lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051212151749.GF5056@piware.de>
Date: Mon Dec 12 15:17:56 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-222-2] Perl vulnerability

===========================================================
Ubuntu Security Notice USN-222-2	  December 12, 2005
perl vulnerability
CVE-2005-3962
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libperl5.8
perl-base

The problem can be corrected by upgrading the affected package to
version 5.8.4-2ubuntu0.6 (for Ubuntu 4.10), 5.8.4-6ubuntu1.2 (for
Ubuntu 5.04), or 5.8.7-5ubuntu1.2 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-222-1 fixed a vulnerability in the Perl interpreter. It was
discovered that the version of USN-222-1 was not sufficient to handle
all possible cases of malformed input that could lead to arbitrary
code execution, so another update is necessary.

Original advisory:

  Jack Louis of Dyad Security discovered that Perl did not
  sufficiently check the explicit length argument in format strings.
  Specially crafted format strings with overly large length arguments
  led to a crash of the Perl interpreter or even to execution of
  arbitrary attacker-defined code with the privileges of the user
  running the Perl program.

  However, this attack was only possible in insecure Perl programs
  which use variables with user-defined values in string
  interpolations without checking their validity.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.6.diff.gz
      Size/MD5:    65287 5b3e19646e2091eb9294220d0f7db14f
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.6.dsc
      Size/MD5:      727 f56ec1862af2a154066ea04d950ae74c
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
      Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.6_all.deb
      Size/MD5:    37120 34c8f6b057066ed0b5e07ac1a4b783b6
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.6_all.deb
      Size/MD5:  7049588 2e0dedeaf0d5ebb7f5db7b0fc7885993
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.6_all.deb
      Size/MD5:  2181262 d51dcf8f5d749b48a95111e334e19e40

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.6_amd64.deb
      Size/MD5:   605672 c5af1be0954268bd9dec4b350a5f6e60
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.6_amd64.deb
      Size/MD5:     1032 fda7bcbdfdc9edce6299dafa80cf8af9
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.6_amd64.deb
      Size/MD5:   787486 379267d6352e32ea9c19705632aa31ff
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.6_amd64.deb
      Size/MD5:  3820376 216a2a3838f56e5d130efb6bc81216ec
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.6_amd64.deb
      Size/MD5:    32970 12370fa42f20842b0f1e2700d8becef6
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.6_amd64.deb
      Size/MD5:  3834442 7716de916cd192cb0994880f7edc7c32

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.6_i386.deb
      Size/MD5:   547084 1adfa9c3510df872ca4002d90e6ebf0f
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.6_i386.deb
      Size/MD5:   494308 2744b8ac7f93c771240b12fb4d02b36e
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.6_i386.deb
      Size/MD5:   727906 7f2faf7b54a7e0398c807a46f0c17817
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.6_i386.deb
      Size/MD5:  3631738 82ad474e7516dec454da629a93128848
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.6_i386.deb
      Size/MD5:    30930 eed03dfcc0265086b8e009ab614041ba
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.6_i386.deb
      Size/MD5:  3229914 6be57f704821ee42e2da1580da7b68f5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.6_powerpc.deb
      Size/MD5:   561444 65381c155d8b7a4c2b3ae8d0ee8f4343
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.6_powerpc.deb
      Size/MD5:     1040 731ffc922ffd0879497c1b5ff1628b6a
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.6_powerpc.deb
      Size/MD5:   718886 0dd2fb65fd29067c751d523a4800363c
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.6_powerpc.deb
      Size/MD5:  3817978 72d094eb38100698b1aae1deeb58bffb
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.6_powerpc.deb
      Size/MD5:    30802 9a423971bbd7b4cef1bfdb2a7fd54d87
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.6_powerpc.deb
      Size/MD5:  3477346 4d6f4b5ca1839ae4234186aa02e8e7c5

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.2.diff.gz
      Size/MD5:    89318 a3a73738a8b8efd75aa182cd13fb1860
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.2.dsc
      Size/MD5:      744 1e017e411a53677367e87b8c3a4046d3
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
      Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-6ubuntu1.2_all.deb
      Size/MD5:    37922 dffd4fc6f386b1c5f11c4600dce7ad5c
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-6ubuntu1.2_all.deb
      Size/MD5:  7049702 c8d70cd6675866f6ac525bd6ac52a99b
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-6ubuntu1.2_all.deb
      Size/MD5:  2178092 873559d5d60c08e2a8375e6a96990e53

