[PLDSA 16-1] New perl packages correct Safe handling
Krzysiek Taraszka
dzimi at pld.org.pl
Thu Jan 30 14:11:13 CET 2003
- --------------------------------------------------------------------------
PLD Security Advisory PLDSA 16-1 security at pld.org.pl
http://www.pld.org.pl/security/ PLD Security Team
13 January 2003 http://www.pld.org.pl/security/faq
- --------------------------------------------------------------------------
Package : prior to perl-5.6.1-63
Vulnerability : broken safe compartment
Problem-Type : local
PLD-specific : no
CVE references : CAN-2002-1323
A security hole has been discovered in Safe.pm which is used in all
versions of Perl. The Safe extension module allows the creation of
compartments in which perl code can be evaluated in a new namespace
and the code evaluated in the compartment cannot refer to variables
outside this namespace. However, when a Safe compartment has already
been used, there's no guarantee that it is Safe any longer, because
there's a way for code to be executed within the Safe compartment to
alter its operation mask. Thus, programs that use a Safe compartment
only once aren't affected by this bug.
The above problems have been fixed in version 5.6.1-64 for the
current stable distribution (ra).
We recommend that you upgrade your perl packages.
wget -c url
will fetch the file for you
rpm -Uhv file(s)*.rpm
will upgrade the referenced file.
If you are using "poldek" - the package manager, use the line as given below
for upgrade packages
poldek --update
will update the internal database
poldek --upgrade 'perl*'
will install corrected packages
If you are using "apt" - the package manager, use the line as given below
for upgrade packages
apt-get update
will update the internal database
apt-get upgrade 'perl*'
will install corrected packages
PLD Linux 1.0 alias ra
- --------------------
Source archives:
ftp://ftp.pld.org.pl/dists/ra/updates/security/SRPMS/perl-5.6.1-64.src.rpm
MD5 checksum: 3c9bbe1bbc108a32f6b7085d54220b32
I386 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/mysql-extras-perl-3.23.54a-1.i386.rpm
MD5 checksum: c0ddab0f3bd98364bcf975a9fb837886
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/perl-5.6.1-64.i386.rpm
MD5 checksum: 65e04e09ac233998dc0f627b6c3e7c36
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/perl-devel-5.6.1-64.i386.rpm
MD5 checksum: d0bc3b90b8eaed0ae2d1920049a872b6
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/perl-modules-5.6.1-64.i386.rpm
MD5 checksum: 477d6f431222ee67820053b86e283c7d
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/perl-pod-5.6.1-64.i386.rpm
MD5 checksum: 7971c7da10d5f7fbf61ea88cedbfa218
ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/sperl-5.6.1-64.i386.rpm
MD5 checksum: 3af7722e0a89697ddd0c5b91e9904ae0
I586 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/mysql-extras-perl-3.23.54a-1.i586.rpm
MD5 checksum: acabbd169d9882ec2b160b85f10753f5
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/perl-5.6.1-64.i586.rpm
MD5 checksum: ef82e0a54cc09f5e3e3a6dc072391053
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/perl-devel-5.6.1-64.i586.rpm
MD5 checksum: 6b57bde37402d99d03458abfeea2b2ac
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/perl-modules-5.6.1-64.i586.rpm
MD5 checksum: bab11b1b1408c840e6dd9b2ea50159b5
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/perl-pod-5.6.1-64.i586.rpm
MD5 checksum: 48363162b109c6b06c6f0663cb4da04a
ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/sperl-5.6.1-64.i586.rpm
MD5 checksum: d4ce4bcd2b8cfa231c0f06ce011f752b
I686 Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/mysql-extras-perl-3.23.54a-1.i686.rpm
MD5 checksum: 07b20cb5fab1658e2651e7e48eda173e
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/perl-5.6.1-64.i686.rpm
MD5 checksum: 014435d865669b06b3ca971b757e3e50
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/perl-devel-5.6.1-64.i686.rpm
MD5 checksum: 52190c2c905b5caf23414bf62ab29055
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/perl-modules-5.6.1-64.i686.rpm
MD5 checksum: 27f9bbec8ea3d72dfd19c567f46486d2
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/perl-pod-5.6.1-64.i686.rpm
MD5 checksum: b35d0c7877ad88d21538aeff769bce0d
ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/sperl-5.6.1-64.i686.rpm
MD5 checksum: 45a4cfd96d55bb872e66fa4d5991c25f
PowerPC Architecture components:
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/mysql-extras-perl-3.23.54a-1.ppc.rpm
MD5 checksum: 19ac1fbfb7041b6c6eb01e759392bf94
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/perl-5.6.1-64.ppc.rpm
MD5 checksum: 888311952090c297268ab30ade083665
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/perl-devel-5.6.1-64.ppc.rpm
MD5 checksum: 71af57e5acbcaaf434d2601c6313c12e
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/perl-modules-5.6.1-64.ppc.rpm
MD5 checksum: ec35ff3dfb3195247a8e3d67309712cf
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/perl-pod-5.6.1-64.ppc.rpm
MD5 checksum: 1f9ab11db098b98cff0cabf9de77aeb3
ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/sperl-5.6.1-64.ppc.rpm
MD5 checksum: 61ef4a26af543fe4363954beb9c1c425
-
--------------------------------------------------------------------------------
-
If you are using poldek add this line to poldek.conf.
If you are using apt-get add this line to sources.list.
For i386 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i386/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i386 base updates-security
For i586 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i586/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i586 base updates-security
For i686 architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/i686/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/i686 base updates-security
For ppc architecture
poldek: source = ra-updates-security ftp://ftp.pld.org.pl/dists/ra/updates/security/ppc/
apt-get: rpm ftp://ftp.pld.org.pl/dists ra/apt/ppc base updates-security
More information about the pld-security-announce
mailing list