Nom du paquet
perl
Date
2005-02-08
Advisory ID
MDKSA-2005:031
Affected versions
9.2 i586 , CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 9.2 amd64 , CS2.1 i586 , 10.1 x86_64

Problem description

Jeroen van Wolffelaar discovered that the rmtree() function in the perl File::Path module would remove directories in an insecure manner which could lead to the removal of arbitrary files and directories via a symlink attack (CAN-2004-0452). Trustix developers discovered several insecure uses of temporary files in many modules which could allow a local attacker to overwrite files via symlink attacks (CAN-2004-0976). "KF" discovered two vulnerabilities involving setuid-enabled perl scripts. By setting the PERLIO_DEBUG environment variable and calling an arbitrary setuid-root perl script, an attacker could overwrite arbitrary files with perl debug messages (CAN-2005-0155). As well, calling a setuid-root perl script with a very long path would cause a buffer overflow if PERLIO_DEBUG was set, which could be exploited to execute arbitrary files with root privileges (CAN-2005-0156). The provided packages have been patched to resolve these problems.

Updated packages

9.2 i586

 e20db560fd730715e15dfa8b86bdf64e  9.2/RPMS/perl-5.8.1-0.RC4.3.3.92mdk.i586.rpm
8b35db60de2b45267e2e7d6b5c91e9c5  9.2/RPMS/perl-base-5.8.1-0.RC4.3.3.92mdk.i586.rpm
938d58ea9c9a14b4562da53f65e6b98d  9.2/RPMS/perl-devel-5.8.1-0.RC4.3.3.92mdk.i586.rpm
826927185050c8390c260ea68e7c9b28  9.2/RPMS/perl-doc-5.8.1-0.RC4.3.3.92mdk.i586.rpm
42336c6aa22474e11e49da1334c01415  9.2/SRPMS/perl-5.8.1-0.RC4.3.3.92mdk.src.rpm

CS2.1 x86_64

 79543c5e27e4fad31b70c3b1f9f78c3e  x86_64/corporate/2.1/RPMS/perl-5.8.0-14.4.C21mdk.x86_64.rpm
df4d687f5974bc8aec71943f916b55e4  x86_64/corporate/2.1/RPMS/perl-base-5.8.0-14.4.C21mdk.x86_64.rpm
6e235994ebfd3d140b0a98a6ced85600  x86_64/corporate/2.1/RPMS/perl-devel-5.8.0-14.4.C21mdk.x86_64.rpm
c3e96a04b20424b4034c38e871110c43  x86_64/corporate/2.1/RPMS/perl-doc-5.8.0-14.4.C21mdk.x86_64.rpm
7320d6f6b55b6072b84adce5e8c24564  x86_64/corporate/2.1/SRPMS/perl-5.8.0-14.4.C21mdk.src.rpm

10.0 amd64

 6ef2826a08789b5a5818a87d5964a1a2  amd64/10.0/RPMS/perl-5.8.3-5.3.100mdk.amd64.rpm
c473bbbfec6d07ef351c5d2e755d873f  amd64/10.0/RPMS/perl-base-5.8.3-5.3.100mdk.amd64.rpm
736ec557782c41dd5e43a2ff31d0cc3e  amd64/10.0/RPMS/perl-devel-5.8.3-5.3.100mdk.amd64.rpm
a9ed51fa1e678f7481c74fc65c886f44  amd64/10.0/RPMS/perl-doc-5.8.3-5.3.100mdk.amd64.rpm
68a64ab9524c8494b9cafe243ca4207a  amd64/10.0/SRPMS/perl-5.8.3-5.3.100mdk.src.rpm

10.1 i586

 dc0072b42ada389f8d948435fb44337b  10.1/RPMS/perl-5.8.5-3.3.101mdk.i586.rpm
1e0c9f3256ff487d95011253abcac637  10.1/RPMS/perl-base-5.8.5-3.3.101mdk.i586.rpm
ff2ff682b097c8ce91d989858cfe87fc  10.1/RPMS/perl-devel-5.8.5-3.3.101mdk.i586.rpm
d2a4f038e99b1742b5e427eb508735c6  10.1/RPMS/perl-doc-5.8.5-3.3.101mdk.i586.rpm
6421bbaac9c9260c34f1503699a9c06d  10.1/SRPMS/perl-5.8.5-3.3.101mdk.src.rpm

