From martin.pitt@canonical.com Wed Mar 9 13:10:45 2005 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Date: Wed, 9 Mar 2005 13:31:27 +0100 Subject: [USN-94-1] Perl vulnerability =========================================================== Ubuntu Security Notice USN-94-1 March 09, 2005 perl vulnerability CAN-2005-0448 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: perl-modules The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.4. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Paul Szabo discovered another vulnerability in the rmtree() function in File::Path.pm. While a process running as root (or another user) was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree. Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4.diff.gz Size/MD5: 60188 30785d1dafe5a3370b6426dabd3496c7 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4.dsc Size/MD5: 727 9099db2a88c436237baf52e48088f732 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.4_all.deb Size/MD5: 36912 d5f0870d91cc2b0b66a6a03910b22dfe http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.4_all.deb Size/MD5: 7049774 8d1513fea3153f18c5d7350e84852b64 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.4_all.deb Size/MD5: 2181324 e33fed3f59d2a22f9379d5db42d90d7b amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.4_amd64.deb Size/MD5: 605416 740d538f44a97ba88b729763cacd7fee http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.4_amd64.deb Size/MD5: 1034 4ed5f62b1a26a8cb4cbc74cdc439c0c3 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.4_amd64.deb Size/MD5: 787144 71155b4d2b2f1e12883648842f7dc9d8 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.4_amd64.deb Size/MD5: 3819890 5ffa3928854c94f9cdbf49a7a792e626 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.4_amd64.deb Size/MD5: 32834 87f2e690aeb1c557ad91c33e6ebd0f3e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4_amd64.deb Size/MD5: 3834234 9787bfabcd2ab93bfd11b5109284ea5d i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.4_i386.deb Size/MD5: 546898 38bbe978e981caf41c251ff68d96e817 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.4_i386.deb Size/MD5: 494066 862aae6405d50449abfa7908ca006466 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.4_i386.deb Size/MD5: 727586 6a6253b935ce0f62c818c84137cdffa9 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.4_i386.deb Size/MD5: 3631128 a98a367bc60c66212b66f3089d32ffc4 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.4_i386.deb Size/MD5: 30818 5dd4bddd3ebc8e6d659d4be8f34253d1 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4_i386.deb Size/MD5: 3229880 3bd6faba3e9cd8f578f410ad477ea14f powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.4_powerpc.deb Size/MD5: 561010 ac9cdca909113bd487d97dcbed888bdb http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.4_powerpc.deb Size/MD5: 1034 b373f005aa3003c56ead6e9ed4f1036a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.4_powerpc.deb Size/MD5: 718372 7053b926f46dc6b03ea4c14b3a81488b http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.4_powerpc.deb Size/MD5: 3817108 c00240239a190b98aa6b5ff0c2565d91 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.4_powerpc.deb Size/MD5: 30556 f177fd548a28e1914ff267da4d59707d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.4_powerpc.deb Size/MD5: 3477220 60b40c390a37e0e989d9b8e6406ed709 [ Part 2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ]