[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041221102713.GB27148@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-44-1] perl information leak
===========================================================
Ubuntu Security Notice USN-44-1 December 21, 2004
perl vulnerabilities
CAN-2004-0452
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
perl-modules
The problem can be corrected by upgrading the affected package to
version 5.8.4-2ubuntu0.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
A race condition and possible information leak has been discovered in
Perl's File::Path::rmtree(). This function changes the permission of
files and directories before removing them to avoid problems with
wrong permissions. However, they were made readable and writable not
only for the owner, but for the entire world, which opened a race
condition and a possible information leak (if the actual removal of a
file/directory failed for some reason).
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2.diff.gz
Size/MD5: 57275 7c5bfeaebe727e706b2f5187a83ca30d
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2.dsc
Size/MD5: 727 f9f33d4fff77573d6dcf4b06bc360837
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.2_all.deb
Size/MD5: 36536 a00d1cd79825a29cb0711563b9c3e090
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.2_all.deb
Size/MD5: 7049930 0a95b9e57ea618a92c1d7dcf5f2acf68
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.2_all.deb
Size/MD5: 2181378 13957c0f2d39068891ec94c2b6ca8e21
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.2_amd64.deb
Size/MD5: 605384 cf119880fc05c4f39b88020906853153
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.2_amd64.deb
Size/MD5: 1030 f945f03d278b406e7002d7ca2a9daa7d
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.2_amd64.deb
Size/MD5: 786796 04cec9bde93828ae970a50f0c17d742c
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.2_amd64.deb
Size/MD5: 3819858 e399fb65322565bea74b1c368376e0a9
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.2_amd64.deb
Size/MD5: 32834 2fdd6630ed9734ecf52175317abd73bb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2_amd64.deb
Size/MD5: 3834294 8c2bc2159adf44eaa11c00ed822dcbe2
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.2_i386.deb
Size/MD5: 546846 c280e92bca69e4d35afec165f269548c
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.2_i386.deb
Size/MD5: 494038 3bef54ba7fd432eaa2eb8f457bd76c16
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.2_i386.deb
Size/MD5: 727156 7db0cb83924058566c96008473c62e48
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.2_i386.deb
Size/MD5: 3631004 fe315ecd0b69a9b36bc06b8fd4ce696a
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.2_i386.deb
Size/MD5: 30814 2c399de025ab3beda085d2a1ccb53450
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2_i386.deb
Size/MD5: 3229768 4bb3ed09adcd85a543472aab7ca9225a
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.2_powerpc.deb
Size/MD5: 560978 bf01c6b3573261f5b44aa20b75ac0747
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.2_powerpc.deb
Size/MD5: 1032 c6b483f4ec3021bb9d198a566d017e86
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.2_powerpc.deb
Size/MD5: 718122 f4b86a11865691a5aa54329530bac295
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.2_powerpc.deb
Size/MD5: 3817060 904ec3058d81e037e086c3eeb9a1cc39
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.2_powerpc.deb
Size/MD5: 30560 47a80c652b51ce2042eeaa4ae5919346
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2_powerpc.deb
Size/MD5: 3477172 6412491bf1c5aad614efdf142daaf667
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041221/88610990/attachment.bin
Powered by blists - more mailing lists