VUPEN Security - Security Mailinglists (Mirrored Posts)

	About Us \| Contact Us

VUPEN Free Resources

VUPEN Security Advisories

VUPEN Security Blog & News

Zero-day Attacks Monitor

Daily Security Mailinglist

Explanation of Terms

Advanced Search Engine

>> VUPEN Security / Public Mailing Lists Mirror

Assigned : VUPEN/ADV-2005-2694

From : "Jason Vas Dias" <jvdias at redhat.com>
Subject : Fedora Core 3 Update: perl-5.8.5-18.FC3
Date : 2005-12-02

Original Message

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1116
2005-12-01
---------------------------------------------------------------------

Product : Fedora Core 3
Name : perl
Version : 5.8.5
Release : 18.FC3
Summary : The Perl programming language.
Description :
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting. Perl is good at handling processes and files,
and is especially good at handling text. Perl's hallmarks are
practicality and efficiency. While it is used to do a lot of
different things, Perl's most common applications are system
administration utilities and web programming. A large proportion of
the CGI scripts on the web are written in Perl. You need the perl
package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your
system to handle Perl scripts.

---------------------------------------------------------------------
Update Information:

Fixes security vulnerabilites:
CVE-2005-3962:
http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
CVE-2005-3912:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912
CVE-2005-0452:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0452
CVE-2004-0976:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976
---------------------------------------------------------------------
* Thu Dec 1 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.5-18.FC3
- fix bug 174683 / CVE-2005-3962: sprintf integer overflow vulnerability
backport upstream patch #26240

* Wed Nov 9 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.5-17
- fix bug 136009: restore MakeMaker support for LD_RUN_PATH,
while removing empty LD_RUN_PATH

* Tue Nov 8 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.5-17
- fix CAN-2004-0976: insecure use of temporary files

* Wed Nov 2 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.5-17
- fix bug 164772: panic (crash) on invalid UTF-8 in Encode.xs
- fix bug 172327 / upstream bug 37056: backport upstream patch 25084:
prevent realloc recursion on nss get* ERANGE errno

* Tue Nov 1 2005 Jason Vas Dias <jvdias@redhat.com> - 3:5.8.5-17
- fix bug 170088: broken h2ph fixed with h2ph from 5.8.7
- fix bug 171111 / upstream bug 37535: IOCPARM_LEN should be _IOC_SIZE
- fix bug 172236: make h2ph pick up gcc built-in include directory

* Tue Aug 2 2005 Petr Rockai <prockai@redhat.com> - 3:5.8.5-16
- update filter-depends.sh to get rid of FCGI requires

* Wed Jul 27 2005 Petr Rockai <prockai@redhat.com> - 3:5.8.5-15
- remove incorrect Provides on FCGI and Mac::File, cf. BR148848

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

2ebe04eeb426388b213977c552e6a004 SRPMS/perl-5.8.5-18.FC3.src.rpm
bb9e5f6a8e05992e4c74e532841cf686 x86_64/perl-5.8.5-18.FC3.x86_64.rpm
2d70d5e1b85d8d6f0a11cd2ef4a6b3cd x86_64/perl-suidperl-5.8.5-18.FC3.x86_64.rpm
d4904e4d622040a34d905c7bfa4a0a03 x86_64/debug/perl-debuginfo-5.8.5-18.FC3.x86_64.rpm
946544c3a8d689c3521719a2205d1aea i386/perl-5.8.5-18.FC3.i386.rpm
0dd03d80622fdbac49b53a0b76a6cf45 i386/perl-suidperl-5.8.5-18.FC3.i386.rpm
aa479beda71d9c015e283b769e4465a7 i386/debug/perl-debuginfo-5.8.5-18.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

Disclaimer : VUPEN Security does not endorse the content of this message submitted by others to public mailinglists. Messages submitted to public mailinglists do not necessarily reflect the opinions or policies of VUPEN Security. VUPEN Security makes no warranties, express or implied, as to the content of the message in this page or the accuracy and reliability of any messages and other materials submitted to public mailinglists. Any questions or comments regarding this page should be sent to team@vupen.com

Monthly Statistics

VUPEN Security Advisories By Criticality: Sep 2010
Critical Risk	: 18%
High Risk	: 5%
Moderate Risk	: 46%
Low Risk	: 31%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.

Try VUPEN VNS