LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New perl packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1556-2                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
April 27, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : perl
Vulnerability  : heap buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE Id         : CVE-2008-1927
Debian Bug     : 454792

An editorial mistake resulted in DSA-1556-1 not correctly applying the
required change, making it ineffective.  This DSA has been reissued as
DSA-1556-2.  We apologize for the inconvenience.  The text of the
original DSA follows.

It has been discovered that the Perl interpreter may encounter a buffer
overflow condition when compiling certain regular expressions containing
Unicode characters.  This also happens if the offending characters are
contained in a variable reference protected by the \Q...\E quoting
construct.  When encountering this condition, the Perl interpreter
typically crashes, but arbitrary code execution cannot be ruled out.

For the stable distribution (etch), this problem has been fixed in
version 5.8.8-7etch3.

The unstable distribution (sid) will be fixed soon.

We recommend that you upgrade your perl packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------


Source archives:

  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3.dsc
    Size/MD5 checksum:     1033 a64a02ca01379537d6b203f10b4057b0
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz
    Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3.diff.gz
    Size/MD5 checksum:    99389 ac6b2e452c2062c5e98148f55220b9f3

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch3_all.deb
    Size/MD5 checksum:  2313550 6150633786b45319e72c73ab60a20d5a
  http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch3_all.deb
    Size/MD5 checksum:  7348642 36d0578f3232446b96d10f3488c23949
  http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch3_all.deb
    Size/MD5 checksum:    41038 dfc3818aa0723f40b5ef8d5ca73d06e6

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_alpha.deb
    Size/MD5 checksum:  2928940 521789d9f4f06e19f38f2d80e60e57ca
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_alpha.deb
    Size/MD5 checksum:     1012 6ce87e637517b7fec825004a905114d5
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_alpha.deb
    Size/MD5 checksum:  4150130 aa2954d40e69b38fe52dfa61b079587e
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_alpha.deb
    Size/MD5 checksum:   880010 26b0f20c23af58b5338d9d299985f5eb
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_alpha.deb
    Size/MD5 checksum:   821768 a68207e952d88524c69ca2514f83da2c
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_alpha.deb
    Size/MD5 checksum:    36238 741dcafe355fbad6377c64e1efe99339

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_amd64.deb
    Size/MD5 checksum:   630678 14542161388a8c503c7a7abb6d33d4d4
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_amd64.deb
    Size/MD5 checksum:  2735170 cc9d44d140168420a31f976087a6848b
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_amd64.deb
    Size/MD5 checksum:     1010 650fb6254665901c0cb840f910954a11
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_amd64.deb
    Size/MD5 checksum:    32798 153d300bc6ffad71441acf04afde4803
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_amd64.deb
    Size/MD5 checksum:   809292 02d678a10a760c707043700080fe6677
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_amd64.deb
    Size/MD5 checksum:  4237990 6e0392904c08c4fba6bb93ee1ace7dd0

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_arm.deb
    Size/MD5 checksum:  3409592 23428b1370d50aad1f425feb1cff4559
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_arm.deb
    Size/MD5 checksum:    30344 c874fcfe16c4f6e3a53014fb6376e0cc
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_arm.deb
    Size/MD5 checksum:  2548190 f2a0f316e55c5f048132edda75149b22
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_arm.deb
    Size/MD5 checksum:   562106 3dc05aa3411b106ba3d3d2902f01c5b4
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_arm.deb
    Size/MD5 checksum:     1008 5b67dea39e217a3f0039b4f5a4d51c48
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_arm.deb
    Size/MD5 checksum:   759956 810ecc85a40cd4731c89be7c5f5151b3

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_hppa.deb
    Size/MD5 checksum:   694276 a8e08f8325c27edb5528356594dee301
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_hppa.deb
    Size/MD5 checksum:     1008 fb441621a9b8622675a63f82706ed4f1
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_hppa.deb
    Size/MD5 checksum:  2735400 b10f4ee6ada5dc2a1a42b26c5090c0e6
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_hppa.deb
    Size/MD5 checksum:  4198474 394b378c3188ac1ea1bd9cae71a138e3
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_hppa.deb
    Size/MD5 checksum:    33208 aeaec5068584da309184b6b937b00fdf
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_hppa.deb
    Size/MD5 checksum:   871692 7595034132ebbe7b65bb2e0ab739ea62

