--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-7680
2009-07-15 20:00:47
--------------------------------------------------------------------------------

Name        : perl
Product     : Fedora 10
Version     : 5.10.0
Release     : 73.fc10
URL         : https://www.perl.org/
Summary     : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting.  Perl is good at handling processes and files,
and is especially good at handling text.  Perl's hallmarks are
practicality and efficiency.  While it is used to do a lot of
different things, Perl's most common applications are system
administration utilities and web programming.  A large proportion of
the CGI scripts on the web are written in Perl.  You need the perl
package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your
system to handle Perl scripts.

--------------------------------------------------------------------------------
Update Information:

This security update fixes an off-by-one overflow in Compress::Raw::Zlib
(CVE-2009-1391)  Moreover, it contains a subtle change to the configuration that
does not affect the Perl interpreter itself, but fixes the propagation of the
chosen options to the modules.  For example, a rebuild of perl-Wx against
perl-5.10.0-73 will fix bug 508496.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul  7 2009 Stepan Kasal  - 4:5.10.0-73
- re-enable tests
* Tue Jul  7 2009 Stepan Kasal  - 4:5.10.0-72
- move -DPERL_USE_SAFE_PUTENV to ccflags (#508496)
* Mon Jun  8 2009 Marcela Mašláňová  - 4:5.10.0-71
- #504386 update of Compress::Raw::Zlib 2.020
* Thu Jun  4 2009 Marcela Mašláňová  - 4:5.10.0-70
- update File::Spec (PathTools) to 3.30
* Wed Jun  3 2009 Stepan Kasal  - 4:5.10.0-69
- fix #221113, $! wrongly set when EOF is reached
* Fri Apr 10 2009 Marcela Mašláňová  - 4:5.10.0-68
- do not use quotes in patchlevel.h; it breaks installation from cpan (#495183)
* Tue Apr  7 2009 Stepan Kasal  - 4:5.10.0-67
- update CGI to 3.43, dropping upstreamed perl-CGI-escape.patch
* Tue Apr  7 2009 Stepan Kasal  - 4:5.10.0-66
- fix CGI::escape for all strings (#472571)
- perl-CGI-t-util-58.patch: Do not distort lib/CGI/t/util-58.t
  https://github.com/Perl/perl5/issues/9702
* Fri Mar 27 2009 Stepan Kasal  - 4:5.10.0-65
- Move the gargantuan Changes* collection to -devel (#492605)
* Tue Mar 24 2009 Stepan Kasal  - 4:5.10.0-64
- update module autodie
* Mon Mar 23 2009 Stepan Kasal  - 4:5.10.0-63
- update Digest::SHA (fixes 489221)
* Wed Mar 11 2009 Tom "spot" Callaway  - 4:5.10.0-62
- drop 26_fix_pod2man_upgrade (don't need it)
- fix typo in %define ExtUtils_CBuilder_version
* Wed Mar 11 2009 Tom "spot" Callaway  - 4:5.10.0-61
- apply Change 34507: Fix memory leak in single-char character class optimization
- Reorder @INC, based on b9ba2fadb18b54e35e5de54f945111a56cbcb249
- fix Archive::Extract to fix test failure caused by tar >= 1.21
- Merge useful Debian patches
* Tue Mar 10 2009 Stepan Kasal  - 4:5.10.0-60
- remove compatibility obsolete sitelib directories
- use a better BuildRoot
- drop a redundant mkdir in %install
- call patchlevel.h only once; rm patchlevel.bak
- update modules Sys::Syslog, Module::Load::Conditional, Module::CoreList,
  Test::Harness, Test::Simple, CGI.pm (dropping the upstreamed patch),
  File::Path (that includes our perl-5.10.0-CVE-2008-2827.patch),
  constant, Pod::Simple, Archive::Tar, Archive::Extract, File::Fetch,
  File::Temp, IPC::Cmd, Time::HiRes, Module::Build, ExtUtils::CBuilder
- standardize the patches for updating embedded modules
- work around a bug in Module::Build tests bu setting TMPDIR to a directory
  inside the source tree
* Sun Mar  8 2009 Robert Scheck  - 4:5.10.0-59
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Feb 16 2009 Tom "spot" Callaway  - 4:5.10.0-58
- add /usr/lib/perl5/site_perl to otherlibs (bz 484053)
* Mon Feb 16 2009 Dennis Gilmore  - 4:5.10.0-57
- build sparc64 without _smp_mflags
* Sat Feb  7 2009 Dennis Gilmore  - 4:5.10.0-56
- limit sparc builds to -j12
* Tue Feb  3 2009 Marcela Mašláňová  - 4:5.10.0-55
- update IPC::Cmd to v 0.42
* Mon Jan 19 2009 Marcela Mašláňová  - 4:5.10.0-54
- 455410 https://github.com/Perl/perl5/issues/9351
  Attempt to free unreferenced scalar fiddling with the symbol table
  Keep the refcount of the globs generated by PerlIO::via balanced.
* Mon Dec 22 2008 Marcela Mašláňová  - 4:5.10.0-53
- add missing XHTML.pm into Pod::Simple
* Fri Dec 12 2008 Marcela Mašláňová  - 4:5.10.0-52
- 295021 CVE-2007-4829 perl-Archive-Tar directory traversal flaws
- add another source for binary files, which test untaring links
* Fri Nov 28 2008 Tom "spot" Callaway  - 4:5.10.0-51
- to fix Fedora bz 473223, which is really perl bug #54186 (https://github.com/Perl/perl5/issues/9330)
  we apply Changes 33640, 33881, 33896, 33897
* Mon Nov 24 2008 Marcela Mašláňová  - 4:5.10.0-50
- change summary according to RFC fix summary discussion at fedora-devel :)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #504386 - Buffer overflow in Compress::Raw::Zlib
        https://bugzilla.redhat.com/show_bug.cgi?id=504386
  [ 2 ] Bug #508496 - Perl: symbol lookup error: .../Wx.so: undefined symbol: Perl_Guse_safe_putenv_ptr
        https://bugzilla.redhat.com/show_bug.cgi?id=508496
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 10 Update: perl-5.10.0-73.fc10

