|
|
|
>>
VUPEN Security / Public Mailing Lists Mirror |
Assigned : VUPEN/ADV-2005-2697
From : Martin Pitt <martin.pitt at canonical.com>
Subject : [USN-222-1] Perl vulnerability
Date : 2005-12-02
Original Message
===========================================================
Ubuntu Security Notice USN-222-1 December 02, 2005
perl vulnerability
CVE-2005-3962
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
perl-base
The problem can be corrected by upgrading the affected package to
version 5.8.4-2ubuntu0.5 (for Ubuntu 4.10), 5.8.4-6ubuntu1.1 (for
Ubuntu 5.04), or 5.8.7-5ubuntu1.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Jack Louis of Dyad Security discovered that Perl did not sufficiently
check the explicit length argument in format strings. Specially
crafted format strings with overly large length arguments led to a
crash of the Perl interpreter or even to execution of arbitrary
attacker-defined code with the privileges of the user running the Perl
program.
However, this attack was only possible in insecure Perl programs which
use variables with user-defined values in string interpolations
without checking their validity.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5.diff.gz
Size/MD5: 60449 138a02883a2dbe7a64ab04afdd66e9d9
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5.dsc
Size/MD5: 727 703d3ffd2a87bde7c541c6e8e837aadb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.5_all.deb
Size/MD5: 37058 bd3315452eecd9d428dabe16e53f2ded
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.5_all.deb
Size/MD5: 7049780 5786917c60337ce874fe75bd3356ca12
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.5_all.deb
Size/MD5: 2181250 7c97e5758dfff350f684ba84aab0a2dc
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 605446 b75c1a5bf7e1663f74c99fe3b42ceab7
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 1030 010890e33535d7a9b5f3c29fb18c2278
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 787320 7028286655aa8f1583cbc33de1769810
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 3819880 c0234ca782a1821ceb46a6e3f31c5040
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 32838 298ae33f6e488bb5676358862672bf7d
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_amd64.deb
Size/MD5: 3834290 ea9cb2fe0d5da2cf9f41280d82af236f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 546916 c1696ad6b6cc8b135ef8b9b3c4d641dc
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 494116 6969f99be7a08e72397f88141cf792fa
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 727682 8df403b46255458380f8f1cc470695cf
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 3631196 8b2c590421d6fb1990c10cbbd082127e
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 30812 e59daea11508610cce6fbfe1d1d27352
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_i386.deb
Size/MD5: 3229772 b29f36a2a1d486b13b021785ae7416e4
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 561030 3d81dd76a5b743776b4c8b9596199075
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 1036 febc4be8e86ba57988038b2245098602
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 718498 5e1d9871793e853806968c95d065da8c
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 3817110 71b313d4d4e8fbaf159c570ca8a67ccc
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 30564 869d07e824d69d9eb729ffac2ee3e307
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_powerpc.deb
Size/MD5: 3477134 5bc641ebc225d4df2d758a27bc4b076d
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1.diff.gz
Size/MD5: 85222 f860ad98b388fe9b8bb86cc7e35345c7
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1.dsc
Size/MD5: 744 a7ed7714ee125e9ef47ad3815ef631d9
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz
Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-6ubuntu1.1_all.deb
Size/MD5: 37848 e127ed7dfc844352edc5decfce571304
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-6ubuntu1.1_all.deb
Size/MD5: 7050018 04f464518415aba917f23fb92aa2c692
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-6ubuntu1.1_all.deb
Size/MD5: 2178096 dd899c9f55a68afd7b9fbfd20be24e6d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 605492 e7ced10f4d56325865215644ca3cf206
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 1032 0de0991b480a41be576e0eb314cf9076
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 791098 48622e7501239e1bf514a478958e641f
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 3825826 86680f4b3ec293e8ff7d6766aa8e34fc
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 32840 9087597015a77995be3fae92dc8875dd
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_amd64.deb
Size/MD5: 3833986 0e950b7f25c2c2d133cdc5deeed083bc
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 547172 be2b0d1b086af1fe4de25456d8db0a32
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 494206 a23e58dc0ed626af909d7b5d6992665c
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 731022 5cbdd58be91bec1b8bda5b9e0ce5041c
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 3630452 340473c47f02b82e3ab58ebce8a2cb4c
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 30464 5c493e827dcd495f0a74be1cb7d76d26
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_i386.deb
Size/MD5: 3230234 6dfd8e1ffc89ab95f380093ae676829a
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 625218 71310d2d768fe03cf6a9a23a4d43298a
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 1044 45d4349e536701ce7ed8032056da3ba0
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 789578 1ff2f2abd2469dc46cb7cbda0d9be51d
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 3588104 2fbb1cb36d1f38af8a165397bbe08695
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 33578 9b2011b06bf9837f88d24cbc4051067c
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_powerpc.deb
Size/MD5: 3509086 5029a74793ea9a46ddf8053a94193d21
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1.diff.gz
Size/MD5: 134597 d5eb14b2a7b72b5fef014284cb989404
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1.dsc
Size/MD5: 724 cc3cd8ed85ab22c3dc5bcc28e4dfa166
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz
Size/MD5: 12512211 dacefa1fe3c5b6d7bbc334ad94826131
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.7-5ubuntu1.1_all.deb
Size/MD5: 39132 1698e69173383d40dbf7265ea9c31c75
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.7-5ubuntu1.1_all.deb
Size/MD5: 7206644 da242594035cf2bf1e7f7e73e67c2562
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.7-5ubuntu1.1_all.deb
Size/MD5: 2325766 7f69e0426eca9092f4e0da8c12be7cb5
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 641136 5f3b2d6818b93ce69f45c2225475f994
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 1008 909ca536921167aa03a9bcfe17504ecc
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 819570 323c17484cbcdd2325016faa41954d9d
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 2689162 81924c3f4ea92a95efe6ca26a9e93d35
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 31392 7b62c900f9d4226baf46536f33aa43cb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_amd64.deb
Size/MD5: 3974714 ec727b329279874b06c3a1ff4eaf013d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 560106 4a7bfbf041785c53c17549b9fe8b5651
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 505946 8b87d461dd40e550869ab377449cd07b
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 737400 49b7d3f90c86c53c75dddaf1c7451b01
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 2453904 932044f5e5b32e7cbe7ebe7ba1787806
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 28828 1824f7c1147d4039b5ad8e0880329fc2
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_i386.deb
Size/MD5: 3297136 39cdfaba9743158eb0f770e2caec2adc
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 656086 7fbb2c2885063467fb63ceadf83856e0
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 1008 c463dda6c6b94f4a279d8180924c1fa3
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 814770 ba1a2147b2717afdeb6bc6c603748684
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 2646280 c7debfc211977a5587eeb353dcf9ac09
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 31994 635f808e87308177acc302816f65a566
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_powerpc.deb
Size/MD5: 3657374 cbe8f520cc8e821b288c06af052822f6
Disclaimer : VUPEN Security does not endorse the content of this
message submitted by others to public mailinglists. Messages submitted to public
mailinglists do not necessarily reflect the opinions or policies of VUPEN Security.
VUPEN Security makes no warranties, express or implied, as to the content of the message
in this page or the accuracy and reliability of any messages and other materials
submitted to public mailinglists. Any questions or comments regarding this page
should be sent to
team@vupen.com
|
|
|
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