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_i386.deb
    Size/MD5 checksum:   585418 750a89f0e8ed51e7dd784010d37b22f2
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_i386.deb
    Size/MD5 checksum:   760444 84dfd960de2e6c3193ead1578fc6178a
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_i386.deb
    Size/MD5 checksum:  3583958 8903237c768dae6f34b07a1ba9684ba0
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_i386.deb
    Size/MD5 checksum:  2492000 cb7a9d05c896448251c5dae515055338
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_i386.deb
    Size/MD5 checksum:   527154 f004d1f671fdc770d34681548818891b
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_i386.deb
    Size/MD5 checksum:    32080 169b3dcf64d02aea0bd0f0b62aeb2019

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_ia64.deb
    Size/MD5 checksum:     1008 9f967c09935de60b9321c44d8894212e
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_ia64.deb
    Size/MD5 checksum:  3364466 046847298ebb320b86056452d23a92ab
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_ia64.deb
    Size/MD5 checksum:  4336102 6ff6abb8bfe16c094b9407bb215a168f
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_ia64.deb
    Size/MD5 checksum:    51280 2441994f1f61785a96fb56491849f42c
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_ia64.deb
    Size/MD5 checksum:   978068 4c29b16f2644716dcd77b00feeedfa1a
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_ia64.deb
    Size/MD5 checksum:  1153844 fceb380f514bebd80fa7d1ecaa41ec17

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_mips.deb
    Size/MD5 checksum:    32216 2ec36ff356503b6fc0c98faef0042c92
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_mips.deb
    Size/MD5 checksum:  3678900 e930f656b71e632628ee9e5ad083d4f6
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_mips.deb
    Size/MD5 checksum:   693964 c67ba860ab192c7941920d2de57f69ea
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_mips.deb
    Size/MD5 checksum:   785986 ec30eca10729b7a58bd1ee3878ff84b0
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_mips.deb
    Size/MD5 checksum:  2781968 e6e72cd6c93f50dc628e08af41dc2a26
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_mips.deb
    Size/MD5 checksum:     1010 b6f93cf6098eecd4fe06179f0dd47c23

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_mipsel.deb
    Size/MD5 checksum:  3413532 d440057cc724bfabd65917fc6184519b
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_mipsel.deb
    Size/MD5 checksum:    32334 b89c1cc895fdbcb309813e914434e83e
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_mipsel.deb
    Size/MD5 checksum:   784698 abf70292fa9e7f6100d810ee018f4c28
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_mipsel.deb
    Size/MD5 checksum:  2730374 ab73bdb814b408fe8bcca4ee395c4186
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_mipsel.deb
    Size/MD5 checksum:     1016 1c3f9b401b4982978a4d769e353b591b
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_mipsel.deb
    Size/MD5 checksum:   687348 bbf95de1cd60bb397b49b74e20ac161c

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_powerpc.deb
    Size/MD5 checksum:   810864 f261468604909329540da9dda685325b
  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_powerpc.deb
    Size/MD5 checksum:    32900 ba5131e5c331035c069d49c6ecaf9ddd
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_powerpc.deb
    Size/MD5 checksum:     1010 ee9735302fa6bd9baae584c85fe92231
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_powerpc.deb
    Size/MD5 checksum:  3824904 dc95a48f1c20c570c89fbb3a17d2fbf7
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_powerpc.deb
    Size/MD5 checksum:   653450 f0ce69e7c51dfc23776b9a0ab09fca16
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_powerpc.deb
    Size/MD5 checksum:  2710134 e10ba40f94badd889ed8c8a53c1c4a17

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_s390.deb
    Size/MD5 checksum:    33094 09c33ce5eecc5c81c66b99ee79dad2cf
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_s390.deb
    Size/MD5 checksum:  4100014 d2abb0aa96cbe52bb8cbb8943c256e98
  http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_s390.deb
    Size/MD5 checksum:     1006 a8ad39eaa80c40d019a9282feca516b7
  http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_s390.deb
    Size/MD5 checksum:  2796644 212c95d164c8b2b7d72ce2906e49cbd2
  http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_s390.deb
    Size/MD5 checksum:   823450 14a09f800b956d85ba8b511eb8a79ebd
  http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_s390.deb
    Size/MD5 checksum:   633594 d95e0efda1f3d1c28d21a13dc0ded77b


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Four fake Google haxbots hit YOUR WEBSITE every day
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
What I Learned from Edward Snowden at the Hacker Conference
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.