lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jun 2018 04:48:02 +0000 From: Salvatore Bonaccorso <carnil@...ian.org> To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 4226-1] perl security update -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4226-1 security@...ian.org https://www.debian.org/security/ Salvatore Bonaccorso June 12, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : perl CVE ID : CVE-2018-12015 Debian Bug : 900834 Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive. For the oldstable distribution (jessie), this problem has been fixed in version 5.20.2-3+deb8u11. For the stable distribution (stretch), this problem has been fixed in version 5.24.1-3+deb9u4. We recommend that you upgrade your perl packages. For the detailed security status of perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/perl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@...ts.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsfUF9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R0vw/8C8JM4x+DX3SAMCQsP0jLshcMMLZ4HJ/3aloi/3+cfzyJO4J/DOaxM4BA cPEW5HdcuGWKcAJl/SMy5j94RdIlYgh08lQDEbJwCgxxmVlzC1e7LgSdxFuqTTSb uRAdTvEpDj5s+tTLKWkZrr6WALrs/yg+RFsxtbZ7NvgFu1Uj3HGHpav0ylQY8YRR yaq43eLvFp/znPrXkAeja7pY0hPLAaSkxN7NuMM/osJ/sKiTzpXeinQoxIc5qCqC lhso86lb+hq6iZ7T78nUbe+jb/a3K+feAfXsCjdYI37tMgNRE4EosWKREhp0h1J7 WqvXvQpxlbwd4Ilf6SnKmhUcrtC7NL/t7wIsmvsLU88rgmOOpOqlDbCPRVTsNVdq Ccx/+qZYc0d5Jiq0NHxRCpSU5W0TgoekOWs2C4jYTJ7dH/7IxWB6fe/VagHLhQAq D16UHe+3Y7RkLa+44Za4JHGzjURwwjYzbS+MOIZFHz6/hk+gZBvEIF//6AJgXtZL NMXzhOstl35abQ6EoR82nx71gYbVyG4022K3XWcUhX+UUeLAYv1+b3ZGVXHjBiQB mLnCwG+l7TdQyWDMWswrf/MT9k8BsmIUe9K0XXSRsr+NAXRzEQjMhiJJIwiFp0YG 8bTjHqaQuvrop7CwC/d9vtj7852ukAnnGL32FRQwDlu14gTarsM= =22Iz -----END PGP SIGNATURE-----
Powered by blists - more mailing lists