lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1IpH68-0001qs-PF@artemis.annvix.ca>
Date: Mon, 05 Nov 2007 22:35:36 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:207 ] - Updated perl packages fix
	vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:207
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : perl
 Date    : November 5, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular
 expression engine.  Specially crafted input to a regular expression can
 cause Perl to improperly allocate memory, resulting in the possible
 execution of arbitrary code with the permissions of the user running
 Perl.
 
 Updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 7dee97092269465ccb5de0f35321ab13  2007.0/i586/perl-5.8.8-7.1mdv2007.0.i586.rpm
 efd626e1f1efd248e6c6570e88a599c3  2007.0/i586/perl-base-5.8.8-7.1mdv2007.0.i586.rpm
 62b10d28a5abc05d3b8cd35c7f68e8aa  2007.0/i586/perl-devel-5.8.8-7.1mdv2007.0.i586.rpm
 3a9dc19143ab6a27713fdeb6665d8d76  2007.0/i586/perl-doc-5.8.8-7.1mdv2007.0.i586.rpm
 60b511580ae4f514434dd111efa42872  2007.0/i586/perl-suid-5.8.8-7.1mdv2007.0.i586.rpm 
 08e44392992b4ab983bf85debb8be462  2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 be33f079454aec3b88f21716dfacf8d6  2007.0/x86_64/perl-5.8.8-7.1mdv2007.0.x86_64.rpm
 5a82850218434119c3f55047b3068213  2007.0/x86_64/perl-base-5.8.8-7.1mdv2007.0.x86_64.rpm
 4f995ed4fa46f2bf79a427d9341e895b  2007.0/x86_64/perl-devel-5.8.8-7.1mdv2007.0.x86_64.rpm
 e949a7e20661c6c5f4c4511f25196ff6  2007.0/x86_64/perl-doc-5.8.8-7.1mdv2007.0.x86_64.rpm
 a3df44cc0b957b02bfcab3eed98542dd  2007.0/x86_64/perl-suid-5.8.8-7.1mdv2007.0.x86_64.rpm 
 08e44392992b4ab983bf85debb8be462  2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 efb800025ab3001b90af0e16e5a49886  2007.1/i586/perl-5.8.8-10.1mdv2007.1.i586.rpm
 515beec177dd5a0418090016ae357274  2007.1/i586/perl-base-5.8.8-10.1mdv2007.1.i586.rpm
 ae79195a6f27e44fd4ff7899497cf948  2007.1/i586/perl-devel-5.8.8-10.1mdv2007.1.i586.rpm
 f721306e820d4c66db3466917cde67f9  2007.1/i586/perl-doc-5.8.8-10.1mdv2007.1.i586.rpm
 85a219e5b2c3788841024be8d81b2cac  2007.1/i586/perl-suid-5.8.8-10.1mdv2007.1.i586.rpm 
 9b22a92ec4a3dc898a12bbb80ada4de2  2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 1a17302f843293a5dc0063fe3e4549c0  2007.1/x86_64/perl-5.8.8-10.1mdv2007.1.x86_64.rpm
 c85ba481d517ec81c54eea5bc7064405  2007.1/x86_64/perl-base-5.8.8-10.1mdv2007.1.x86_64.rpm
 5d3b84a1444339a83058bc3493506d22  2007.1/x86_64/perl-devel-5.8.8-10.1mdv2007.1.x86_64.rpm
 005d395a8717bd5af248820eb01cc1d8  2007.1/x86_64/perl-doc-5.8.8-10.1mdv2007.1.x86_64.rpm
 f6c966ea032f921f033934d1f894b96b  2007.1/x86_64/perl-suid-5.8.8-10.1mdv2007.1.x86_64.rpm 
 9b22a92ec4a3dc898a12bbb80ada4de2  2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 6e84010549818c839e91034391b79f4f  2008.0/i586/perl-5.8.8-12.1mdv2008.0.i586.rpm
 f09541f2caf348aee64161cecdf7276e  2008.0/i586/perl-base-5.8.8-12.1mdv2008.0.i586.rpm
 dce7ae7aba1d356fd366075b67478493  2008.0/i586/perl-devel-5.8.8-12.1mdv2008.0.i586.rpm
 b3169afea74fd707021d03410172b6c0  2008.0/i586/perl-doc-5.8.8-12.1mdv2008.0.i586.rpm
 78585fde0ad5b02f3e7c0f01d31a1ccf  2008.0/i586/perl-suid-5.8.8-12.1mdv2008.0.i586.rpm 
 584ad050342c7136e161fc48d29398bf  2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 6ee9071cb1b0a6f38e731b1cd9a421e7  2008.0/x86_64/perl-5.8.8-12.1mdv2008.0.x86_64.rpm
 d7bd85fb101d94bf1dc84bcf817533d7  2008.0/x86_64/perl-base-5.8.8-12.1mdv2008.0.x86_64.rpm
 031487e27d7f2a12003efe8ab714a096  2008.0/x86_64/perl-devel-5.8.8-12.1mdv2008.0.x86_64.rpm
 3c1846b134cbd1461ffd291a95f6e2d2  2008.0/x86_64/perl-doc-5.8.8-12.1mdv2008.0.x86_64.rpm
 99f545fefe35f45b5d90d2f98fe14da5  2008.0/x86_64/perl-suid-5.8.8-12.1mdv2008.0.x86_64.rpm 
 584ad050342c7136e161fc48d29398bf  2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm

 Corporate 3.0:
 9388a0766403e1accc6afc3d963960ba  corporate/3.0/i586/perl-5.8.3-5.6.C30mdk.i586.rpm
 a67623fb7d2e4e18ca8976c64e43a4ca  corporate/3.0/i586/perl-base-5.8.3-5.6.C30mdk.i586.rpm
 9068ad50c3e10c29940bb071651a8d4d  corporate/3.0/i586/perl-devel-5.8.3-5.6.C30mdk.i586.rpm
 a8a2e1b1963c212e4644c320f27c71d3  corporate/3.0/i586/perl-doc-5.8.3-5.6.C30mdk.i586.rpm 
 15b73b73ea6dd0de1100e1445690c034  corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 f2f7445b49d5d7afa7b3766d71bdf65f  corporate/3.0/x86_64/perl-5.8.3-5.6.C30mdk.x86_64.rpm
 ef5dabb99fdbe28068089eba1fd8bcc4  corporate/3.0/x86_64/perl-base-5.8.3-5.6.C30mdk.x86_64.rpm
 4a5a04a330db20f460229aa69ded5e95  corporate/3.0/x86_64/perl-devel-5.8.3-5.6.C30mdk.x86_64.rpm
 2bc06d931706f57fa946822f9396ffd6  corporate/3.0/x86_64/perl-doc-5.8.3-5.6.C30mdk.x86_64.rpm 
 15b73b73ea6dd0de1100e1445690c034  corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm

 Corporate 4.0:
 e158109794ad5e71bc02f41adec150e1  corporate/4.0/i586/perl-5.8.7-3.3.20060mlcs4.i586.rpm
 03c680726cf01c3d8f25cb7d61d7bb10  corporate/4.0/i586/perl-base-5.8.7-3.3.20060mlcs4.i586.rpm
 51f55a3998dbcf2e9abcf821ffb3026f  corporate/4.0/i586/perl-devel-5.8.7-3.3.20060mlcs4.i586.rpm
 f936e8720be0d37223b8a97dc2ed2704  corporate/4.0/i586/perl-doc-5.8.7-3.3.20060mlcs4.i586.rpm
 b4068ddb2d92f4845c29a6b3ca8feef5  corporate/4.0/i586/perl-suid-5.8.7-3.3.20060mlcs4.i586.rpm 
 3b23f4612d0a011d50c5eb6960ffa5c4  corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 c42250a8c42a0e349102ff977c6659cc  corporate/4.0/x86_64/perl-5.8.7-3.3.20060mlcs4.x86_64.rpm
 82d2bcbda0229415464c10471f881517  corporate/4.0/x86_64/perl-base-5.8.7-3.3.20060mlcs4.x86_64.rpm
 7f07eddd92d4c49b3ee5c32c69d52996  corporate/4.0/x86_64/perl-devel-5.8.7-3.3.20060mlcs4.x86_64.rpm
 140b57c79fc305a52e13ce5550e7d05c  corporate/4.0/x86_64/perl-doc-5.8.7-3.3.20060mlcs4.x86_64.rpm
 ec3007ca202716e0c3872c37141fc2cc  corporate/4.0/x86_64/perl-suid-5.8.7-3.3.20060mlcs4.x86_64.rpm 
 3b23f4612d0a011d50c5eb6960ffa5c4  corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 8ea5d389e9ddd9ca2e1b78869ad14ca7  mnf/2.0/i586/perl-5.8.3-5.6.M20mdk.i586.rpm
 f53bd974980010568e5153578d628323  mnf/2.0/i586/perl-base-5.8.3-5.6.M20mdk.i586.rpm
 1335c295512b38ea524e201c66551132  mnf/2.0/i586/perl-devel-5.8.3-5.6.M20mdk.i586.rpm
 8e306b59ecbb8583d5c1e4e74ef62e34  mnf/2.0/i586/perl-doc-5.8.3-5.6.M20mdk.i586.rpm 
 7576ea8ec817978b4602f5bf4c3436c5  mnf/2.0/SRPMS/perl-5.8.3-5.6.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHL9FBmqjQ0CJFipgRAhxaAJ44oWRrf/Q1Zj9q+HP4Y3pj9Y8XugCg398H
Rl9c0TwvCe/HjAyI42+NhlU=
=o1R+
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