<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:079 - Updated perl packages to fix rmtree vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           perl
 Advisory ID:            MDKSA-2005:079
 Date:                   April 28th, 2005

 Affected versions:      10.0, 10.1, 10.2, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Paul Szabo discovered another vulnerability in the rmtree() function
 in File::Path.pm. While a process running as root (or another user)
 was busy deleting a directory tree, a different user could exploit a
 race condition to create setuid binaries in this directory tree,
 provided that he already had write permissions in any subdirectory of
 that tree.
 
 The provided packages have been patched to resolve this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0448
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 88055e94b92e108fbc1428fcaf4f265a  10.0/RPMS/perl-5.8.3-5.4.100mdk.i586.rpm
 517b94573fc17099711ef317a86710cc  10.0/RPMS/perl-base-5.8.3-5.4.100mdk.i586.rpm
 5668ed0c2cd80c190d951db58c6e057a  
10.0/RPMS/perl-devel-5.8.3-5.4.100mdk.i586.rpm
 d0368301ec94bc79e764f65c19ca052c  10.0/RPMS/perl-doc-5.8.3-5.4.100mdk.i586.rpm
 9e45412135477515a4d14ede715f260a  10.0/SRPMS/perl-5.8.3-5.4.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 083124ec0b033d2712c5305981e6b312  
amd64/10.0/RPMS/perl-5.8.3-5.4.100mdk.amd64.rpm
 9f0686791ecdbc0ce1068f87ba5fb6ce  
amd64/10.0/RPMS/perl-base-5.8.3-5.4.100mdk.amd64.rpm
 10e735961919dca461355c42a417aed7  
amd64/10.0/RPMS/perl-devel-5.8.3-5.4.100mdk.amd64.rpm
 9c28ffc8b1858976165f783dce671210  
amd64/10.0/RPMS/perl-doc-5.8.3-5.4.100mdk.amd64.rpm
 9e45412135477515a4d14ede715f260a  
amd64/10.0/SRPMS/perl-5.8.3-5.4.100mdk.src.rpm

 Mandrakelinux 10.1:
 117750db774283de7e3e235bc3c4d42b  10.1/RPMS/perl-5.8.5-3.4.101mdk.i586.rpm
 fb69728a57b920468f7bc6cf7ad63b1d  10.1/RPMS/perl-base-5.8.5-3.4.101mdk.i586.rpm
 5f259fde80fa6837c2073c85e361c964  
10.1/RPMS/perl-devel-5.8.5-3.4.101mdk.i586.rpm
 8c0404b48594e4da2450d467e2300463  10.1/RPMS/perl-doc-5.8.5-3.4.101mdk.i586.rpm
 730a69a3d1890e642ab5fb9eec3e07f3  10.1/SRPMS/perl-5.8.5-3.4.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 30d5fbf60a0093f8c45b93800addf55b  
x86_64/10.1/RPMS/perl-5.8.5-3.4.101mdk.x86_64.rpm
 bfada4d0e25c66316873706eb96d0eec  
x86_64/10.1/RPMS/perl-base-5.8.5-3.4.101mdk.x86_64.rpm
 c72897d8d971558166b1b462c29cacf4  
x86_64/10.1/RPMS/perl-devel-5.8.5-3.4.101mdk.x86_64.rpm
 aaa017675507c9278fb2246c70e9f5cf  
x86_64/10.1/RPMS/perl-doc-5.8.5-3.4.101mdk.x86_64.rpm
 730a69a3d1890e642ab5fb9eec3e07f3  
x86_64/10.1/SRPMS/perl-5.8.5-3.4.101mdk.src.rpm

 Mandrakelinux 10.2:
 f209fd68a68f9f8c569062a5dd35872d  10.2/RPMS/perl-5.8.6-6.1.102mdk.i586.rpm
 c03dd6592f264a0c2abaacff459d358c  10.2/RPMS/perl-base-5.8.6-6.1.102mdk.i586.rpm
 9620e5a67db3bd79ede05cdea54d7164  
10.2/RPMS/perl-devel-5.8.6-6.1.102mdk.i586.rpm
 4a48072953415e0c1a8cd0b0cc954989  10.2/RPMS/perl-doc-5.8.6-6.1.102mdk.i586.rpm
 90e755194ecaf253657af0e12f6406b2  10.2/SRPMS/perl-5.8.6-6.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 ad2e519fe3110b139fa7f4eca49a67e1  
x86_64/10.2/RPMS/perl-5.8.6-6.1.102mdk.x86_64.rpm
 5b2bcd20ceedba59940d74365338dea7  
x86_64/10.2/RPMS/perl-base-5.8.6-6.1.102mdk.x86_64.rpm
 efe35f5b49981659e7697d6380fceb5e  
x86_64/10.2/RPMS/perl-devel-5.8.6-6.1.102mdk.x86_64.rpm
 cb79d5e241acf0551222b20479e5f5ea  
x86_64/10.2/RPMS/perl-doc-5.8.6-6.1.102mdk.x86_64.rpm
 90e755194ecaf253657af0e12f6406b2  
x86_64/10.2/SRPMS/perl-5.8.6-6.1.102mdk.src.rpm

