<<< Date Index >>>     <<< Thread Index >>>

[SECURITY] [DSA 1678-2] New perl packages fix regression



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1678-2                  security@xxxxxxxxxx
http://www.debian.org/security/                         Florian Weimer
December 21, 2008                   http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : perl
Vulnerability  : design flaws
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2008-5302 CVE-2008-5303
Debian Bug     : 286905 286922 479317

The perl update in DSA-1678-1 contains a regression which is triggered
by some Perl scripts which have changed into the directory tree
removed by File::Path::rmtree.  In particular, this happens if
File::Temp::tempdir is used.  This new update corrects this
regression.

For the stable distribution (etch), this problem has been fixed in
version 5.8.8-7etch6.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your perl packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6.diff.gz
    Size/MD5 checksum:   104841 38685bce67f7761753883e8e6073f5b7
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6.dsc
    Size/MD5 checksum:      742 f9545587e032939494a6a9b22abd112c
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz
    Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch6_all.deb
    Size/MD5 checksum:  7377460 cf3c6b08cfa947eb989e5a376790c4c3
  
http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch6_all.deb
    Size/MD5 checksum:    41276 f9e491829ef0ea295d2c5b88e48c895d
  
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch6_all.deb
    Size/MD5 checksum:  2328214 6d995effacda8ecc2a935dc4527ed342

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6_alpha.deb
    Size/MD5 checksum:  4150250 3c575d6d8e1b101066a89e1482f081cf
  
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch6_alpha.deb
    Size/MD5 checksum:   821806 8d3bd143f7b3d6243b42277c5c63a93f
  
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch6_alpha.deb
    Size/MD5 checksum:   880284 5636ce04377a056db7d369b7b8770428
  
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch6_alpha.deb
    Size/MD5 checksum:  2928840 4d5717f310740a654eab999bc4993e5a
  
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch6_alpha.deb
    Size/MD5 checksum:     1010 9ccd001ddccacbf99510508937c9ca47
  
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch6_alpha.deb
    Size/MD5 checksum:    36236 db6be7a7cf887edfefcb7c2c50b0a3db

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch6_amd64.deb
    Size/MD5 checksum:     1014 6222c5da15781a0191a162ee74e0f9a2
  
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch6_amd64.deb
    Size/MD5 checksum:   806670 c654435b6632fb800929870df3f0daf8
  
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch6_amd64.deb
    Size/MD5 checksum:    32780 bcc928299ffd2e4d97ee2d9d7fdb1512
  
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6_amd64.deb
    Size/MD5 checksum:  4249060 a10ee694a5d164b8ef12d0f566e4f02d
  
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch6_amd64.deb
    Size/MD5 checksum:   630778 f318294099b5c0ae4469073988731f7f
  
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch6_amd64.deb
    Size/MD5 checksum:  2735120 21c2ed7bba2de01983156e720c4eea14

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch6_arm.deb
    Size/MD5 checksum:    30346 1f51b45f45fd8a1bbc4732812c348b3a
  
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch6_arm.deb
    Size/MD5 checksum:   760238 a230824f93118e65af853c9a8448aeb5
  
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch6_arm.deb
    Size/MD5 checksum:   562086 e7fc6a0323bc5898dd09ff7a9c937ac1
  
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch6_arm.deb
    Size/MD5 checksum:     1010 9a67f67e98a45b6e02fe09aa50518794
  
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch6_arm.deb
    Size/MD5 checksum:  2548186 91c5ccb36e82705931c07d8a14d95490
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6_arm.deb
    Size/MD5 checksum:  3410336 77df1024bf9e02b0cdce65423bc84eeb

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch6_i386.deb
    Size/MD5 checksum:  2492644 ebb57292ae6986f812c2233511565fb3
  
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch6_i386.deb
    Size/MD5 checksum:   585446 bedf9d40486ebab6ef251101ed0d2402
  
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch6_i386.deb
    Size/MD5 checksum:   762766 f667327e7cd4044ee6fb3c900b75a181
  
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch6_i386.deb
    Size/MD5 checksum:   527166 8770a7e8302aaa2ef7c99b8339a1579e
  
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch6_i386.deb
    Size/MD5 checksum:    32104 53085baadd6fa2a16f5ca27dbcae5b72
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6_i386.deb
    Size/MD5 checksum:  3599182 6c141bd9447670a86b0691adafb51596

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch6_ia64.deb
    Size/MD5 checksum:  1154160 b640fe2f395f9161560fd9dd52532f85
  
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch6_ia64.deb
    Size/MD5 checksum:     1006 62ffe7a5b8823f925b2537941fe48ae1
  
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch6_ia64.deb
    Size/MD5 checksum:    51272 b93cfd432ead7fb85cab0acbe53c2994
  
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch6_ia64.deb
    Size/MD5 checksum:   978108 7e50dafffed7382b35042ad86032b7a4
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6_ia64.deb
    Size/MD5 checksum:  4336650 fe46d1d4fa0b18770631f9d2a544d072
  