10.0 i586

 03ef7fbe398819df299c12b60037452e  10.0/RPMS/perl-5.8.3-5.3.100mdk.i586.rpm
8c660b1461a18ea5d4115ce97d919400  10.0/RPMS/perl-base-5.8.3-5.3.100mdk.i586.rpm
4cea2d8402078460a305a2d5b35ded3f  10.0/RPMS/perl-devel-5.8.3-5.3.100mdk.i586.rpm
521c1c2a42672a5d8f59dd372a274427  10.0/RPMS/perl-doc-5.8.3-5.3.100mdk.i586.rpm
68a64ab9524c8494b9cafe243ca4207a  10.0/SRPMS/perl-5.8.3-5.3.100mdk.src.rpm

CS3.0 x86_64

 6f9cbbbecbd93e0a69f90b87911b975c  x86_64/corporate/3.0/RPMS/perl-5.8.3-5.3.C30mdk.x86_64.rpm
db36c037cd22e733423ee210dae671fe  x86_64/corporate/3.0/RPMS/perl-base-5.8.3-5.3.C30mdk.x86_64.rpm
abb4772f920cc0d2776dfda4e61f7f37  x86_64/corporate/3.0/RPMS/perl-devel-5.8.3-5.3.C30mdk.x86_64.rpm
7e2303ef39f8a35616cd3ee646faf224  x86_64/corporate/3.0/RPMS/perl-doc-5.8.3-5.3.C30mdk.x86_64.rpm
76f2ba5789d07ada7629f3fb4555214c  x86_64/corporate/3.0/SRPMS/perl-5.8.3-5.3.C30mdk.src.rpm

CS3.0 i586

 3ec85cecac7c9311d84808c4d606fad5  corporate/3.0/RPMS/perl-5.8.3-5.3.C30mdk.i586.rpm
eeb15059224b10ea1e38e7c295238ba2  corporate/3.0/RPMS/perl-base-5.8.3-5.3.C30mdk.i586.rpm
2725bd3ff3a4879e92e2a837d31d371f  corporate/3.0/RPMS/perl-devel-5.8.3-5.3.C30mdk.i586.rpm
83800acb6dff62a0283a4f4a63748769  corporate/3.0/RPMS/perl-doc-5.8.3-5.3.C30mdk.i586.rpm
76f2ba5789d07ada7629f3fb4555214c  corporate/3.0/SRPMS/perl-5.8.3-5.3.C30mdk.src.rpm

9.2 amd64

 7b90163d3bc050172ef2b962367944f7  amd64/9.2/RPMS/perl-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
3c9e8c95c1d3637111f88924798acfb1  amd64/9.2/RPMS/perl-base-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
28644f1effa1ecd3d4e8dcbc28d56e38  amd64/9.2/RPMS/perl-devel-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
89b774253bad6f9513685eab214680aa  amd64/9.2/RPMS/perl-doc-5.8.1-0.RC4.3.3.92mdk.amd64.rpm
42336c6aa22474e11e49da1334c01415  amd64/9.2/SRPMS/perl-5.8.1-0.RC4.3.3.92mdk.src.rpm

CS2.1 i586

 80ab375d58e13144188efb18d823be02  corporate/2.1/RPMS/perl-5.8.0-14.4.C21mdk.i586.rpm
1669ef10de0c263de5bcb1a6291b80e6  corporate/2.1/RPMS/perl-base-5.8.0-14.4.C21mdk.i586.rpm
b670e055bce7ec7c3cf9fed4c0a1b0bb  corporate/2.1/RPMS/perl-devel-5.8.0-14.4.C21mdk.i586.rpm
c6d3731abbbab36836a10098eec45632  corporate/2.1/RPMS/perl-doc-5.8.0-14.4.C21mdk.i586.rpm
7320d6f6b55b6072b84adce5e8c24564  corporate/2.1/SRPMS/perl-5.8.0-14.4.C21mdk.src.rpm

10.1 x86_64

 48e3ca61e5cdb1fdb6ab167368de39dd  x86_64/10.1/RPMS/perl-5.8.5-3.3.101mdk.x86_64.rpm
f105736fca96d67e29fedbed60e493d5  x86_64/10.1/RPMS/perl-base-5.8.5-3.3.101mdk.x86_64.rpm
a4d842d0548a9cd8b37ac95bdc3cf76f  x86_64/10.1/RPMS/perl-devel-5.8.5-3.3.101mdk.x86_64.rpm
c994694b34389bbd2f8f31a5a0912abd  x86_64/10.1/RPMS/perl-doc-5.8.5-3.3.101mdk.x86_64.rpm
6421bbaac9c9260c34f1503699a9c06d  x86_64/10.1/SRPMS/perl-5.8.5-3.3.101mdk.src.rpm

References