LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New Perl packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Jack Louis discovered an integer overflow in Perl, Larry Wall's Practical Extraction and Report Language, that allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via specially crafted content that is passed to vulnerable format strings of third party software.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 943-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 16th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : perl
Vulnerability  : integer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2005-3962
Debian Bug     : 341542

Jack Louis discovered an integer overflow in Perl, Larry Wall's
Practical Extraction and Report Language, that allows attackers to
overwrite arbitrary memory and possibly execute arbitrary code via
specially crafted content that is passed to vulnerable format strings
of third party software.

The old stable distribution (woody) does not seem to be affected by
this problem.

For the stable distribution (sarge) this problem has been fixed in
version 5.8.4-8sarge3.

For the unstable distribution (sid) this problem has been fixed in
version 5.8.7-9.

We recommend that you upgrade your perl packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.dsc
      Size/MD5 checksum:      738 88756767017d421351e02a5226457d2b
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.diff.gz
      Size/MD5 checksum:    87851 05a72533cd5bde5fce6987cf39041236
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4.orig.tar.gz
      Size/MD5 checksum: 12094233 912050a9cb6b0f415b76ba56052fb4cf

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.4-8sarge3_all.deb
      Size/MD5 checksum:    38332 7d47e456c2bd7c83312bb1ad17738284
    http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.4-8sarge3_all.deb
      Size/MD5 checksum:  7053372 47e14a8f071c506916e40713e8cc81f7
    http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.4-8sarge3_all.deb
      Size/MD5 checksum:  2178216 4823e4985f8cf1b4af78ec26afbc0102

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:   805438 0e3cb34c8c093515c7b33fa60a493899
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:     1040 f82603c65e3f3def2356962111e411c2
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:  3901974 f744b7b871a8071cb403a74d665b7778
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:   874714 26e450d8f0375e5a3545c2988205cee4
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:  4133098 cf772af3fa70e0cf320b43964aeab61e
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_alpha.deb
      Size/MD5 checksum:    37080 d3863820eaebcbbbe59775a1874da2eb

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:   605284 c6e097980b5dec33bb340e8f4c76de19
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:     1030 08b7c6bb0bb58a02a254826cfee27e33
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:  3834144 e7f33d48427be694e994c18f7321d9e0
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:   791678 bdbedf5f0e3efb20181a0665d791c6de
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:  3934814 ed946cdd2984a538b60acbd034264947
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_amd64.deb
      Size/MD5 checksum:    32852 ae96f1f115505ab983ed389dee240a83

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:   613158 30cd5528198d49208274e50e60611b0a
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:     1026 fc64aa8b67f46fcccb6d85db7cb242ad
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:  3132808 226a69d4fa30d1e0a40f4d761826c230
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:   737524 b4aaf84bd60fef147d1131c5ffbc6a0a
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:  3719460 8e8d12058f9f7fb9e153d4c3ff79d0f4
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_arm.deb
      Size/MD5 checksum:    29880 faa9dc0401eb667e202e12f2d2cf9643

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:   567048 8488e40844019795a1179a2b9a74f172
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:   508818 66f7900d63a2efb0a787e83186613a98
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:  3237948 5841d065408022fb2fe0e75febc02d9d
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:   751956 b77e882ed9558a09398c2fba334e5b4a
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:  3735798 bb034b2e756aa35cd5fa9e01a0485b13
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_i386.deb
      Size/MD5 checksum:    31696 d2c9b1fbc10e89e7868e16fb4c97700d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:   866818 3419fdaff605b7ddd485a205c1dd1661
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:     1030 c41835cc5573c0e53610e79766b88d11
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:  4027834 28436948c3dd298ad38b3c46f69f2cb4
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:  1046750 1a70c30abb13449d00a2b34c17c79f17
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:  4534216 49cdfeada4c40365e2392a768739d706
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_ia64.deb
      Size/MD5 checksum:    50104 770378e5ac290729b2943d956cad9c57

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:   654878 5f8ad153b0a27e9190e5b754e8174ee7
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:     1032 4de6d72cf1f61d6754475a0dd1fe4561
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:  3918544 0f83d76853299d10f98842b15b8e7db1
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:   867566 cb3a0eb20c71bd8017853de9ea838f7f
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:  3911882 fd55c787eb9f30f2e143fac490ea4198
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_hppa.deb
      Size/MD5 checksum:    34484 e3df6ab97d5e68cbb6346240e4532efc

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:   457778 f25f1ebbbb4a5ce7b7a4a79c6256987e
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:     1040 9882ea5db94e569a35209a66c74bb390
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:  3815032 321dd2b80abad424b678f260d18f323a
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:   692196 733bfa10857d842bd907f408b03a8b3d
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:  3008672 81a0d0613ebe7b9affcd56174e1f955c
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_m68k.deb
      Size/MD5 checksum:    27934 68de12bace4cf3de7a339b25119b1611

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:   657066 7e2c9980c630b3aa1e60348a4998665a
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:     1032 3da5c1e82b6194beac8fe7020a38d7a3
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:  3384320 edfa53822abb7626b2bfd6ac4d5923df
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:   781078 f4a7b2e1bbd95c9381503b382d35ba58
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:  4017490 ddca3a084b7c9f1b841bd3f93e39a1d0
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mips.deb
      Size/MD5 checksum:    32314 51f707f1c1d3df1c3ad05dc545512c10

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:   653526 e7a527c0ed8475df75b3803690081445
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:     1038 e7b83c957a6c6822ee5614574653d80e
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:  3125384 4446da60977e961ca64ec93a331b0803
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:   781672 14e3d605298699dc99e2e5e20310c6b2
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:  3967890 3ab0c5407e2b5816ad55e47d7c256869
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mipsel.deb
      Size/MD5 checksum:    32434 4f171621c453755b731ce34bad930a62

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:   625118 41b2364e5073cd1e177fd6c3e5f455c5
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:     1038 2d18de4839ef016646127f4a104f17a1
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:  3509324 77fe7a0288d42bbe7abc9357682cdc1b
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:   790116 9e189589ef99e78d0f0ddef4fb06440e
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:  3701264 886260a4033209be2431ff908cc032e5
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_powerpc.deb
      Size/MD5 checksum:    33582 ec48dc685b7ac64fb722458e0954edc8

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:   604116 a2e6f8ee63267dfcf3df2e05f92ce958
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:     1032 4d6c1ce7b2f9789fc31cc2440f39a832
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:  3819738 c9523a97cd0716e67821dd6e7508615f
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:   800132 ebfc849dbaf0be2afa771a3d5b632467
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:  4234804 30fcc4ea55599b8365a0f96153755466
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_s390.deb
      Size/MD5 checksum:    33244 a55373a563d2546d1286f7fb4de11710

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:   582422 8ec81b47b82fdb3602c42c6fa0559793
    http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:     1038 ebbf066210ca33b4282cf347cc771cca
    http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:  3547312 a609080c2c788fd382f970c21b22d9e7
    http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:   775666 0e0a56ce4bb224e7bc96ea68ac741d8b
    http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:  3840718 e9ded2d7974b51fbf7933b455b45b604
    http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_sparc.deb
      Size/MD5 checksum:    31034 8cf1966a2428838c58f0fab423b8e16a


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.