RHSA-2005:674 - Security Advisory
perl security update
Security Advisory: Low
Updated Perl packages that fix security issues and contain several bug
fixes are now available for Red Hat Enterprise Linux 4.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Perl is a high-level programming language commonly used for system
administration utilities and Web programming.
Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module
removed directory trees. If a local user has write permissions to a
subdirectory within the tree being removed by File::Path::rmtree, it is
possible for them to create setuid binary files. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0448
to this issue.
This update also addresses the following issues:
- - Perl interpreter caused a segmentation fault when environment
changes occurred during runtime.
- - Code in lib/FindBin contained a regression that caused problems with
MRTG software package.
- - Perl incorrectly declared it provides an FCGI interface where it in fact
Users of Perl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
- BZ - 127023 - perl fails "lib/FindBin" test (breaks MRTG)
- BZ - 148848 - Packing fault with perl and FCGI
- BZ - 155888 - perl-suidperl package has an extra .1 release suffix
- BZ - 157694 - CAN-2005-0448 perl File::Path.pm rmtree race condition
Red Hat Enterprise Linux for Power, big endian 4