LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated perl package fixes format string vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Jack Louis discovered a new way to exploit format string errors in the Perl programming language that could lead to the execution of arbitrary code.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:225
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : perl
 Date    : December 8, 2005
 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Jack Louis discovered a new way to exploit format string errors in the
 Perl programming language that could lead to the execution of
 arbitrary code.
 
 The updated packages are patched to close the particular exploit
 vector in Perl itself, to mitigate the risk of format string
 programming errors, however it does not fix problems that may exist
 in particular pieces of software written in Perl.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3962
 http://www.dyadsecurity.com/perl-0002.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 fd77af9b7802f41c22d4902b456fdb32  10.1/RPMS/perl-5.8.5-3.5.101mdk.i586.rpm
 49c6b964236039da921a3a0a08105316  10.1/RPMS/perl-base-5.8.5-3.5.101mdk.i586.rpm
 01ad564838030c9992ea70b8fa2261c5  10.1/RPMS/perl-devel-5.8.5-3.5.101mdk.i586.rpm
 3ff0b066b2b67c9d6f0d6d5d757ed67e  10.1/RPMS/perl-doc-5.8.5-3.5.101mdk.i586.rpm
 1e6de184d2c018701d5bc93c60610789  10.1/SRPMS/perl-5.8.5-3.5.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 4fef93b585d891e863588f99c0ddd18d  x86_64/10.1/RPMS/perl-5.8.5-3.5.101mdk.x86_64.rpm
 9b31454c7a74aa9cab7219ca627100e0  x86_64/10.1/RPMS/perl-base-5.8.5-3.5.101mdk.x86_64.rpm
 1b7708eb96804787524bf34bded09edf  x86_64/10.1/RPMS/perl-devel-5.8.5-3.5.101mdk.x86_64.rpm
 cd197160854346c39854f060a9a18d5c  x86_64/10.1/RPMS/perl-doc-5.8.5-3.5.101mdk.x86_64.rpm
 1e6de184d2c018701d5bc93c60610789  x86_64/10.1/SRPMS/perl-5.8.5-3.5.101mdk.src.rpm

 Mandriva Linux 10.2:
 32b1b7a39b8e0781df41e57188fe5c97  10.2/RPMS/perl-5.8.6-6.2.102mdk.i586.rpm
 05ae3f918377371783c491027b081e92  10.2/RPMS/perl-base-5.8.6-6.2.102mdk.i586.rpm
 2c5b07488636b42b1b15f40b220fd1fd  10.2/RPMS/perl-devel-5.8.6-6.2.102mdk.i586.rpm
 c116213d8e3e30407ba994b281d03f52  10.2/RPMS/perl-doc-5.8.6-6.2.102mdk.i586.rpm
 54c3f67fd42027442a0f589f2ad9dcec  10.2/SRPMS/perl-5.8.6-6.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 e0890eb10b116c824c3f9a173097c60e  x86_64/10.2/RPMS/perl-5.8.6-6.2.102mdk.x86_64.rpm
 75aa18ee9d21d40a639baaee28b238f4  x86_64/10.2/RPMS/perl-base-5.8.6-6.2.102mdk.x86_64.rpm
 1dc42978eb832156c82042ece5c616d9  x86_64/10.2/RPMS/perl-devel-5.8.6-6.2.102mdk.x86_64.rpm
 c4b0b1c2f41d8ab442202136572ec553  x86_64/10.2/RPMS/perl-doc-5.8.6-6.2.102mdk.x86_64.rpm
 54c3f67fd42027442a0f589f2ad9dcec  x86_64/10.2/SRPMS/perl-5.8.6-6.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 6333d4baa23e9bc27340ab30d6f6f9fd  2006.0/RPMS/perl-5.8.7-3.2.20060mdk.i586.rpm
 d91a62f81461a51dfffa6dd8e15b6ab4  2006.0/RPMS/perl-base-5.8.7-3.2.20060mdk.i586.rpm
 7d8ec79ab483544765c236c3b7e1ba0f  2006.0/RPMS/perl-devel-5.8.7-3.2.20060mdk.i586.rpm
 af9b52f68ce3eaf066a21694924a3f22  2006.0/RPMS/perl-doc-5.8.7-3.2.20060mdk.i586.rpm
 ff8a844680f7df737431fb9c82c5f50d  2006.0/RPMS/perl-suid-5.8.7-3.2.20060mdk.i586.rpm
 acde621a5890ff325a1ad8ffe83dc1ca  2006.0/SRPMS/perl-5.8.7-3.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 c1fc32b114cd8b2b0af431208da6beaf  x86_64/2006.0/RPMS/perl-5.8.7-3.2.20060mdk.x86_64.rpm
 ebf3e1e5460c9362e3a0fc77dcbddad5  x86_64/2006.0/RPMS/perl-base-5.8.7-3.2.20060mdk.x86_64.rpm
 ced9d56a6b9ae7196397f9d7b8e1e41f  x86_64/2006.0/RPMS/perl-devel-5.8.7-3.2.20060mdk.x86_64.rpm
 896727d0819ed6161229f4c8722a67fc  x86_64/2006.0/RPMS/perl-doc-5.8.7-3.2.20060mdk.x86_64.rpm
 241e526b1892577f35663073adcc4a97  x86_64/2006.0/RPMS/perl-suid-5.8.7-3.2.20060mdk.x86_64.rpm
 acde621a5890ff325a1ad8ffe83dc1ca  x86_64/2006.0/SRPMS/perl-5.8.7-3.2.20060mdk.src.rpm

