5 checksum:    33804 93aaedff418ba33ec0dca5fd5ae00cf2

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:   399768 1c4ff2052a44789b9257d4edc59e33c5
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:   332248 d419e1b65fb16004a7b62fca3a488445
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:  1149668 f1c1c802bece18494c769d0752e93df2
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:   192926 85e49a21425030e7217a2ed3c0803654
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:  2132078 ad607985a798b1367e4ccef997a371ab
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_m68k.deb
      Size/MD5 checksum:    27486 9e54239d40fe18c3a6130ed08c873e1a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_mips.deb
      Size/MD5 checksum:   522846 8ebd0579ab6ee8cf7ed31f37d1990953
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mips.deb
      Size/MD5 checksum:   364932 72afd3b4f4229da22df458f35bb85893
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_mips.deb
      Size/MD5 checksum:  1162038 7cbad6e00cbf6e6796d9fdcdeccaa7ff
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_mips.deb
      Size/MD5 checksum:   186566 2e2e8245567fd65a3da46effd457d6ad
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_mips.deb
      Size/MD5 checksum:  2408714 735db2fb28c5387a345ab214daa3586b
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_mips.deb
      Size/MD5 checksum:    28774 3da9dae3a1b7b0973e78dba4640e7fca

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:   516598 3ea5fd72796802f9e2217ef857963e8a
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:   361566 dcba96e1e5ecf54b37bd09442a632ada
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:  1160540 803e02a77c086a3b3e91b364abb39447
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:   186056 acb435b8e4337c1b7abdfebc2d611ba9
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:  2265654 0c1c16167fc65440eba23d17217ada05
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_mipsel.deb
      Size/MD5 checksum:    28354 d3e4a6c4608a8728379f4082c693324f

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:   567786 9a9eaff7634f0413fc89b2975ef18a54
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:   400804 b8c0c65a8711851fd03607da100a169c
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:  1183760 9209ef9514add684d6192cb29d81271b
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:   202904 d4c99aedd96846be19bf963acd70170a
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:  2301264 99ab35e586b1cecb05834106b8106daa
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_powerpc.deb
      Size/MD5 checksum:    30568 c859419ca068e074b011841d7bf29d70

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_s390.deb
      Size/MD5 checksum:   456344 d4bbbca929f81cc6c4a3da63e4c99a9f
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_s390.deb
      Size/MD5 checksum:   405156 de0c5dfb77f6f06eae9cc2f04c632fa8
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_s390.deb
      Size/MD5 checksum:  1168236 b51348ff85d77789baf85faecebb1686
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_s390.deb
      Size/MD5 checksum:   191948 048b3fde8d8ab1b2587e0c876efd2228
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_s390.deb
      Size/MD5 checksum:  2210630 00802a6d82f01ad545c8b1e7cb71b310
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_s390.deb
      Size/MD5 checksum:    32540 62b9dcc44027696b5f129910fb34f446

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:   529162 0279f9d389232fa97b2de37a2299e8f7
    http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:   404524 2c1a815027304e986c97ca96e43520c6
    http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:  1192166 7a85c23d177eb8bec63e15cf80e479b0
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:   211848 94817bb5a07639c6988a21266e8770f0
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:  2285542 0f0b4081df6154ef89f8ca59863c4367
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_sparc.deb
      Size/MD5 checksum:    30724 aa5a594ce8210d02ac75d979f1ab0201


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCP/ngW5ql+IAeqTIRAjsLAJ0ar+tlEL/SF92Bcm75/jN5aLWsWwCfZqG6
rZRZq9mbIxMPx76x4Gc1j/c=
=3a+w
-----END PGP SIGNATURE-----



Reply to: