lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <E1QMffV-0007qn-3J@titan.mandriva.com>
Date: Wed, 18 May 2011 14:16:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:091 ] perl

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:091
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : perl
 Date    : May 18, 2011
 Affected: 2009.0, 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in perl:
 
 The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl
 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11,
 do not apply the taint attribute to the return value upon processing
 tainted input, which might allow context-dependent attackers to bypass
 the taint protection mechanism via a crafted string (CVE-2011-1487).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1487
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 2a65372592d0aa2c0cef14fa13ba5077  2009.0/i586/perl-5.10.0-25.3mdv2009.0.i586.rpm
 6f58332a55ba293deadfbb80827f3df2  2009.0/i586/perl-base-5.10.0-25.3mdv2009.0.i586.rpm
 9b84814dc9335dfcb0dc3ad402ba289c  2009.0/i586/perl-devel-5.10.0-25.3mdv2009.0.i586.rpm
 15809dc26b65fb45bd2990890da238c8  2009.0/i586/perl-doc-5.10.0-25.3mdv2009.0.i586.rpm
 7ddd98eb40b0fc7665b6c9ac031726c4  2009.0/i586/perl-suid-5.10.0-25.3mdv2009.0.i586.rpm 
 1f77907edc97bdcf531167624d550f28  2009.0/SRPMS/perl-5.10.0-25.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 d2967b835c46d4a50799f687e63537c2  2009.0/x86_64/perl-5.10.0-25.3mdv2009.0.x86_64.rpm
 21fb8ac662f6f9cc95e144799c3eeea7  2009.0/x86_64/perl-base-5.10.0-25.3mdv2009.0.x86_64.rpm
 0307aa3f955e16707bff7eaec5ca57a5  2009.0/x86_64/perl-devel-5.10.0-25.3mdv2009.0.x86_64.rpm
 958e3ebf4bb38459ff3d21d38119df68  2009.0/x86_64/perl-doc-5.10.0-25.3mdv2009.0.x86_64.rpm
 a14c1467114914387ceddf49093f6bc5  2009.0/x86_64/perl-suid-5.10.0-25.3mdv2009.0.x86_64.rpm 
 1f77907edc97bdcf531167624d550f28  2009.0/SRPMS/perl-5.10.0-25.3mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 6a0a7a6bda22faddbaddb2c66c1b11be  2010.1/i586/perl-5.10.1-10.1mdv2010.2.i586.rpm
 e798818652a1441aaad1f0add4af3fc2  2010.1/i586/perl-base-5.10.1-10.1mdv2010.2.i586.rpm
 e05a85dacf0addcc34a80f785778ffe7  2010.1/i586/perl-devel-5.10.1-10.1mdv2010.2.i586.rpm
 881b5bfbc78edeef78d3e69783c9583b  2010.1/i586/perl-doc-5.10.1-10.1mdv2010.2.i586.rpm
 c96eb3207cb689bdf7bdd25d91198c00  2010.1/i586/perl-suid-5.10.1-10.1mdv2010.2.i586.rpm 
 7f53e901f0d6a3298da34c4886b3002a  2010.1/SRPMS/perl-5.10.1-10.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 c532e3e57436bb60698a64e7cd0f0865  2010.1/x86_64/perl-5.10.1-10.1mdv2010.2.x86_64.rpm
 9ee737d8a025526d9148b45459e5366c  2010.1/x86_64/perl-base-5.10.1-10.1mdv2010.2.x86_64.rpm
 523c62e21eba8794b02e1de16e9ea7ef  2010.1/x86_64/perl-devel-5.10.1-10.1mdv2010.2.x86_64.rpm
 e8bc7352e949fe1633f49243838a91e6  2010.1/x86_64/perl-doc-5.10.1-10.1mdv2010.2.x86_64.rpm
 74ffa4ed9f3830c2a1994e0c7ccbb462  2010.1/x86_64/perl-suid-5.10.1-10.1mdv2010.2.x86_64.rpm 
 7f53e901f0d6a3298da34c4886b3002a  2010.1/SRPMS/perl-5.10.1-10.1mdv2010.2.src.rpm

 Mandriva Enterprise Server 5:
 184b241715dfb45ab0462b4c162a7f80  mes5/i586/perl-5.10.0-25.3mdvmes5.2.i586.rpm
 3a1b3fcdc01c9e057ad9e188948d7e4e  mes5/i586/perl-base-5.10.0-25.3mdvmes5.2.i586.rpm
 a6560d89ae718928aecbb8084dfc37d6  mes5/i586/perl-devel-5.10.0-25.3mdvmes5.2.i586.rpm
 beff68da2c44504c13eaa935f1febd94  mes5/i586/perl-doc-5.10.0-25.3mdvmes5.2.i586.rpm
 25fa94fb16affee8234d0b393318238c  mes5/i586/perl-suid-5.10.0-25.3mdvmes5.2.i586.rpm 
 b7595e3b4c5c860bd6cde2d9148e36a7  mes5/SRPMS/perl-5.10.0-25.3mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 9cb402b02a1535c0d6fb84d32189a325  mes5/x86_64/perl-5.10.0-25.3mdvmes5.2.x86_64.rpm
 f57820d42b7c7b6371cb8d7d45f83e11  mes5/x86_64/perl-base-5.10.0-25.3mdvmes5.2.x86_64.rpm
 1711e6bcdcea29f57481f20dd1f8e185  mes5/x86_64/perl-devel-5.10.0-25.3mdvmes5.2.x86_64.rpm
 d7ecd8441d5c9ed909c7ad8e084469b3  mes5/x86_64/perl-doc-5.10.0-25.3mdvmes5.2.x86_64.rpm
 4549c6ee80c14e38a1a85fff5a262ec4  mes5/x86_64/perl-suid-5.10.0-25.3mdvmes5.2.x86_64.rpm 
 b7595e3b4c5c860bd6cde2d9148e36a7  mes5/SRPMS/perl-5.10.0-25.3mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFN04kBmqjQ0CJFipgRAhhmAKCJ6p7gXv/dw58YZnh3ApL+EthUJQCgr/sz
/InIkPKUNVJBsEI7nWnLx3w=
=9jqJ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