July 16, 2009
This security update fixes an off-by-one overflow in Compress::Raw::Zlib (CVE-2009-1391) Moreover, it contains a subtle change to the configuration that does not affect the Perl ...

Summary

Perl is a high-level programming language with roots in C, sed, awk

and shell scripting. Perl is good at handling processes and files,

and is especially good at handling text. Perl's hallmarks are

practicality and efficiency. While it is used to do a lot of

different things, Perl's most common applications are system

administration utilities and web programming. A large proportion of

the CGI scripts on the web are written in Perl. You need the perl

package installed on your system so that your system can handle Perl

scripts.

Install this package if you want to program in Perl or enable your

system to handle Perl scripts.

Update Information:

This security update fixes an off-by-one overflow in Compress::Raw::Zlib (CVE-2009-1391) Moreover, it contains a subtle change to the configuration that does not affect the Perl interpreter itself, but fixes the propagation of the chosen options to the modules. For example, a rebuild of perl-Wx against perl-5.10.0-73 will fix bug 508496.

Change Log

* Tue Jul 7 2009 Stepan Kasal - 4:5.10.0-73 - re-enable tests * Tue Jul 7 2009 Stepan Kasal - 4:5.10.0-72 - move -DPERL_USE_SAFE_PUTENV to ccflags (#508496) * Mon Jun 8 2009 Marcela Mašláňová - 4:5.10.0-71 - #504386 update of Compress::Raw::Zlib 2.020 * Thu Jun 4 2009 Marcela Mašláňová - 4:5.10.0-70 - update File::Spec (PathTools) to 3.30 * Wed Jun 3 2009 Stepan Kasal - 4:5.10.0-69 - fix #221113, $! wrongly set when EOF is reached * Fri Apr 10 2009 Marcela Mašláňová - 4:5.10.0-68 - do not use quotes in patchlevel.h; it breaks installation from cpan (#495183) * Tue Apr 7 2009 Stepan Kasal - 4:5.10.0-67 - update CGI to 3.43, dropping upstreamed perl-CGI-escape.patch * Tue Apr 7 2009 Stepan Kasal - 4:5.10.0-66 - fix CGI::escape for all strings (#472571) - perl-CGI-t-util-58.patch: Do not distort lib/CGI/t/util-58.t https://github.com/Perl/perl5/issues/9702 * Fri Mar 27 2009 Stepan Kasal - 4:5.10.0-65 - Move the gargantuan Changes* collection to -devel (#492605) * Tue Mar 24 2009 Stepan Kasal - 4:5.10.0-64 - update module autodie * Mon Mar 23 2009 Stepan Kasal - 4:5.10.0-63 - update Digest::SHA (fixes 489221) * Wed Mar 11 2009 Tom "spot" Callaway - 4:5.10.0-62 - drop 26_fix_pod2man_upgrade (don't need it) - fix typo in %define ExtUtils_CBuilder_version * Wed Mar 11 2009 Tom "spot" Callaway - 4:5.10.0-61 - apply Change 34507: Fix memory leak in single-char character class optimization - Reorder @INC, based on b9ba2fadb18b54e35e5de54f945111a56cbcb249 - fix Archive::Extract to fix test failure caused by tar >= 1.21 - Merge useful Debian patches * Tue Mar 10 2009 Stepan Kasal - 4:5.10.0-60 - remove compatibility obsolete sitelib directories - use a better BuildRoot - drop a redundant mkdir in %install - call patchlevel.h only once; rm patchlevel.bak - update modules Sys::Syslog, Module::Load::Conditional, Module::CoreList, Test::Harness, Test::Simple, CGI.pm (dropping the upstreamed patch), File::Path (that includes our perl-5.10.0-CVE-2008-2827.patch), constant, Pod::Simple, Archive::Tar, Archive::Extract, File::Fetch, File::Temp, IPC::Cmd, Time::HiRes, Module::Build, ExtUtils::CBuilder - standardize the patches for updating embedded modules - work around a bug in Module::Build tests bu setting TMPDIR to a directory inside the source tree * Sun Mar 8 2009 Robert Scheck - 4:5.10.0-59 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon Feb 16 2009 Tom "spot" Callaway - 4:5.10.0-58 - add /usr/lib/perl5/site_perl to otherlibs (bz 484053) * Mon Feb 16 2009 Dennis Gilmore - 4:5.10.0-57 - build sparc64 without _smp_mflags * Sat Feb 7 2009 Dennis Gilmore - 4:5.10.0-56 - limit sparc builds to -j12 * Tue Feb 3 2009 Marcela Mašláňová - 4:5.10.0-55 - update IPC::Cmd to v 0.42 * Mon Jan 19 2009 Marcela Mašláňová - 4:5.10.0-54 - 455410 https://github.com/Perl/perl5/issues/9351 Attempt to free unreferenced scalar fiddling with the symbol table Keep the refcount of the globs generated by PerlIO::via balanced. * Mon Dec 22 2008 Marcela Mašláňová - 4:5.10.0-53 - add missing XHTML.pm into Pod::Simple * Fri Dec 12 2008 Marcela Mašláňová - 4:5.10.0-52 - 295021 CVE-2007-4829 perl-Archive-Tar directory traversal flaws - add another source for binary files, which test untaring links * Fri Nov 28 2008 Tom "spot" Callaway - 4:5.10.0-51 - to fix Fedora bz 473223, which is really perl bug #54186 (https://github.com/Perl/perl5/issues/9330) we apply Changes 33640, 33881, 33896, 33897 * Mon Nov 24 2008 Marcela Mašláňová - 4:5.10.0-50 - change summary according to RFC fix summary discussion at fedora-devel :)

References

[ 1 ] Bug #504386 - Buffer overflow in Compress::Raw::Zlib https://bugzilla.redhat.com/show_bug.cgi?id=504386 [ 2 ] Bug #508496 - Perl: symbol lookup error: .../Wx.so: undefined symbol: Perl_Guse_safe_putenv_ptr https://bugzilla.redhat.com/show_bug.cgi?id=508496

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update perl' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : perl
Product : Fedora 10
Version : 5.10.0
Release : 73.fc10
URL : https://www.perl.org/
Summary : Practical Extraction and Report Language

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved