Advisories
Mandriva Advisories
|
 |
| Problem Description |
Jeroen van Wolffelaar discovered that the rmtree() function in the perl
File::Path module would remove directories in an insecure manner which
could lead to the removal of arbitrary files and directories via a
symlink attack (CAN-2004-0452).
Trustix developers discovered several insecure uses of temporary files
in many modules which could allow a local attacker to overwrite files
via symlink attacks (CAN-2004-0976).
"KF" discovered two vulnerabilities involving setuid-enabled perl
scripts. By setting the PERLIO_DEBUG environment variable and calling
an arbitrary setuid-root perl script, an attacker could overwrite
arbitrary files with perl debug messages (CAN-2005-0155). As well,
calling a setuid-root perl script with a very long path would cause a
buffer overflow if PERLIO_DEBUG was set, which could be exploited to
execute arbitrary files with root privileges (CAN-2005-0156).
The provided packages have been patched to resolve these problems.
| Updated Packages |
Mandrakelinux 9.2
e20db560fd730715e15dfa8b86bdf64e 9.2/RPMS/perl-5.8.1-0.RC4.3.3.92mdk.i586.rpm 8b35db60de2b45267e2e7d6b5c91e9c5 9.2/RPMS/perl-base-5.8.1-0.RC4.3.3.92mdk.i586.rpm 938d58ea9c9a14b4562da53f65e6b98d 9.2/RPMS/perl-devel-5.8.1-0.RC4.3.3.92mdk.i586.rpm 826927185050c8390c260ea68e7c9b28 9.2/RPMS/perl-doc-5.8.1-0.RC4.3.3.92mdk.i586.rpm 42336c6aa22474e11e49da1334c01415 9.2/SRPMS/perl-5.8.1-0.RC4.3.3.92mdk.src.rpm
Mandrakelinux 9.2/AMD64
7b90163d3bc050172ef2b962367944f7 amd64/9.2/RPMS/perl-5.8.1-0.RC4.3.3.92mdk.amd64.rpm 3c9e8c95c1d3637111f88924798acfb1 amd64/9.2/RPMS/perl-base-5.8.1-0.RC4.3.3.92mdk.amd64.rpm 28644f1effa1ecd3d4e8dcbc28d56e38 amd64/9.2/RPMS/perl-devel-5.8.1-0.RC4.3.3.92mdk.amd64.rpm 89b774253bad6f9513685eab214680aa amd64/9.2/RPMS/perl-doc-5.8.1-0.RC4.3.3.92mdk.amd64.rpm 42336c6aa22474e11e49da1334c01415 amd64/9.2/SRPMS/perl-5.8.1-0.RC4.3.3.92mdk.src.rpm
Mandrakelinux 10.0
03ef7fbe398819df299c12b60037452e 10.0/RPMS/perl-5.8.3-5.3.100mdk.i586.rpm 8c660b1461a18ea5d4115ce97d919400 10.0/RPMS/perl-base-5.8.3-5.3.100mdk.i586.rpm 4cea2d8402078460a305a2d5b35ded3f 10.0/RPMS/perl-devel-5.8.3-5.3.100mdk.i586.rpm 521c1c2a42672a5d8f59dd372a274427 10.0/RPMS/perl-doc-5.8.3-5.3.100mdk.i586.rpm 68a64ab9524c8494b9cafe243ca4207a 10.0/SRPMS/perl-5.8.3-5.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
6ef2826a08789b5a5818a87d5964a1a2 amd64/10.0/RPMS/perl-5.8.3-5.3.100mdk.amd64.rpm c473bbbfec6d07ef351c5d2e755d873f amd64/10.0/RPMS/perl-base-5.8.3-5.3.100mdk.amd64.rpm 736ec557782c41dd5e43a2ff31d0cc3e amd64/10.0/RPMS/perl-devel-5.8.3-5.3.100mdk.amd64.rpm a9ed51fa1e678f7481c74fc65c886f44 amd64/10.0/RPMS/perl-doc-5.8.3-5.3.100mdk.amd64.rpm 68a64ab9524c8494b9cafe243ca4207a amd64/10.0/SRPMS/perl-5.8.3-5.3.100mdk.src.rpm
Mandrakelinux 10.1
