LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: Updated perl-DBI packages Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Javier Fernandez-Sanguino Pena disovered the perl5 DBI library created a temporary PID file in an insecure manner, which could be exploited by a malicious user to overwrite arbitrary files owned by the user executing the parts of the library. The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           perl-DBI
 Advisory ID:            MDKSA-2005:030
 Date:                   February 8th, 2005

 Affected versions:	 10.0, 10.1, 9.2, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Javier Fernandez-Sanguino Pena disovered the perl5 DBI library created
 a temporary PID file in an insecure manner, which could be exploited
 by a malicious user to overwrite arbitrary files owned by the user
 executing the parts of the library.
 
 The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0077
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 f183c93fbd101c2737cd4b800e53061a  10.0/RPMS/perl-DBI-1.40-2.1.100mdk.i586.rpm
 09c0f80516516bcfd6ada405cb4127c6  10.0/RPMS/perl-DBI-ProfileDumper-Apache-1.40-2.1.100mdk.i586.rpm
 8dd39d507ec177cf65625fc3c4fd4dec  10.0/RPMS/perl-DBI-proxy-1.40-2.1.100mdk.i586.rpm
 b04ab03347493fc4fdaa547beaa1c402  10.0/SRPMS/perl-DBI-1.40-2.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 0d93f83c6d47509b50958b9d348a01db  amd64/10.0/RPMS/perl-DBI-1.40-2.1.100mdk.amd64.rpm
 0c9e0a856cb8c5bc0d64e6a09a458c7e  amd64/10.0/RPMS/perl-DBI-ProfileDumper-Apache-1.40-2.1.100mdk.amd64.rpm
 e59eab73007bd4cd3d0a5eaf9a3ff726  amd64/10.0/RPMS/perl-DBI-proxy-1.40-2.1.100mdk.amd64.rpm
 b04ab03347493fc4fdaa547beaa1c402  amd64/10.0/SRPMS/perl-DBI-1.40-2.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 60364853bb7dee1839d3cb547afc8a19  10.1/RPMS/perl-DBI-1.43-2.1.101mdk.i586.rpm
 c8bced0d08e2a6b03fab4419aedab972  10.1/RPMS/perl-DBI-ProfileDumper-Apache-1.43-2.1.101mdk.i586.rpm
 ac431947526d375f027cb2be6bff135b  10.1/RPMS/perl-DBI-proxy-1.43-2.1.101mdk.i586.rpm
 9c05fd35c23434f0fb6847a0748db48a  10.1/SRPMS/perl-DBI-1.43-2.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 ca0563150d47a65af49d9da093aed768  x86_64/10.1/RPMS/perl-DBI-1.43-2.1.101mdk.x86_64.rpm
 1a07d1d235940e77b3f2ef5a567099ba  x86_64/10.1/RPMS/perl-DBI-ProfileDumper-Apache-1.43-2.1.101mdk.x86_64.rpm
 e862336b385924ee30cca15290d94c63  x86_64/10.1/RPMS/perl-DBI-proxy-1.43-2.1.101mdk.x86_64.rpm
 9c05fd35c23434f0fb6847a0748db48a  x86_64/10.1/SRPMS/perl-DBI-1.43-2.1.101mdk.src.rpm

 Corporate Server 2.1:
 4290a50a53b7a3145f22273340890e25  corporate/2.1/RPMS/perl-DBI-1.30-2.1.C21mdk.i586.rpm
 95f3824c3ea378dd8652f98a77fc74b8  corporate/2.1/SRPMS/perl-DBI-1.30-2.1.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 0a5209978e9af9a0e37dabd5b3662df1  x86_64/corporate/2.1/RPMS/perl-DBI-1.30-2.1.C21mdk.x86_64.rpm
 95f3824c3ea378dd8652f98a77fc74b8  x86_64/corporate/2.1/SRPMS/perl-DBI-1.30-2.1.C21mdk.src.rpm

 Corporate 3.0:
 d0f09892449d1a7da32be4cd40d2a1e7  corporate/3.0/RPMS/perl-DBI-1.40-2.1.C30mdk.i586.rpm
 04cb49b27561ff4efb6b2cd606798ff8  corporate/3.0/RPMS/perl-DBI-ProfileDumper-Apache-1.40-2.1.C30mdk.i586.rpm
 a84d893ebef5d564214ff6dd0f76e27a  corporate/3.0/RPMS/perl-DBI-proxy-1.40-2.1.C30mdk.i586.rpm
 ad3694699cb43081a6b992b4bcd6788d  corporate/3.0/SRPMS/perl-DBI-1.40-2.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 0de569b049473452b0cf6bc40c1026b7  x86_64/corporate/3.0/RPMS/perl-DBI-1.40-2.1.C30mdk.x86_64.rpm
 475cb6cd7d5c2cdecd49a7409be09fe3  x86_64/corporate/3.0/RPMS/perl-DBI-ProfileDumper-Apache-1.40-2.1.C30mdk.x86_64.rpm
 a0c8b92fc1fd0067737bca1904340d85  x86_64/corporate/3.0/RPMS/perl-DBI-proxy-1.40-2.1.C30mdk.x86_64.rpm
 ad3694699cb43081a6b992b4bcd6788d  x86_64/corporate/3.0/SRPMS/perl-DBI-1.40-2.1.C30mdk.src.rpm

 Mandrakelinux 9.2:
 1d6e74cc098dde364d8d3c7089077d19  9.2/RPMS/perl-DBI-1.38-1.1.92mdk.i586.rpm
 35e3e7129434381326444992443182c3  9.2/RPMS/perl-DBI-ProfileDumper-Apache-1.38-1.1.92mdk.i586.rpm
 fe4659a0fe8904279f522cb0579f0583  9.2/RPMS/perl-DBI-proxy-1.38-1.1.92mdk.i586.rpm
 fd0fe5bb7d22a89e7fa4842fd7de4532  9.2/SRPMS/perl-DBI-1.38-1.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 4cc7fc03b362947b8a1d2017ea0f8cf0  amd64/9.2/RPMS/perl-DBI-1.38-1.1.92mdk.amd64.rpm
 e97c932db73efc2b50159ac0b8e47af9  amd64/9.2/RPMS/perl-DBI-ProfileDumper-Apache-1.38-1.1.92mdk.amd64.rpm
 f93fb55dbd44219e84566c7774241fbc  amd64/9.2/RPMS/perl-DBI-proxy-1.38-1.1.92mdk.amd64.rpm
 fd0fe5bb7d22a89e7fa4842fd7de4532  amd64/9.2/SRPMS/perl-DBI-1.38-1.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
'Snowden effect' has changed cloud data security assumption, survey claims
Galaxy S5 fingerprint scanner hacked with glue mould
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.