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.2_amd64.deb
      Size/MD5:   605680 f0275ed35fbda6bd944b26b77ee6355b
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.2_amd64.deb
      Size/MD5:     1030 207e8a400a8859ecf33e62f4cceaba80
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.2_amd64.deb
      Size/MD5:   791310 df53b2d65ed91ba0344d503380492203
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.2_amd64.deb
      Size/MD5:  3826158 7d54efef54b674ffdeb4b1e75063e2fc
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.2_amd64.deb
      Size/MD5:    32980 97fe9bf54cd382f7b09560de76b5d856
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.2_amd64.deb
      Size/MD5:  3834148 fa33b977bfad84fd5c339ac6a8a4fc3e

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.2_i386.deb
      Size/MD5:   547306 01af9e7e1523f8667e35554cc615c26c
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.2_i386.deb
      Size/MD5:   494410 62a8334b0f3283304ba6dc29287bfb8e
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.2_i386.deb
      Size/MD5:   731186 7585a3909732bfc9557e6cb24f8f85ed
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.2_i386.deb
      Size/MD5:  3631248 49e47efb7b7e24c6d2f0b00780af2627
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.2_i386.deb
      Size/MD5:    30600 46e198ea02ca26ff218fb8c8def02173
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.2_i386.deb
      Size/MD5:  3230238 8a2c08cab7a8fa713f872c20f7b3003f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.2_powerpc.deb
      Size/MD5:   625376 0ac8f25e544be1a5cd06d3f7655ab778
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.2_powerpc.deb
      Size/MD5:     1040 ebb0abd127bdc4c3c2aa875f76a9de44
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.2_powerpc.deb
      Size/MD5:   789820 653b717cc511a48834fb855241f9895a
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.2_powerpc.deb
      Size/MD5:  3589148 90fd48da735eec46c83dffe53141599e
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.2_powerpc.deb
      Size/MD5:    33710 ac7663a3041b364dc7304789f166089d
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.2_powerpc.deb
      Size/MD5:  3509404 282cf6cd561f85770a0bf16850d62aed

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.2.diff.gz
      Size/MD5:   138676 cb9f0e6ee16706a0a57803f5418cee85
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.2.dsc
      Size/MD5:      724 4d821dbd55312a6cda028ea4b2b01a71
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz
      Size/MD5: 12512211 dacefa1fe3c5b6d7bbc334ad94826131

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.7-5ubuntu1.2_all.deb
      Size/MD5:    39204 13ee742f2116e1c59001c059358f49d1
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.7-5ubuntu1.2_all.deb
      Size/MD5:  7206780 3734f65b71a70fef5dda18026153d901
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.7-5ubuntu1.2_all.deb
      Size/MD5:  2325762 c0febd1257a462bc183633c12f97a9d2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.2_amd64.deb
      Size/MD5:   641396 cb669098bbe1dda4d985fc1abeb52b5a
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.2_amd64.deb
      Size/MD5:     1008 df31ac411ee5b5cdcc679e49c231614d
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.2_amd64.deb
      Size/MD5:   819760 0c34e32ade8fac53356dbf95649cfcee
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.2_amd64.deb
      Size/MD5:  2689940 eefe91d7d1aee78b6d84ee8044556120
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.2_amd64.deb
      Size/MD5:    31540 5806879f51b79ba373eac29b7633e245
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.2_amd64.deb
      Size/MD5:  3974988 c9dd927bd39c72606146c3de7fec7f18

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.2_i386.deb
      Size/MD5:   560316 eb964f53d00d5e16f0d074460a6d7315
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.2_i386.deb
      Size/MD5:   505994 d88e73bf59e859a0efecca42c6524157
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.2_i386.deb
      Size/MD5:   737720 8df8b2936b3189d9d37586f275096146
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.2_i386.deb
      Size/MD5:  2454466 2ddeabe8c468d800cbbac03ce0e2d454
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.2_i386.deb
      Size/MD5:    29052 71fb8a9e0b8cb4a5bb568c8cf8610153
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.2_i386.deb
      Size/MD5:  3297206 3761f58400331261204a53322eabe79c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.2_powerpc.deb
      Size/MD5:   656200 b5fb5ff99cadcd80a223b1ba3c94ba46
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.2_powerpc.deb
      Size/MD5:     1012 f9de5ed600bb12059ac36743ce6d054d
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.2_powerpc.deb
      Size/MD5:   814884 7041e0d43fafd9c778eac766a3f87cc4
    http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.2_powerpc.deb
      Size/MD5:  2646988 44c2ec940009faddc95cdcb347cb520c
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.2_powerpc.deb
      Size/MD5:    32164 18bcb6924eaffe0bb176e21d62e099c0
    http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.2_powerpc.deb
      Size/MD5:  3657600 0511cf2341c18998acab022212f02f02
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051212/6b117476/attachment-0001.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