[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051212151749.GF5056@piware.de>
Date: Mon Dec 12 15:17:56 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-222-2] Perl vulnerability
===========================================================
Ubuntu Security Notice USN-222-2 December 12, 2005
perl vulnerability
CVE-2005-3962
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
libperl5.8
perl-base
The problem can be corrected by upgrading the affected package to
version 5.8.4-2ubuntu0.6 (for Ubuntu 4.10), 5.8.4-6ubuntu1.2 (for
Ubuntu 5.04), or 5.8.7-5ubuntu1.2 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Details follow:
USN-222-1 fixed a vulnerability in the Perl interpreter. It was
discovered that the version of USN-222-1 was not sufficient to handle
all possible cases of malformed input that could lead to arbitrary
code execution, so another update is necessary.
Original advisory:
Jack Louis of Dyad Security discovered that Perl did not
sufficiently check the explicit length argument in format strings.
Specially crafted format strings with overly large length arguments
led to a crash of the Perl interpreter or even to execution of
arbitrary attacker-defined code with the privileges of the user
running the Perl program.
However, this attack was only possible in insecure Perl programs
which use variables with user-defined values in string
interpolations without checking their validity.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.6.diff.gz
Size/MD5: 65287 5b3e19646e2091eb9294220d0f7db14f
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.6.dsc
Size/MD5: 727 f56ec1862af2a154066ea04d950ae74c
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.6_all.deb
Size/MD5: 37120 34c8f6b057066ed0b5e07ac1a4b783b6
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.6_all.deb
Size/MD5: 7049588 2e0dedeaf0d5ebb7f5db7b0fc7885993
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.6_all.deb
Size/MD5: 2181262 d51dcf8f5d749b48a95111e334e19e40
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.6_amd64.deb
Size/MD5: 605672 c5af1be0954268bd9dec4b350a5f6e60
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.6_amd64.deb
Size/MD5: 1032 fda7bcbdfdc9edce6299dafa80cf8af9
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.6_amd64.deb
Size/MD5: 787486 379267d6352e32ea9c19705632aa31ff
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.6_amd64.deb
Size/MD5: 3820376 216a2a3838f56e5d130efb6bc81216ec
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.6_amd64.deb
Size/MD5: 32970 12370fa42f20842b0f1e2700d8becef6
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.6_amd64.deb
Size/MD5: 3834442 7716de916cd192cb0994880f7edc7c32
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.6_i386.deb
Size/MD5: 547084 1adfa9c3510df872ca4002d90e6ebf0f
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.6_i386.deb
Size/MD5: 494308 2744b8ac7f93c771240b12fb4d02b36e
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.6_i386.deb
Size/MD5: 727906 7f2faf7b54a7e0398c807a46f0c17817
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.6_i386.deb
Size/MD5: 3631738 82ad474e7516dec454da629a93128848
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.6_i386.deb
Size/MD5: 30930 eed03dfcc0265086b8e009ab614041ba
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.6_i386.deb
Size/MD5: 3229914 6be57f704821ee42e2da1580da7b68f5
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.6_powerpc.deb
Size/MD5: 561444 65381c155d8b7a4c2b3ae8d0ee8f4343
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.6_powerpc.deb
Size/MD5: 1040 731ffc922ffd0879497c1b5ff1628b6a
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.6_powerpc.deb
Size/MD5: 718886 0dd2fb65fd29067c751d523a4800363c
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.6_powerpc.deb
Size/MD5: 3817978 72d094eb38100698b1aae1deeb58bffb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.6_powerpc.deb
Size/MD5: 30802 9a423971bbd7b4cef1bfdb2a7fd54d87
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.6_powerpc.deb
Size/MD5: 3477346 4d6f4b5ca1839ae4234186aa02e8e7c5
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.2.diff.gz
Size/MD5: 89318 a3a73738a8b8efd75aa182cd13fb1860
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.2.dsc
Size/MD5: 744 1e017e411a53677367e87b8c3a4046d3
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-6ubuntu1.2_all.deb
Size/MD5: 37922 dffd4fc6f386b1c5f11c4600dce7ad5c
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-6ubuntu1.2_all.deb
Size/MD5: 7049702 c8d70cd6675866f6ac525bd6ac52a99b
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-6ubuntu1.2_all.deb
Size/MD5: 2178092 873559d5d60c08e2a8375e6a96990e53
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.2_amd64.deb
Size/MD5: 605680 f0275ed35fbda6bd944b26b77ee6355b
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.2_amd64.deb