 Corporate Server 2.1:
 f2c5b48a527c1daf7a11792b7cea1e87  
corporate/2.1/RPMS/perl-5.8.0-14.5.C21mdk.i586.rpm
 2f3ce6e7795a4e3fb2cd15470f1e8eb1  
corporate/2.1/RPMS/perl-base-5.8.0-14.5.C21mdk.i586.rpm
 7b39b352cbef408c3f3a46e25dc33e6f  
corporate/2.1/RPMS/perl-devel-5.8.0-14.5.C21mdk.i586.rpm
 5596a918ea2e2365d85f20bd7827bc72  
corporate/2.1/RPMS/perl-doc-5.8.0-14.5.C21mdk.i586.rpm
 9db02ebc2f5c0d481e7d883747abef06  
corporate/2.1/SRPMS/perl-5.8.0-14.5.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 07487d9a3d421136586f7f60bc14dfc4  
x86_64/corporate/2.1/RPMS/perl-5.8.0-14.5.C21mdk.x86_64.rpm
 4f976b010d5fe0c125f5827d85b7fb3d  
x86_64/corporate/2.1/RPMS/perl-base-5.8.0-14.5.C21mdk.x86_64.rpm
 2855e30bc2e36f1c76ba8a3c6ac9fb66  
x86_64/corporate/2.1/RPMS/perl-devel-5.8.0-14.5.C21mdk.x86_64.rpm
 07f1b2c8ab3f63960ac25f59929c343c  
x86_64/corporate/2.1/RPMS/perl-doc-5.8.0-14.5.C21mdk.x86_64.rpm
 9db02ebc2f5c0d481e7d883747abef06  
x86_64/corporate/2.1/SRPMS/perl-5.8.0-14.5.C21mdk.src.rpm

 Corporate 3.0:
 dde26b606f041ebbdede036037339a41  
corporate/3.0/RPMS/perl-5.8.3-5.4.C30mdk.i586.rpm
 7736c7a4aa7ce325d092c7e6d0c797b8  
corporate/3.0/RPMS/perl-base-5.8.3-5.4.C30mdk.i586.rpm
 276b6caf0710b2f5c2b40416431eb234  
corporate/3.0/RPMS/perl-devel-5.8.3-5.4.C30mdk.i586.rpm
 ad86f2a2618f7af20e6b976b54b08eaa  
corporate/3.0/RPMS/perl-doc-5.8.3-5.4.C30mdk.i586.rpm
 0d824d973f366d61724a94fd1bd47815  
corporate/3.0/SRPMS/perl-5.8.3-5.4.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 59fd92b1575f82715096780c7a57d940  
x86_64/corporate/3.0/RPMS/perl-5.8.3-5.4.C30mdk.x86_64.rpm
 2cfec19fc0fb4e5d9270ce69fedaa3eb  
x86_64/corporate/3.0/RPMS/perl-base-5.8.3-5.4.C30mdk.x86_64.rpm
 e428e4d841f0c43a950073853004bf00  
x86_64/corporate/3.0/RPMS/perl-devel-5.8.3-5.4.C30mdk.x86_64.rpm
 96765e19650443e069f1b6e9a4978704  
x86_64/corporate/3.0/RPMS/perl-doc-5.8.3-5.4.C30mdk.x86_64.rpm
 0d824d973f366d61724a94fd1bd47815  
x86_64/corporate/3.0/SRPMS/perl-5.8.3-5.4.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCchb3mqjQ0CJFipgRAuJvAKCPvJ3d5HxCFLg8E93Xjm4cPWgwagCffGdo
SupCPhneAxyFxvWxsV3zsGc=
=z1q6
-----END PGP SIGNATURE-----