|
|
>> Fedora Security Update Fixes Perl Insecure Temporary File Creation
|
Title : Fedora Security Update Fixes Perl Insecure Temporary File Creation
VUPEN ID : VUPEN/ADV-2005-2501
CVE ID : CVE-2004-0976
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2005-11-21
|
Fedora has released updated packages to correct a vulnerability identified in Perl. The problem is due to errors in various scripts that create temporary files in an insecure manner, which may be exploited by local attackers to overwrite arbitrary files with the privileges of the user running the vulnerable scripts.
Affected Products
Fedora Core 4
Solution
Upgrade the affected package :
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
d70f372c3402e43304986cf2fdfce7a4 SRPMS/perl-5.8.6-16.fc4.src.rpm
3a63fd96d5378c89138aa848288d8349 ppc/perl-5.8.6-16.fc4.ppc.rpm
0777d7d1f4bd86ec8d46b16e04ea9323 ppc/perl-suidperl-5.8.6-16.fc4.ppc.rpm
968ef29bfd452c37a79761688e8efcc5 ppc/debug/perl-debuginfo-5.8.6-16.fc4.ppc.rpm
1080a28378989dcad02ca51d7f7cdb47 x86_64/perl-5.8.6-16.fc4.x86_64.rpm
2ab3a1b832e06b4ec2aca62ca9d10b61 x86_64/perl-suidperl-5.8.6-16.fc4.x86_64.rpm
52bce66512403007e0a1ee600edc17f7 x86_64/debug/perl-debuginfo-5.8.6-16.fc4.x86_64.rpm
099f53b5e8d58f0c7c18c6eb9fb495f0 i386/perl-5.8.6-16.fc4.i386.rpm
9c45ccf574ddd0bc3367b0b0bf311722 i386/perl-suidperl-5.8.6-16.fc4.i386.rpm
33403773ac61e444a1cb2c977f8a0f9f i386/debug/perl-debuginfo-5.8.6-16.fc4.i386.rpm
References
http://www.vupen.com/english/advisories/2005/2501
http://www.frsirt.com/english/reference/1059
ChangeLog
2005-11-21 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
