Support / Sécurité / Annonces de sécurité / Corporate Server 1.0.1 / MDKSA-2001:027

Nom du paquet: eperl
Date: 2001-03-07
Advisory ID: MDKSA-2001:027
Affected versions: 7.2 i586 , 7.1 i586 , CS1.0 i586

Problem description

Several potential buffer overflows in the ePerl package have been found by Fumitoshi Ukai and Denis Barbier. When eperl is installed setuid root, it can switch to the UID/GID of the script's owner. Although Linux-Mandrake does not ship the program setuid root, this is a useful feature which some users may have activated locally on their own. There is also the potential for a remote vulnerability as well.

Updated packages

7.2 i586

 e48bdd9d10fadb000650592dc97c601d  7.2/RPMS/eperl-2.2.14-7.1mdk.i586.rpm
6c4caf6f01729418940a5b266ca34969  7.2/SRPMS/eperl-2.2.14-7.1mdk.src.rpm

7.1 i586

 29d22c99cf995c7dd90f34467e0ae202  7.1/RPMS/eperl-2.2.14-7.2mdk.i586.rpm
405b9b51f07abeb04809453c1b5eb7b6  7.1/SRPMS/eperl-2.2.14-7.2mdk.src.rpm

CS1.0 i586

 29d22c99cf995c7dd90f34467e0ae202  1.0.1/RPMS/eperl-2.2.14-7.2mdk.i586.rpm
405b9b51f07abeb04809453c1b5eb7b6  1.0.1/SRPMS/eperl-2.2.14-7.2mdk.src.rpm