Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: February 27th, 2015
Linux Security Week: February 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: perl several vulnerabilities fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joe Shakespeare   
Debian Several vulnerabilities have been discovered in Perl, the popular scripting language.

Debian Security Advisory DSA 620-1                                        Martin Schulze
December 30th, 2004           

Package        : perl
Vulnerability  : insecure temporary files / directories
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0452 CAN-2004-0976

Several vulnerabilities have been discovered in Perl, the popular
scripting language.  The Common Vulnerabilities and Exposures project
identifies the following problems:


    Jeroen van Wolffelaar discovered that the rmtree() function in the
    File::Path module removes directory trees in an insecure manner
    which could lead to the removal of arbitrary files and directories
    through a symlink attack.


    Trustix developers discovered several insecure uses of temporary
    files in many modules which allow a local attacker to overwrite
    files via a symlink attack.

For the stable distribution (woody) these problems have been fixed in
version 5.6.1-8.8.

For the unstable distribution (sid) these problems have been fixed in
version 5.8.4-5.

We recommend that you upgrade your perl packages.

Upgrade Instructions

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

  Source archives:
      Size/MD5 checksum:      687 bdc819ee60db1a3b36c3dca291f52ace
      Size/MD5 checksum:   172848 fd37736eb59a9818267ee7d857392ad7
      Size/MD5 checksum:  5983695 ec1ff15464809b562aecfaa2e65edba6

  Architecture independent components:
      Size/MD5 checksum:    31398 b3770a464c4829cffc57b6200d7aea5a
      Size/MD5 checksum:  3885590 67218848fb7f8d1c957c544e65cfec6f
      Size/MD5 checksum:  1278678 f9096ccecd9a4498710918630f5d1c33

  Alpha architecture:
      Size/MD5 checksum:   620330 89d10e31a2d585a5e21f03ced90588ae
      Size/MD5 checksum:   435780 f3f58d63f33ea7329643f3018557567c
      Size/MD5 checksum:  1217954 ddc314501497c8fccce05836440725b7
      Size/MD5 checksum:   209206 47f3505b8f00c927c8418ee7f738a4e4
      Size/MD5 checksum:  2826662 fcfc45b3c132e3cbe611e938f107dfc4
      Size/MD5 checksum:    34554 55824148ee93769d5cfa37b38e19ac8a

  ARM architecture:
      Size/MD5 checksum:   516708 6282cf2711efc7fa7e5d64ee3cb1878a
      Size/MD5 checksum:   362942 726aead8125fdf9511da4b9a78b7bbf0
      Size/MD5 checksum:  1164478 13138bd197201c32b928e4e5c3e0da54
      Size/MD5 checksum:   545864 650daeadb1be2bc86226e1807dc2e57c
      Size/MD5 checksum:  2307242 7e28620ac4894efdb57f9b57a8af0309
      Size/MD5 checksum:    29192 fadf45170059bf5215dd759c32c79c83

  Intel IA-32 architecture:
      Size/MD5 checksum:   424662 217c74330cb9c12cbd906aec43abe92f
      Size/MD5 checksum:   347978 15e1c64f422e6495fd92e09f02991814
      Size/MD5 checksum:  1150484 1569e8cbc55a2ec5babdadac0b925b12
      Size/MD5 checksum:   497242 250b97b266658e9b3c98967dd6947c99
      Size/MD5 checksum:  2119362 13ab60aa1701b7fce4b96de9a78e9261
      Size/MD5 checksum:    28422 e5235115cc02003dd3515a0d38f23b42

  Intel IA-64 architecture:
      Size/MD5 checksum:   703874 ea071c083351f2e07dc6e22bcc9dd1e8
      Size/MD5 checksum:   599450 87da2520a1ff7b157f7414999483ea7f
      Size/MD5 checksum:  1266726 2378fb694f478f3fe2549e0e792ceccb
      Size/MD5 checksum:   226952 43de968717f3e066e7e45aca8a0bb2e7
      Size/MD5 checksum:  3312698 46633fe22b1172ff9308bcf84633ab09
      Size/MD5 checksum:    44922 cee01e78831eb62247721e2599e28111