 Corporate Server 2.1:
 d20049231eead3d45b0b9281e1decb4c  corporate/2.1/RPMS/perl-5.8.0-14.6.C21mdk.i586.rpm
 5da0de8e1beeba847d3576a7a06a496e  corporate/2.1/RPMS/perl-base-5.8.0-14.6.C21mdk.i586.rpm
 09a1f64c8b71c473bc0779720defa812  corporate/2.1/RPMS/perl-devel-5.8.0-14.6.C21mdk.i586.rpm
 512a995b03bc5e0c1d2dd22c7b326510  corporate/2.1/RPMS/perl-doc-5.8.0-14.6.C21mdk.i586.rpm
 1b6f22e9b27bf9dc6e029b129c64f17d  corporate/2.1/SRPMS/perl-5.8.0-14.6.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 5d2d2f4908b9c6e8f51d6bb8d961eebe  x86_64/corporate/2.1/RPMS/perl-5.8.0-14.6.C21mdk.x86_64.rpm
 5b72479d3df3ae87fa4edf2a105e748d  x86_64/corporate/2.1/RPMS/perl-base-5.8.0-14.6.C21mdk.x86_64.rpm
 3559e60ed31815f3902b75df42afc3d7  x86_64/corporate/2.1/RPMS/perl-devel-5.8.0-14.6.C21mdk.x86_64.rpm
 00a8c82a911814a113ae2eaf6915d47b  x86_64/corporate/2.1/RPMS/perl-doc-5.8.0-14.6.C21mdk.x86_64.rpm
 1b6f22e9b27bf9dc6e029b129c64f17d  x86_64/corporate/2.1/SRPMS/perl-5.8.0-14.6.C21mdk.src.rpm

 Corporate 3.0:
 7b1917b673681d9de4e4737af0b121c8  corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.i586.rpm
 2ddb28f87a9ab94bfda90fc476da3805  corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.i586.rpm
 c939615d266f5fa4ed1755ce31915dde  corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.i586.rpm
 ca449fac6c286d5bbd0c3bd137316e98  corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.i586.rpm
 d3a7de2cfc352459b85cdc261b57d1e6  corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 4578c3ad7a7c4fd87086ac571478ae1b  x86_64/corporate/3.0/RPMS/perl-5.8.3-5.5.C30mdk.x86_64.rpm
 bbe873bc27e07d05c7d4846edd34acec  x86_64/corporate/3.0/RPMS/perl-base-5.8.3-5.5.C30mdk.x86_64.rpm
 833889de8df484c212c69a1e658f5ffe  x86_64/corporate/3.0/RPMS/perl-devel-5.8.3-5.5.C30mdk.x86_64.rpm
 c9dbf8d3ca9715e33bbc664efc2dca24  x86_64/corporate/3.0/RPMS/perl-doc-5.8.3-5.5.C30mdk.x86_64.rpm
 d3a7de2cfc352459b85cdc261b57d1e6  x86_64/corporate/3.0/SRPMS/perl-5.8.3-5.5.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 0f29d338645e61084cf87953c331c87e  mnf/2.0/RPMS/perl-5.8.3-5.5.M20mdk.i586.rpm
 fee6e3863a13cd043b29ae0fcd053221  mnf/2.0/RPMS/perl-base-5.8.3-5.5.M20mdk.i586.rpm
 be47c56a9ae307c338031dcb5194e491  mnf/2.0/RPMS/perl-devel-5.8.3-5.5.M20mdk.i586.rpm
 d0c6075c99103eb8b3bea0a38d1c9cdf  mnf/2.0/RPMS/perl-doc-5.8.3-5.5.M20mdk.i586.rpm
 8ce4eff23c4dd50c5bbaef75b69c5482  mnf/2.0/SRPMS/perl-5.8.3-5.5.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Removes SSLv3 Fallback Support From Chrome
Hacker Lexicon: What Is End-to-End Encryption?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.