Alerta de Segurança Debian
DSA-696-1 perl -- falha de design
- Data do Alerta:
- 22 Mar 2005
- Pacotes Afetados:
- perl
- Vulnerável:
- Sim
- Referência à base de dados de segurança:
- No sistema de acompanhamento de bugs do Debian: Bug 286905, Bug 286922.
No dicionário CVE do Mitre: CVE-2005-0448. - Informações adicionais:
-
Paul Szabo descobriu outra vulnerabilidade na função File::Path::rmtree do perl, uma linguagem de script popular. Quando um proceso está deletando uma árvore de diretórios, um usuário diferente poderia explorar uma condição de corrida para criar binários setuid nesta árvore de diretório, desde que ele já tenha permissões de escrita em qualquer subdiretório daquela árvore.
Na distribuição estável (woody), este problema foi corrigido na versão 5.6.1-8.9.
Na distribuição instável (sid), este problema foi corrigido na versão 5.8.4-8.
Nós recomendamos que você atualize seus pacotes perl.
- Corrigido em:
-
Debian GNU/Linux 3.0 (woody)
- Fonte:
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9.dsc
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9.diff.gz
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9.diff.gz
- Componente independente de arquitetura:
- http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.9_all.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.9_all.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.9_all.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.9_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_alpha.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_arm.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_i386.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_ia64.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_hppa.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_m68k.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_mips.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_mipsel.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_powerpc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_s390.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.9_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.9_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.9_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.9_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.9_sparc.deb
- http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.9_sparc.deb
Checksums MD5 dos arquivos listados estão disponíveis no alerta original.