LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 10 Update: perl-5.10.0-73.fc10 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora This security update fixes an off-by-one overflow in Compress::Raw::Zlib (CVE-2009-1391) Moreover, it contains a subtle change to the configuration that does not affect the Perl interpreter itself, but fixes the propagation of the chosen options to the modules. For example, a rebuild of perl-Wx against perl-5.10.0-73 will fix bug 508496.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-7680
2009-07-15 20:00:47
--------------------------------------------------------------------------------

Name        : perl
Product     : Fedora 10
Version     : 5.10.0
Release     : 73.fc10
URL         : http://www.perl.org/
Summary     : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting.  Perl is good at handling processes and files,
and is especially good at handling text.  Perl's hallmarks are
practicality and efficiency.  While it is used to do a lot of
different things, Perl's most common applications are system
administration utilities and web programming.  A large proportion of
the CGI scripts on the web are written in Perl.  You need the perl
package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your
system to handle Perl scripts.

--------------------------------------------------------------------------------
Update Information:

This security update fixes an off-by-one overflow in Compress::Raw::Zlib
(CVE-2009-1391)  Moreover, it contains a subtle change to the configuration that
does not affect the Perl interpreter itself, but fixes the propagation of the
chosen options to the modules.  For example, a rebuild of perl-Wx against
perl-5.10.0-73 will fix bug 508496.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul  7 2009 Stepan Kasal  - 4:5.10.0-73
- re-enable tests
* Tue Jul  7 2009 Stepan Kasal  - 4:5.10.0-72
- move -DPERL_USE_SAFE_PUTENV to ccflags (#508496)
* Mon Jun  8 2009 Marcela Mašláňová  - 4:5.10.0-71
- #504386 update of Compress::Raw::Zlib 2.020
* Thu Jun  4 2009 Marcela Mašláňová  - 4:5.10.0-70
- update File::Spec (PathTools) to 3.30
* Wed Jun  3 2009 Stepan Kasal  - 4:5.10.0-69
- fix #221113, $! wrongly set when EOF is reached
* Fri Apr 10 2009 Marcela Mašláňová  - 4:5.10.0-68
- do not use quotes in patchlevel.h; it breaks installation from cpan (#495183)
* Tue Apr  7 2009 Stepan Kasal  - 4:5.10.0-67
- update CGI to 3.43, dropping upstreamed perl-CGI-escape.patch
* Tue Apr  7 2009 Stepan Kasal  - 4:5.10.0-66
- fix CGI::escape for all strings (#472571)
- perl-CGI-t-util-58.patch: Do not distort lib/CGI/t/util-58.t
  http://rt.perl.org/rt3/Ticket/Display.html?id=64502
* Fri Mar 27 2009 Stepan Kasal  - 4:5.10.0-65
- Move the gargantuan Changes* collection to -devel (#492605)
* Tue Mar 24 2009 Stepan Kasal  - 4:5.10.0-64
- update module autodie
* Mon Mar 23 2009 Stepan Kasal  - 4:5.10.0-63
- update Digest::SHA (fixes 489221)
* Wed Mar 11 2009 Tom "spot" Callaway  - 4:5.10.0-62
- drop 26_fix_pod2man_upgrade (don't need it)
- fix typo in %define ExtUtils_CBuilder_version
* Wed Mar 11 2009 Tom "spot" Callaway  - 4:5.10.0-61
- apply Change 34507: Fix memory leak in single-char character class optimization
- Reorder @INC, based on b9ba2fadb18b54e35e5de54f945111a56cbcb249
- fix Archive::Extract to fix test failure caused by tar >= 1.21
- Merge useful Debian patches
* Tue Mar 10 2009 Stepan Kasal  - 4:5.10.0-60
- remove compatibility obsolete sitelib directories
- use a better BuildRoot
- drop a redundant mkdir in %install
- call patchlevel.h only once; rm patchlevel.bak
- update modules Sys::Syslog, Module::Load::Conditional, Module::CoreList,
  Test::Harness, Test::Simple, CGI.pm (dropping the upstreamed patch),
  File::Path (that includes our perl-5.10.0-CVE-2008-2827.patch),
  constant, Pod::Simple, Archive::Tar, Archive::Extract, File::Fetch,
  File::Temp, IPC::Cmd, Time::HiRes, Module::Build, ExtUtils::CBuilder
- standardize the patches for updating embedded modules
- work around a bug in Module::Build tests bu setting TMPDIR to a directory
  inside the source tree
* Sun Mar  8 2009 Robert Scheck  - 4:5.10.0-59
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Mon Feb 16 2009 Tom "spot" Callaway  - 4:5.10.0-58
- add /usr/lib/perl5/site_perl to otherlibs (bz 484053)
* Mon Feb 16 2009 Dennis Gilmore  - 4:5.10.0-57
- build sparc64 without _smp_mflags
* Sat Feb  7 2009 Dennis Gilmore  - 4:5.10.0-56
- limit sparc builds to -j12
* Tue Feb  3 2009 Marcela Mašláňová  - 4:5.10.0-55
- update IPC::Cmd to v 0.42
* Mon Jan 19 2009 Marcela Mašláňová  - 4:5.10.0-54
- 455410 http://rt.perl.org/rt3/Public/Bug/Display.html?id=54934
  Attempt to free unreferenced scalar fiddling with the symbol table
  Keep the refcount of the globs generated by PerlIO::via balanced.
* Mon Dec 22 2008 Marcela Mašláňová  - 4:5.10.0-53
- add missing XHTML.pm into Pod::Simple
* Fri Dec 12 2008 Marcela Mašláňová  - 4:5.10.0-52
- 295021 CVE-2007-4829 perl-Archive-Tar directory traversal flaws
- add another source for binary files, which test untaring links
* Fri Nov 28 2008 Tom "spot" Callaway  - 4:5.10.0-51
- to fix Fedora bz 473223, which is really perl bug #54186 (http://rt.perl.org/rt3//Public/Bug/Display.html?id=54186)
  we apply Changes 33640, 33881, 33896, 33897
* Mon Nov 24 2008 Marcela Mašláňová  - 4:5.10.0-50
- change summary according to RFC fix summary discussion at fedora-devel :)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #504386 - Buffer overflow in Compress::Raw::Zlib
        https://bugzilla.redhat.com/show_bug.cgi?id=504386
  [ 2 ] Bug #508496 - Perl: symbol lookup error: .../Wx.so: undefined symbol: Perl_Guse_safe_putenv_ptr
        https://bugzilla.redhat.com/show_bug.cgi?id=508496
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.