- Issued:
- 2005-10-05
- Updated:
- 2005-10-05
RHSA-2005:674 - Security Advisory
Synopsis
perl security update
Type/Severity
Security Advisory: Low
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated Perl packages that fix security issues and contain several bug
fixes are now available for Red Hat Enterprise Linux 4.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Description
Perl is a high-level programming language commonly used for system
administration utilities and Web programming.
Paul Szabo discovered a bug in the way Perl's File::Path::rmtree module
removed directory trees. If a local user has write permissions to a
subdirectory within the tree being removed by File::Path::rmtree, it is
possible for them to create setuid binary files. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0448
to this issue.
This update also addresses the following issues:
- - Perl interpreter caused a segmentation fault when environment
changes occurred during runtime.
- - Code in lib/FindBin contained a regression that caused problems with
MRTG software package.
- - Perl incorrectly declared it provides an FCGI interface where it in fact
did not.
Users of Perl are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 127023 - perl fails "lib/FindBin" test (breaks MRTG)
- BZ - 148848 - Packing fault with perl and FCGI
- BZ - 155888 - perl-suidperl package has an extra .1 release suffix
- BZ - 157694 - CAN-2005-0448 perl File::Path.pm rmtree race condition
CVEs
References
(none)
Red Hat Enterprise Linux Server 4
| SRPM | |
|---|---|
| perl-5.8.5-16.RHEL4.src.rpm | SHA-256: 80d2ee6d1e9ff6139c0623019098260d59499c8a9ed0e498af9066c7b7510daa |
| x86_64 | |
| perl-5.8.5-16.RHEL4.x86_64.rpm | SHA-256: 68269a81da8d58f14334f0ab6d4f073ca9ee06140eeb0d73a3099bb97fa2147b |
| perl-5.8.5-16.RHEL4.x86_64.rpm | SHA-256: 68269a81da8d58f14334f0ab6d4f073ca9ee06140eeb0d73a3099bb97fa2147b |
| perl-suidperl-5.8.5-16.RHEL4.x86_64.rpm | SHA-256: acdc4541c5e14639f071e14275d86f8a604592f8ea63f4092e8b8aa5feaac86c |
| perl-suidperl-5.8.5-16.RHEL4.x86_64.rpm | SHA-256: acdc4541c5e14639f071e14275d86f8a604592f8ea63f4092e8b8aa5feaac86c |
| ia64 | |
| perl-5.8.5-16.RHEL4.ia64.rpm | SHA-256: 5750c6b18568ec8494d1891eb9270e819581eb457729ff9efc86e2ee4180f3e5 |
| perl-5.8.5-16.RHEL4.ia64.rpm | SHA-256: 5750c6b18568ec8494d1891eb9270e819581eb457729ff9efc86e2ee4180f3e5 |
| perl-suidperl-5.8.5-16.RHEL4.ia64.rpm | SHA-256: b290179c5049189b46f1e641126f6fc7c4aa771c38a8a094e6a05473a523ed39 |
| perl-suidperl-5.8.5-16.RHEL4.ia64.rpm | SHA-256: b290179c5049189b46f1e641126f6fc7c4aa771c38a8a094e6a05473a523ed39 |
| i386 | |
| perl-5.8.5-16.RHEL4.i386.rpm | SHA-256: 4d179da8cbe804fba338d0abefc70fc29bbd9f4e34440583d8e92975160c1e45 |
| perl-5.8.5-16.RHEL4.i386.rpm | SHA-256: 4d179da8cbe804fba338d0abefc70fc29bbd9f4e34440583d8e92975160c1e45 |
| perl-suidperl-5.8.5-16.RHEL4.i386.rpm | SHA-256: ae7fc52ac83609185cc526cc3f2de925863fe653f0251874e0ec7fbe445ef922 |
| perl-suidperl-5.8.5-16.RHEL4.i386.rpm | SHA-256: ae7fc52ac83609185cc526cc3f2de925863fe653f0251874e0ec7fbe445ef922 |
Red Hat Enterprise Linux Workstation 4
| SRPM | |
|---|---|
| perl-5.8.5-16.RHEL4.src.rpm | SHA-256: 80d2ee6d1e9ff6139c0623019098260d59499c8a9ed0e498af9066c7b7510daa |
| x86_64 | |
| perl-5.8.5-16.RHEL4.x86_64.rpm | SHA-256: 68269a81da8d58f14334f0ab6d4f073ca9ee06140eeb0d73a3099bb97fa2147b |
| perl-suidperl-5.8.5-16.RHEL4.x86_64.rpm | SHA-256: acdc4541c5e14639f071e14275d86f8a604592f8ea63f4092e8b8aa5feaac86c |
| ia64 | |
| perl-5.8.5-16.RHEL4.ia64.rpm | SHA-256: 5750c6b18568ec8494d1891eb9270e819581eb457729ff9efc86e2ee4180f3e5 |
| perl-suidperl-5.8.5-16.RHEL4.ia64.rpm | SHA-256: b290179c5049189b46f1e641126f6fc7c4aa771c38a8a094e6a05473a523ed39 |
| i386 | |
| perl-5.8.5-16.RHEL4.i386.rpm | SHA-256: 4d179da8cbe804fba338d0abefc70fc29bbd9f4e34440583d8e92975160c1e45 |
| perl-suidperl-5.8.5-16.RHEL4.i386.rpm | SHA-256: ae7fc52ac83609185cc526cc3f2de925863fe653f0251874e0ec7fbe445ef922 |
Red Hat Enterprise Linux Desktop 4
| SRPM | |
|---|---|
| perl-5.8.5-16.RHEL4.src.rpm | SHA-256: 80d2ee6d1e9ff6139c0623019098260d59499c8a9ed0e498af9066c7b7510daa |
| x86_64 | |
| perl-5.8.5-16.RHEL4.x86_64.rpm | SHA-256: 68269a81da8d58f14334f0ab6d4f073ca9ee06140eeb0d73a3099bb97fa2147b |
| perl-suidperl-5.8.5-16.RHEL4.x86_64.rpm | SHA-256: acdc4541c5e14639f071e14275d86f8a604592f8ea63f4092e8b8aa5feaac86c |
| i386 | |
| perl-5.8.5-16.RHEL4.i386.rpm | SHA-256: 4d179da8cbe804fba338d0abefc70fc29bbd9f4e34440583d8e92975160c1e45 |
| perl-suidperl-5.8.5-16.RHEL4.i386.rpm | SHA-256: ae7fc52ac83609185cc526cc3f2de925863fe653f0251874e0ec7fbe445ef922 |
Red Hat Enterprise Linux for IBM z Systems 4
| SRPM | |
|---|---|
| perl-5.8.5-16.RHEL4.src.rpm | SHA-256: 80d2ee6d1e9ff6139c0623019098260d59499c8a9ed0e498af9066c7b7510daa |
| s390x | |
| perl-5.8.5-16.RHEL4.s390x.rpm | SHA-256: e06d09a85dd1a32908947ee0a597ab916f201f84cd4e11b6c357f7c61e84353f |
| perl-suidperl-5.8.5-16.RHEL4.s390x.rpm | SHA-256: 6266abe7904ceb011f817d1f233d5477a82bcc9fb3bbcc44595c8193bdb8dee2 |
| s390 | |
| perl-5.8.5-16.RHEL4.s390.rpm | SHA-256: 5327df1bed0cd0208d529238a48ad57e4c25cebc7019afbf0b446a424cb2046c |
| perl-suidperl-5.8.5-16.RHEL4.s390.rpm | SHA-256: 4173d7c2ccee5c422826fae182a6b421a8973c2c038d6e09f5f1b33815d1c59f |
Red Hat Enterprise Linux for Power, big endian 4
| SRPM | |
|---|---|
| perl-5.8.5-16.RHEL4.src.rpm | SHA-256: 80d2ee6d1e9ff6139c0623019098260d59499c8a9ed0e498af9066c7b7510daa |
| ppc | |
| perl-5.8.5-16.RHEL4.ppc.rpm | SHA-256: 6929b3edbc2fec66effb2e2a3c0f04f04e1a0b77ac81d0a190bf29f02c9446d6 |
| perl-suidperl-5.8.5-16.RHEL4.ppc.rpm | SHA-256: ee701dc05f01f107cada7dc22cf2a8ed8874a94ed1c9d7a0b00fc28d4020cf18 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