  HP Precision architecture:
      Size/MD5 checksum:   623320 ffa469711a7cacb5da07c6792b6c1f8a
      Size/MD5 checksum:   473736 428829e842147dcb2f4ec7dbe796bf44
      Size/MD5 checksum:  1211876 c3aa141e650e34c176f4ef33679b28e9
      Size/MD5 checksum:   209036 fbe5e0e56e8bef503795adb8fb84f7e6
      Size/MD5 checksum:  2288242 c7332174e8aa431a6af401f56db5b0b0
      Size/MD5 checksum:    33804 b912570681c8ce55f5231136ec9dd0bc

  Motorola 680x0 architecture:
      Size/MD5 checksum:   399798 49186a13c85be2507929b0088c80f936
      Size/MD5 checksum:   332256 89e19e7d6342f136eb61bad61f18ba25
      Size/MD5 checksum:  1149714 0371c82b59198887645e622b72e7773e
      Size/MD5 checksum:   192800 bc262c2f107d988d01f2225fe4a28045
      Size/MD5 checksum:  2132060 43e96b020e61cffc3a8424bc4456e6c7
      Size/MD5 checksum:    27480 e02b54b1d96473086606a0186de84fb9

  Big endian MIPS architecture:
      Size/MD5 checksum:   522884 ee28c8b9de23b790c88b09d911200c71
      Size/MD5 checksum:   364942 623317099dcf47d9f965540f85bdf61d
      Size/MD5 checksum:  1159462 2ebd6824e7dca7f318e34c503c892c87
      Size/MD5 checksum:   186418 f34f09eaa7c7cb665a853e67bd8bc5ca
      Size/MD5 checksum:  2408728 004e8b320e65ebaf43c214f17315fd4f
      Size/MD5 checksum:    28782 ef0b0c2d068d59101a0e6a7a52394d9f

  Little endian MIPS architecture:
      Size/MD5 checksum:   516638 f5d7aa7fd6a188e52343715f565cd985
      Size/MD5 checksum:   361566 20506e6d81d71a9f524ba8c9f0b46766
      Size/MD5 checksum:  1160560 6e52910c6d52fef4af1854273efc6b97
      Size/MD5 checksum:   185892 cb780795dc3a9f89dd3e928916d5697b
      Size/MD5 checksum:  2265696 faf3e90cf33d4a05ee89ad2dce10a731
      Size/MD5 checksum:    28350 8e100b6ffcc92dbb7ad8c39141a8fc13

  PowerPC architecture:
      Size/MD5 checksum:   567822 a389ce2f331fa7c6179b6acfe74b6fba
      Size/MD5 checksum:   400788 d7aa3166a880255702741a6ce677451d
      Size/MD5 checksum:  1183696 0516786d16de1fe0dc8d2bfbbb75802e
      Size/MD5 checksum:   202748 e0bc5ac3f0db9994cc5daee971ceb8ef
      Size/MD5 checksum:  2301288 1949a1e1e17ce1d72a8a4e63d9ae265b
      Size/MD5 checksum:    30562 ec46e881824909b063e7cefabb447232

  IBM S/390 architecture:
      Size/MD5 checksum:   456372 22ecdb672891c78e7a470879e10c52ff
      Size/MD5 checksum:   405162 71f677c4161e3facd5495072f8b2e0d8
      Size/MD5 checksum:  1168228 90823f3eb7a2dfcf8dd3daa1ae001c80
      Size/MD5 checksum:   191856 88ef0c0df432ed437a279c4945317833
      Size/MD5 checksum:  2210676 f7b7b1cbcda411f528eba1f8e6da1e85
      Size/MD5 checksum:    32538 15fe4b25d51edf730c078b49e16ac349

  Sun Sparc architecture:
      Size/MD5 checksum:   529204 c90d262455edb178c5ed486a84ce2c96
      Size/MD5 checksum:   404524 f7b7312b2e051d98c16278d329c0dfaf
      Size/MD5 checksum:  1192124 97287b68053e822bca53f5ae70e69eb4
      Size/MD5 checksum:   211732 0eb3277630c94eba2a98fa06a5fcd13e
      Size/MD5 checksum:  2285598 07d4569b34a0c0ec031b692ef4e06dc1
      Size/MD5 checksum:    30726 d5aaccf1c638201fdcaa9796f853fd50

  These files will probably be moved into the stable distribution on
  its next update.

For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show ' and

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
DDoS Exploit Targets Open Source Rejetto HFS
Gemalto Confirms It Was Hacked But Insists the NSA Didnít Get Its Crypto Keys
Hackers exploit router flaws in unusual pharming attack
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.