Size/MD5: 1030 207e8a400a8859ecf33e62f4cceaba80
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.2_amd64.deb
Size/MD5: 791310 df53b2d65ed91ba0344d503380492203
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.2_amd64.deb
Size/MD5: 3826158 7d54efef54b674ffdeb4b1e75063e2fc
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.2_amd64.deb
Size/MD5: 32980 97fe9bf54cd382f7b09560de76b5d856
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.2_amd64.deb
Size/MD5: 3834148 fa33b977bfad84fd5c339ac6a8a4fc3e
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.2_i386.deb
Size/MD5: 547306 01af9e7e1523f8667e35554cc615c26c
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.2_i386.deb
Size/MD5: 494410 62a8334b0f3283304ba6dc29287bfb8e
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.2_i386.deb
Size/MD5: 731186 7585a3909732bfc9557e6cb24f8f85ed
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.2_i386.deb
Size/MD5: 3631248 49e47efb7b7e24c6d2f0b00780af2627
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.2_i386.deb
Size/MD5: 30600 46e198ea02ca26ff218fb8c8def02173
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.2_i386.deb
Size/MD5: 3230238 8a2c08cab7a8fa713f872c20f7b3003f
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.2_powerpc.deb
Size/MD5: 625376 0ac8f25e544be1a5cd06d3f7655ab778
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.2_powerpc.deb
Size/MD5: 1040 ebb0abd127bdc4c3c2aa875f76a9de44
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.2_powerpc.deb
Size/MD5: 789820 653b717cc511a48834fb855241f9895a
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.2_powerpc.deb
Size/MD5: 3589148 90fd48da735eec46c83dffe53141599e
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.2_powerpc.deb
Size/MD5: 33710 ac7663a3041b364dc7304789f166089d
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.2_powerpc.deb
Size/MD5: 3509404 282cf6cd561f85770a0bf16850d62aed
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.2.diff.gz
Size/MD5: 138676 cb9f0e6ee16706a0a57803f5418cee85
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.2.dsc
Size/MD5: 724 4d821dbd55312a6cda028ea4b2b01a71
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz
Size/MD5: 12512211 dacefa1fe3c5b6d7bbc334ad94826131
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.7-5ubuntu1.2_all.deb
Size/MD5: 39204 13ee742f2116e1c59001c059358f49d1
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.7-5ubuntu1.2_all.deb
Size/MD5: 7206780 3734f65b71a70fef5dda18026153d901
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.7-5ubuntu1.2_all.deb
Size/MD5: 2325762 c0febd1257a462bc183633c12f97a9d2
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.2_amd64.deb
Size/MD5: 641396 cb669098bbe1dda4d985fc1abeb52b5a
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.2_amd64.deb
Size/MD5: 1008 df31ac411ee5b5cdcc679e49c231614d
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.2_amd64.deb
Size/MD5: 819760 0c34e32ade8fac53356dbf95649cfcee
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.2_amd64.deb
Size/MD5: 2689940 eefe91d7d1aee78b6d84ee8044556120
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.2_amd64.deb
Size/MD5: 31540 5806879f51b79ba373eac29b7633e245
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.2_amd64.deb
Size/MD5: 3974988 c9dd927bd39c72606146c3de7fec7f18
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.2_i386.deb
Size/MD5: 560316 eb964f53d00d5e16f0d074460a6d7315
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.2_i386.deb
Size/MD5: 505994 d88e73bf59e859a0efecca42c6524157
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.2_i386.deb
Size/MD5: 737720 8df8b2936b3189d9d37586f275096146
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.2_i386.deb
Size/MD5: 2454466 2ddeabe8c468d800cbbac03ce0e2d454
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.2_i386.deb
Size/MD5: 29052 71fb8a9e0b8cb4a5bb568c8cf8610153
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.2_i386.deb
Size/MD5: 3297206 3761f58400331261204a53322eabe79c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.2_powerpc.deb
Size/MD5: 656200 b5fb5ff99cadcd80a223b1ba3c94ba46
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.2_powerpc.deb
Size/MD5: 1012 f9de5ed600bb12059ac36743ce6d054d
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.2_powerpc.deb
Size/MD5: 814884 7041e0d43fafd9c778eac766a3f87cc4
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.2_powerpc.deb
Size/MD5: 2646988 44c2ec940009faddc95cdcb347cb520c
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.2_powerpc.deb
Size/MD5: 32164 18bcb6924eaffe0bb176e21d62e099c0
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.2_powerpc.deb
Size/MD5: 3657600 0511cf2341c18998acab022212f02f02
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051212/6b117476/attachment-0001.bin
Powered by blists - more mailing lists