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch6_ia64.deb
    Size/MD5 checksum:  3364466 15f332c898209c5c5cb8d864762cf445

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch6_mips.deb
    Size/MD5 checksum:   786168 5da358d316af22485a29c364afee453c
  
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch6_mips.deb
    Size/MD5 checksum:     1008 0c27fb854eabf1e73840bf2cc07b8b3c
  
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch6_mips.deb
    Size/MD5 checksum:   694016 78af4921744de0e03ba173d79d7f7d39
  
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch6_mips.deb
    Size/MD5 checksum:    32220 fcd144768fee4a14664a962d0d1e4a55
  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6_mips.deb
    Size/MD5 checksum:  3679064 cdd8810ba2b3e8c293df4acc06510fb7
  
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch6_mips.deb
    Size/MD5 checksum:  2782124 a16a21e716647c74c24224b9752d56c2

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch6_mipsel.deb
    Size/MD5 checksum:    32326 55417bfc7195b2907c76a170ded4fb91
  
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch6_mipsel.deb
    Size/MD5 checksum:  2730626 7d13f3931edcdd3b22ff6e851de332d5
  
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6_mipsel.deb
    Size/MD5 checksum:  3413592 f087bc2dcefcd3069ac7db96b84af4ab
  
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch6_mipsel.deb
    Size/MD5 checksum:   784946 a5b574a6e9e1bf919ab88bd1b5beb964
  
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch6_mipsel.deb
    Size/MD5 checksum:   687508 90078c3c9692c6e50c5a5cb0fe25ece2
  
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch6_mipsel.deb
    Size/MD5 checksum:     1016 10942b8d2f2c5441d0dd7d65afc83151

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch6_powerpc.deb
    Size/MD5 checksum:   811106 367dec1df2404742380c2c06e0809a20
  
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch6_powerpc.deb
    Size/MD5 checksum:  2710134 50f1c3ecb9f1023935f153c1d605aa41
  
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch6_powerpc.deb
    Size/MD5 checksum:     1014 16877860b93d044bf7f914a857737fc0
  
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6_powerpc.deb
    Size/MD5 checksum:  3825218 b4f50f6735fc446fb22665cff53cd064
  
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch6_powerpc.deb
    Size/MD5 checksum:   653450 92671c8bcd39e6f4a84b2a01401ef408
  
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch6_powerpc.deb
    Size/MD5 checksum:    32904 adb2e70ca2b2f0cc809bcc2903036bdf

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6_s390.deb
    Size/MD5 checksum:  4100084 14bc00f090ce3dc1ba7bfacfa5b88218
  
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch6_s390.deb
    Size/MD5 checksum:    33094 fb66e60a4fa21a647bc053920a842d5b
  
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch6_s390.deb
    Size/MD5 checksum:   633600 9df5a899f601a14ce3b0496df2bc116d
  
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch6_s390.deb
    Size/MD5 checksum:   823704 1b3f1afaef5fc0c5fb36048d82c1c3d6
  
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch6_s390.deb
    Size/MD5 checksum:  2796566 83e073cf9d1f2a22f366483d250a95c0
  
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch6_s390.deb
    Size/MD5 checksum:     1008 f983117eb556d27b343d6a64d5774cfd

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch6_sparc.deb
    Size/MD5 checksum:   594470 8bfdaa1611e2ce31f21dcb83714eed1f
  
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch6_sparc.deb
    Size/MD5 checksum:    31058 12713b89c5b12616fe4344c6e725b8a5
  
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch6_sparc.deb
    Size/MD5 checksum:  2565978 b062a3274b40bf1524a9d02315c711cd
  
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch6_sparc.deb
    Size/MD5 checksum:   782402 5c2d4e8b4eb521aecac7c496591c1e7a
  
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch6_sparc.deb
    Size/MD5 checksum:     1010 0fde672bbaad262571d8646364b3c10a
  
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch6_sparc.deb
    Size/MD5 checksum:  3813262 f1095b35b28e4d2eb80cba8b978d8119


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJThLvAAoJEL97/wQC1SS+WSYIAI0vvTnjN/DDAhxatTQhcqft
M4KlTjE5xLF1qtLH+9XWmCf9nPGQyOfrZk8lRyAVG3xyI4shuMrRIrZlgW70Z9rk
C5p0ApU81yIWEMXQI/OIawbx0gXqg5O26KMQHWYNOflXfg7P/S3PrlVRgtJeG3ED
QptsDATvJaIFOBN/QGENr0vpJ70kxlO8xB/YqiRXecBVDBywL4xK6mDg11q3ZEt5
2v+hn4by0mhd29xQz2rq0tG2K+xWidQd6UsbvekhAVBhzonH2fPgZX5YaqxT5m6i
hAtwMXAnPIJXK1FWzEK0kdWuULkcNdXF5rKZnYgILF7opiXbzylPKwQmbK8biUA=
=ttG8
-----END PGP SIGNATURE-----