lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-44-1] perl information leak

===========================================================
Ubuntu Security Notice USN-44-1		  December 21, 2004
perl vulnerabilities
CAN-2004-0452
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

perl-modules

The problem can be corrected by upgrading the affected package to
version 5.8.4-2ubuntu0.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A race condition and possible information leak has been discovered in
Perl's File::Path::rmtree(). This function changes the permission of
files and directories before removing them to avoid problems with
wrong permissions. However, they were made readable and writable not
only for the owner, but for the entire world, which opened a race
condition and a possible information leak (if the actual removal of a
file/directory failed for some reason).

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2.diff.gz
      Size/MD5:    57275 7c5bfeaebe727e706b2f5187a83ca30d
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2.dsc
      Size/MD5:      727 f9f33d4fff77573d6dcf4b06bc360837
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
      Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.2_all.deb
      Size/MD5:    36536 a00d1cd79825a29cb0711563b9c3e090
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.2_all.deb
      Size/MD5:  7049930 0a95b9e57ea618a92c1d7dcf5f2acf68
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.2_all.deb
      Size/MD5:  2181378 13957c0f2d39068891ec94c2b6ca8e21

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.2_amd64.deb
      Size/MD5:   605384 cf119880fc05c4f39b88020906853153
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.2_amd64.deb
      Size/MD5:     1030 f945f03d278b406e7002d7ca2a9daa7d
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.2_amd64.deb
      Size/MD5:   786796 04cec9bde93828ae970a50f0c17d742c
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.2_amd64.deb
      Size/MD5:  3819858 e399fb65322565bea74b1c368376e0a9
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.2_amd64.deb
      Size/MD5:    32834 2fdd6630ed9734ecf52175317abd73bb
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2_amd64.deb
      Size/MD5:  3834294 8c2bc2159adf44eaa11c00ed822dcbe2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.2_i386.deb
      Size/MD5:   546846 c280e92bca69e4d35afec165f269548c
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.2_i386.deb
      Size/MD5:   494038 3bef54ba7fd432eaa2eb8f457bd76c16
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.2_i386.deb
      Size/MD5:   727156 7db0cb83924058566c96008473c62e48
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.2_i386.deb
      Size/MD5:  3631004 fe315ecd0b69a9b36bc06b8fd4ce696a
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.2_i386.deb
      Size/MD5:    30814 2c399de025ab3beda085d2a1ccb53450
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2_i386.deb
      Size/MD5:  3229768 4bb3ed09adcd85a543472aab7ca9225a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.2_powerpc.deb
      Size/MD5:   560978 bf01c6b3573261f5b44aa20b75ac0747
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.2_powerpc.deb
      Size/MD5:     1032 c6b483f4ec3021bb9d198a566d017e86
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.2_powerpc.deb
      Size/MD5:   718122 f4b86a11865691a5aa54329530bac295
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.2_powerpc.deb
      Size/MD5:  3817060 904ec3058d81e037e086c3eeb9a1cc39
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.2_powerpc.deb
      Size/MD5:    30560 47a80c652b51ce2042eeaa4ae5919346
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2_powerpc.deb
      Size/MD5:  3477172 6412491bf1c5aad614efdf142daaf667
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041221/88610990/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