dc0072b42ada389f8d948435fb44337b 10.1/RPMS/perl-5.8.5-3.3.101mdk.i586.rpm 1e0c9f3256ff487d95011253abcac637 10.1/RPMS/perl-base-5.8.5-3.3.101mdk.i586.rpm ff2ff682b097c8ce91d989858cfe87fc 10.1/RPMS/perl-devel-5.8.5-3.3.101mdk.i586.rpm d2a4f038e99b1742b5e427eb508735c6 10.1/RPMS/perl-doc-5.8.5-3.3.101mdk.i586.rpm 6421bbaac9c9260c34f1503699a9c06d 10.1/SRPMS/perl-5.8.5-3.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
48e3ca61e5cdb1fdb6ab167368de39dd x86_64/10.1/RPMS/perl-5.8.5-3.3.101mdk.x86_64.rpm f105736fca96d67e29fedbed60e493d5 x86_64/10.1/RPMS/perl-base-5.8.5-3.3.101mdk.x86_64.rpm a4d842d0548a9cd8b37ac95bdc3cf76f x86_64/10.1/RPMS/perl-devel-5.8.5-3.3.101mdk.x86_64.rpm c994694b34389bbd2f8f31a5a0912abd x86_64/10.1/RPMS/perl-doc-5.8.5-3.3.101mdk.x86_64.rpm 6421bbaac9c9260c34f1503699a9c06d x86_64/10.1/SRPMS/perl-5.8.5-3.3.101mdk.src.rpm
Corporate Server 2.1
80ab375d58e13144188efb18d823be02 corporate/2.1/RPMS/perl-5.8.0-14.4.C21mdk.i586.rpm 1669ef10de0c263de5bcb1a6291b80e6 corporate/2.1/RPMS/perl-base-5.8.0-14.4.C21mdk.i586.rpm b670e055bce7ec7c3cf9fed4c0a1b0bb corporate/2.1/RPMS/perl-devel-5.8.0-14.4.C21mdk.i586.rpm c6d3731abbbab36836a10098eec45632 corporate/2.1/RPMS/perl-doc-5.8.0-14.4.C21mdk.i586.rpm 7320d6f6b55b6072b84adce5e8c24564 corporate/2.1/SRPMS/perl-5.8.0-14.4.C21mdk.src.rpm
Corporate Server 2.1/X86_64
79543c5e27e4fad31b70c3b1f9f78c3e x86_64/corporate/2.1/RPMS/perl-5.8.0-14.4.C21mdk.x86_64.rpm df4d687f5974bc8aec71943f916b55e4 x86_64/corporate/2.1/RPMS/perl-base-5.8.0-14.4.C21mdk.x86_64.rpm 6e235994ebfd3d140b0a98a6ced85600 x86_64/corporate/2.1/RPMS/perl-devel-5.8.0-14.4.C21mdk.x86_64.rpm c3e96a04b20424b4034c38e871110c43 x86_64/corporate/2.1/RPMS/perl-doc-5.8.0-14.4.C21mdk.x86_64.rpm 7320d6f6b55b6072b84adce5e8c24564 x86_64/corporate/2.1/SRPMS/perl-5.8.0-14.4.C21mdk.src.rpm
Corporate Server 3.0
3ec85cecac7c9311d84808c4d606fad5 corporate/3.0/RPMS/perl-5.8.3-5.3.C30mdk.i586.rpm eeb15059224b10ea1e38e7c295238ba2 corporate/3.0/RPMS/perl-base-5.8.3-5.3.C30mdk.i586.rpm 2725bd3ff3a4879e92e2a837d31d371f corporate/3.0/RPMS/perl-devel-5.8.3-5.3.C30mdk.i586.rpm 83800acb6dff62a0283a4f4a63748769 corporate/3.0/RPMS/perl-doc-5.8.3-5.3.C30mdk.i586.rpm 76f2ba5789d07ada7629f3fb4555214c corporate/3.0/SRPMS/perl-5.8.3-5.3.C30mdk.src.rpm
Corporate Server 3.0/X86_64
6f9cbbbecbd93e0a69f90b87911b975c x86_64/corporate/3.0/RPMS/perl-5.8.3-5.3.C30mdk.x86_64.rpm db36c037cd22e733423ee210dae671fe x86_64/corporate/3.0/RPMS/perl-base-5.8.3-5.3.C30mdk.x86_64.rpm abb4772f920cc0d2776dfda4e61f7f37 x86_64/corporate/3.0/RPMS/perl-devel-5.8.3-5.3.C30mdk.x86_64.rpm 7e2303ef39f8a35616cd3ee646faf224 x86_64/corporate/3.0/RPMS/perl-doc-5.8.3-5.3.C30mdk.x86_64.rpm 76f2ba5789d07ada7629f3fb4555214c x86_64/corporate/3.0/SRPMS/perl-5.8.3-5.3.C30mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0156
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.