[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051202132320.GC6589@piware.de>
Date: Fri Dec 2 13:23:33 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-222-1] Perl vulnerability
===========================================================
Ubuntu Security Notice USN-222-1 December 02, 2005
perl vulnerability
CVE-2005-3962
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
perl-base
The problem can be corrected by upgrading the affected package to
version 5.8.4-2ubuntu0.5 (for Ubuntu 4.10), 5.8.4-6ubuntu1.1 (for
Ubuntu 5.04), or 5.8.7-5ubuntu1.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Jack Louis of Dyad Security discovered that Perl did not sufficiently
check the explicit length argument in format strings. Specially
crafted format strings with overly large length arguments led to a
crash of the Perl interpreter or even to execution of arbitrary
attacker-defined code with the privileges of the user running the Perl
program.
However, this attack was only possible in insecure Perl programs which
use variables with user-defined values in string interpolations
without checking their validity.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5.diff.gz
Size/MD5: 60449 138a02883a2dbe7a64ab04afdd66e9d9
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5.dsc
Size/MD5: 727 703d3ffd2a87bde7c541c6e8e837aadb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.5_all.deb
Size/MD5: 37058 bd3315452eecd9d428dabe16e53f2ded
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.5_all.deb
Size/MD5: 7049780 5786917c60337ce874fe75bd3356ca12
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.5_all.deb
Size/MD5: 2181250 7c97e5758dfff350f684ba84aab0a2dc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 605446 b75c1a5bf7e1663f74c99fe3b42ceab7
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 1030 010890e33535d7a9b5f3c29fb18c2278
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 787320 7028286655aa8f1583cbc33de1769810
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 3819880 c0234ca782a1821ceb46a6e3f31c5040
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 32838 298ae33f6e488bb5676358862672bf7d
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 3834290 ea9cb2fe0d5da2cf9f41280d82af236f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 546916 c1696ad6b6cc8b135ef8b9b3c4d641dc
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 494116 6969f99be7a08e72397f88141cf792fa
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 727682 8df403b46255458380f8f1cc470695cf
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 3631196 8b2c590421d6fb1990c10cbbd082127e
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 30812 e59daea11508610cce6fbfe1d1d27352
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 3229772 b29f36a2a1d486b13b021785ae7416e4
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 561030 3d81dd76a5b743776b4c8b9596199075
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 1036 febc4be8e86ba57988038b2245098602
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 718498 5e1d9871793e853806968c95d065da8c
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 3817110 71b313d4d4e8fbaf159c570ca8a67ccc
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 30564 869d07e824d69d9eb729ffac2ee3e307
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 3477134 5bc641ebc225d4df2d758a27bc4b076d
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1.diff.gz
Size/MD5: 85222 f860ad98b388fe9b8bb86cc7e35345c7
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1.dsc
Size/MD5: 744 a7ed7714ee125e9ef47ad3815ef631d9
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-6ubuntu1.1_all.deb
Size/MD5: 37848 e127ed7dfc844352edc5decfce571304
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-6ubuntu1.1_all.deb
Size/MD5: 7050018 04f464518415aba917f23fb92aa2c692
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-6ubuntu1.1_all.deb
Size/MD5: 2178096 dd899c9f55a68afd7b9fbfd20be24e6d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 605492 e7ced10f4d56325865215644ca3cf206
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 1032 0de0991b480a41be576e0eb314cf9076
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 791098 48622e7501239e1bf514a478958e641f
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 3825826 86680f4b3ec293e8ff7d6766aa8e34fc
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 32840 9087597015a77995be3fae92dc8875dd
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 3833986 0e950b7f25c2c2d133cdc5deeed083bc
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 547172 be2b0d1b086af1fe4de25456d8db0a32
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 494206 a23e58dc0ed626af909d7b5d6992665c
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 731022 5cbdd58be91bec1b8bda5b9e0ce5041c
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 3630452 340473c47f02b82e3ab58ebce8a2cb4c
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 30464 5c493e827dcd495f0a74be1cb7d76d26
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 3230234 6dfd8e1ffc89ab95f380093ae676829a
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 625218 71310d2d768fe03cf6a9a23a4d43298a
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 1044 45d4349e536701ce7ed8032056da3ba0
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 789578 1ff2f2abd2469dc46cb7cbda0d9be51d
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 3588104 2fbb1cb36d1f38af8a165397bbe08695
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 33578 9b2011b06bf9837f88d24cbc4051067c
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 3509086 5029a74793ea9a46ddf8053a94193d21
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1.diff.gz
Size/MD5: 134597 d5eb14b2a7b72b5fef014284cb989404
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1.dsc
Size/MD5: 724 cc3cd8ed85ab22c3dc5bcc28e4dfa166
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz
Size/MD5: 12512211 dacefa1fe3c5b6d7bbc334ad94826131
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.7-5ubuntu1.1_all.deb
Size/MD5: 39132 1698e69173383d40dbf7265ea9c31c75
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.7-5ubuntu1.1_all.deb
Size/MD5: 7206644 da242594035cf2bf1e7f7e73e67c2562
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.7-5ubuntu1.1_all.deb
Size/MD5: 2325766 7f69e0426eca9092f4e0da8c12be7cb5
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 641136 5f3b2d6818b93ce69f45c2225475f994
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 1008 909ca536921167aa03a9bcfe17504ecc
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 819570 323c17484cbcdd2325016faa41954d9d
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 2689162 81924c3f4ea92a95efe6ca26a9e93d35
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 31392 7b62c900f9d4226baf46536f33aa43cb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 3974714 ec727b329279874b06c3a1ff4eaf013d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 560106 4a7bfbf041785c53c17549b9fe8b5651
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 505946 8b87d461dd40e550869ab377449cd07b
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 737400 49b7d3f90c86c53c75dddaf1c7451b01
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 2453904 932044f5e5b32e7cbe7ebe7ba1787806
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 28828 1824f7c1147d4039b5ad8e0880329fc2
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 3297136 39cdfaba9743158eb0f770e2caec2adc
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 656086 7fbb2c2885063467fb63ceadf83856e0
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 1008 c463dda6c6b94f4a279d8180924c1fa3
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 814770 ba1a2147b2717afdeb6bc6c603748684
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 2646280 c7debfc211977a5587eeb353dcf9ac09
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 31994 635f808e87308177acc302816f65a566
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 3657374 cbe8f520cc8e821b288c06af052822f6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051202/46256817/attachment.bin
Powered by blists - more mailing lists