Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

[USN-72-1] Perl vulnerabilities: msg#00001

linux.ubuntu.security.announce

Subject: [USN-72-1] Perl vulnerabilities

===========================================================
Ubuntu Security Notice USN-72-1 February 02, 2005
perl vulnerabilities
CAN-2005-0155, CAN-2005-0156
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

perl

The problem can be corrected by upgrading the affected package to
version 5.8.4-2ubuntu0.3. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Two exploitable vulnerabilities involving setuid-enabled perl scripts
have been discovered. The package "perl-suid" provides a wrapper
around perl which allows to use setuid-root perl scripts, i.e.
user-callable Perl scripts which have full root privileges.

Previous versions allowed users to overwrite arbitrary files by
setting the PERLIO_DEBUG environment variable and calling an arbitrary
setuid-root perl script. The file that PERLIO_DEBUG points to was then
overwritten by Perl debug messages. This did not allow precise control
over the file content, but could destroy important data. PERLIO_DEBUG
is now ignored for setuid scripts. (CAN-2005-0155)

In addition, calling a setuid-root perl script with a very long path
caused a buffer overflow if PERLIO_DEBUG was set. This buffer overflow
could be exploited to execute arbitrary files with full root
privileges. (CAN-2005-0156)

Source archives:


http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.3.diff.gz
Size/MD5: 57791 6838d5eb8b01a50895f60f899b7f9970
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.3.dsc
Size/MD5: 727 424d777c7a4f7e01e142bd907ec49134
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf

Architecture independent packages:


http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.3_all.deb
Size/MD5: 36762 3187be1f92d688e34fca60c46f688ca9

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.3_all.deb
Size/MD5: 7049796 f64050a4658b325918e1d853d0f2cbc0

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.3_all.deb
Size/MD5: 2181384 b2a50b4f2dde034430bc84bbabc791cc

amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.3_amd64.deb
Size/MD5: 605434 2ca037b813fe14be47cafa2f27acd77b

http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.3_amd64.deb
Size/MD5: 1032 2bb8737a384a3786171d2ae2a3ed4a7a

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.3_amd64.deb
Size/MD5: 787086 e5bb5502b6e90a29c74acc032b9e55c5

http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.3_amd64.deb
Size/MD5: 3819860 1daaaa3016ad679e80199e19c5b901ef

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.3_amd64.deb
Size/MD5: 32832 0cb6d5e891a5524a8d88a2c42c866e57

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.3_amd64.deb
Size/MD5: 3834226 442c1ace9f9ea25dc24075c37ee2365b

i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.3_i386.deb
Size/MD5: 546882 60034b55abcae07a3d6c6052a3213463

http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.3_i386.deb
Size/MD5: 494062 6588b891ea5946652fbfa57529ab63c7

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.3_i386.deb
Size/MD5: 727402 9f372c22dbe904e4986c20db27ca4eab

http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.3_i386.deb
Size/MD5: 3631146 a4e235f9ee4b5b4c00af9681c462f9cb

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.3_i386.deb
Size/MD5: 30812 70923ad1d98c214f7d74b3fcd33fd8a3

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.3_i386.deb
Size/MD5: 3229674 c1eefcf39facb03157c59a0f87ff7471

powerpc architecture (Apple Macintosh G3/G4/G5)


http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.3_powerpc.deb
Size/MD5: 560992 17dd72a903ea7cb68dde0b937c18dbbd

http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.3_powerpc.deb
Size/MD5: 1032 b30fdccfa2463633641622427cbcaa73

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.3_powerpc.deb
Size/MD5: 718224 c200522dfa69b9810d66dd94a5102f6f

http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.3_powerpc.deb
Size/MD5: 3817106 3fbeaca89ae2b2a54adb0b01b282f8bd

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.3_powerpc.deb
Size/MD5: 30558 606caf5631780c2941118a5bbd6b2fd4

http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.3_powerpc.deb
Size/MD5: 3477176 d1e921f275e597dc1b59d6ca5680c07e

Attachment: signature.asc
Description: Digital signature
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [USN-71-1] PostgreSQL vulnerability, Martin Pitt
Next by Date:  [USN-73-1] Python vulnerability, Martin Pitt
Previous by Thread:  [USN-71-1] PostgreSQL vulnerability, Martin Pitt
Next by Thread:  [USN-73-1] Python vulnerability, Martin Pitt
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
version-control...    qnx.openqnx.dev...    redhat.rhn.user...    ietf.openpgp/20...    mail.mutt.user/...    web.microformat...    java.sync4j.use...    education.ezpro...    user-groups.blu...    solaris.manager...    org.fitug.debat...    technology.erps...    politics.activi...    linux.redhat.fe...    bug-tracking.ma...    xfce.user/2004-...    hams/2004-11/ms...    kde.users.pim/2...    culture.cooking...    freebsd.devel.x...    gnu.m4.adhoc/20...    ngpt.user/2002-...    apple.fink.deve...   
Home | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation