From security@linux-mandrake.com Tue Feb 8 19:12:00 2005 From: Mandrakelinux Security Team To: full-disclosure@lists.netsys.com Date: Tue, 08 Feb 2005 16:35:59 -0700 Subject: [Full-Disclosure] MDKSA-2005:030 - Updated perl-DBI packages fix vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandrakelinux Security Update Advisory _______________________________________________________________________ Package name: perl-DBI Advisory ID: MDKSA-2005:030 Date: February 8th, 2005 Affected versions: 10.0, 10.1, 9.2, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________ Problem Description: Javier Fernandez-Sanguino Pena disovered the perl5 DBI library created a temporary PID file in an insecure manner, which could be exploited by a malicious user to overwrite arbitrary files owned by the user executing the parts of the library. The updated packages have been patched to prevent these problems. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0077 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: f183c93fbd101c2737cd4b800e53061a 10.0/RPMS/perl-DBI-1.40-2.1.100mdk.i586.rpm 09c0f80516516bcfd6ada405cb4127c6 10.0/RPMS/perl-DBI-ProfileDumper-Apache-1.40-2.1.100mdk.i586.rpm 8dd39d507ec177cf65625fc3c4fd4dec 10.0/RPMS/perl-DBI-proxy-1.40-2.1.100mdk.i586.rpm b04ab03347493fc4fdaa547beaa1c402 10.0/SRPMS/perl-DBI-1.40-2.1.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 0d93f83c6d47509b50958b9d348a01db amd64/10.0/RPMS/perl-DBI-1.40-2.1.100mdk.amd64.rpm 0c9e0a856cb8c5bc0d64e6a09a458c7e amd64/10.0/RPMS/perl-DBI-ProfileDumper-Apache-1.40-2.1.100mdk.amd64.rpm e59eab73007bd4cd3d0a5eaf9a3ff726 amd64/10.0/RPMS/perl-DBI-proxy-1.40-2.1.100mdk.amd64.rpm b04ab03347493fc4fdaa547beaa1c402 amd64/10.0/SRPMS/perl-DBI-1.40-2.1.100mdk.src.rpm Mandrakelinux 10.1: 60364853bb7dee1839d3cb547afc8a19 10.1/RPMS/perl-DBI-1.43-2.1.101mdk.i586.rpm c8bced0d08e2a6b03fab4419aedab972 10.1/RPMS/perl-DBI-ProfileDumper-Apache-1.43-2.1.101mdk.i586.rpm ac431947526d375f027cb2be6bff135b 10.1/RPMS/perl-DBI-proxy-1.43-2.1.101mdk.i586.rpm 9c05fd35c23434f0fb6847a0748db48a 10.1/SRPMS/perl-DBI-1.43-2.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: ca0563150d47a65af49d9da093aed768 x86_64/10.1/RPMS/perl-DBI-1.43-2.1.101mdk.x86_64.rpm 1a07d1d235940e77b3f2ef5a567099ba x86_64/10.1/RPMS/perl-DBI-ProfileDumper-Apache-1.43-2.1.101mdk.x86_64.rpm e862336b385924ee30cca15290d94c63 x86_64/10.1/RPMS/perl-DBI-proxy-1.43-2.1.101mdk.x86_64.rpm 9c05fd35c23434f0fb6847a0748db48a x86_64/10.1/SRPMS/perl-DBI-1.43-2.1.101mdk.src.rpm Corporate Server 2.1: 4290a50a53b7a3145f22273340890e25 corporate/2.1/RPMS/perl-DBI-1.30-2.1.C21mdk.i586.rpm 95f3824c3ea378dd8652f98a77fc74b8 corporate/2.1/SRPMS/perl-DBI-1.30-2.1.C21mdk.src.rpm Corporate Server 2.1/X86_64: 0a5209978e9af9a0e37dabd5b3662df1 x86_64/corporate/2.1/RPMS/perl-DBI-1.30-2.1.C21mdk.x86_64.rpm 95f3824c3ea378dd8652f98a77fc74b8 x86_64/corporate/2.1/SRPMS/perl-DBI-1.30-2.1.C21mdk.src.rpm Corporate 3.0: d0f09892449d1a7da32be4cd40d2a1e7 corporate/3.0/RPMS/perl-DBI-1.40-2.1.C30mdk.i586.rpm 04cb49b27561ff4efb6b2cd606798ff8 corporate/3.0/RPMS/perl-DBI-ProfileDumper-Apache-1.40-2.1.C30mdk.i586.rpm a84d893ebef5d564214ff6dd0f76e27a corporate/3.0/RPMS/perl-DBI-proxy-1.40-2.1.C30mdk.i586.rpm ad3694699cb43081a6b992b4bcd6788d corporate/3.0/SRPMS/perl-DBI-1.40-2.1.C30mdk.src.rpm Corporate 3.0/X86_64: 0de569b049473452b0cf6bc40c1026b7 x86_64/corporate/3.0/RPMS/perl-DBI-1.40-2.1.C30mdk.x86_64.rpm 475cb6cd7d5c2cdecd49a7409be09fe3 x86_64/corporate/3.0/RPMS/perl-DBI-ProfileDumper-Apache-1.40-2.1.C30mdk.x86_64.rpm a0c8b92fc1fd0067737bca1904340d85 x86_64/corporate/3.0/RPMS/perl-DBI-proxy-1.40-2.1.C30mdk.x86_64.rpm ad3694699cb43081a6b992b4bcd6788d x86_64/corporate/3.0/SRPMS/perl-DBI-1.40-2.1.C30mdk.src.rpm Mandrakelinux 9.2: 1d6e74cc098dde364d8d3c7089077d19 9.2/RPMS/perl-DBI-1.38-1.1.92mdk.i586.rpm 35e3e7129434381326444992443182c3 9.2/RPMS/perl-DBI-ProfileDumper-Apache-1.38-1.1.92mdk.i586.rpm fe4659a0fe8904279f522cb0579f0583 9.2/RPMS/perl-DBI-proxy-1.38-1.1.92mdk.i586.rpm fd0fe5bb7d22a89e7fa4842fd7de4532 9.2/SRPMS/perl-DBI-1.38-1.1.92mdk.src.rpm Mandrakelinux 9.2/AMD64: 4cc7fc03b362947b8a1d2017ea0f8cf0 amd64/9.2/RPMS/perl-DBI-1.38-1.1.92mdk.amd64.rpm e97c932db73efc2b50159ac0b8e47af9 amd64/9.2/RPMS/perl-DBI-ProfileDumper-Apache-1.38-1.1.92mdk.amd64.rpm f93fb55dbd44219e84566c7774241fbc amd64/9.2/RPMS/perl-DBI-proxy-1.38-1.1.92mdk.amd64.rpm fd0fe5bb7d22a89e7fa4842fd7de4532 amd64/9.2/SRPMS/perl-DBI-1.38-1.1.92mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandrakelinux at: http://www.mandrakesoft.com/security/advisories If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCCUzfmqjQ0CJFipgRAhT1AKDjWOCD0fupA7InIaT3t3A14vBDSgCdGYK5 EIugkWy95UG++ypSM6b9kR0= =tNYi -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html