Issued:
2006-08-10
Updated:
2006-08-10

RHSA-2006:0605 - Security Advisory

Synopsis

perl security update

Type/Severity

Security Advisory: Important

Topic

Updated Perl packages that fix security a security issue are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

Kevin Finisterre discovered a flaw in sperl, the Perl setuid wrapper, which
can cause debugging information to be logged to arbitrary files. By setting
an environment variable, a local user could cause sperl to create, as root,
files with arbitrary filenames, or append the debugging information to
existing files. (CVE-2005-0155)

A fix for this issue was first included in the update RHSA-2005:103
released in February 2005. However the patch to correct this issue was
dropped from the update RHSA-2005:674 made in October 2005. This
regression has been assigned CVE-2006-3813.

Users of Perl are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

(none)

CVEs

References

Red Hat Enterprise Linux Server 4

SRPM
perl-5.8.5-36.RHEL4.src.rpm SHA-256: 0a5abffdc74439c98465a991868f2e2189deb0fb90f831a604805da920df4367
x86_64
perl-5.8.5-36.RHEL4.x86_64.rpm SHA-256: 1611a430c920669d31accc89e0ec6bacaa87693763ec4fd5e2e2f8c9a5d1f024
perl-5.8.5-36.RHEL4.x86_64.rpm SHA-256: 1611a430c920669d31accc89e0ec6bacaa87693763ec4fd5e2e2f8c9a5d1f024
perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm SHA-256: f127d6e3519c3725f526049c747372abdc5f15e220f71a191e59c8d32300afbd
perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm SHA-256: f127d6e3519c3725f526049c747372abdc5f15e220f71a191e59c8d32300afbd
ia64
perl-5.8.5-36.RHEL4.ia64.rpm SHA-256: 62a9338a7d70d0c4396c7b582e5e3c82c2fa0b1aae61e5e94c6e6258db83ce43
perl-5.8.5-36.RHEL4.ia64.rpm SHA-256: 62a9338a7d70d0c4396c7b582e5e3c82c2fa0b1aae61e5e94c6e6258db83ce43
perl-suidperl-5.8.5-36.RHEL4.ia64.rpm SHA-256: eaf419087a75a02c21f04221b8bd39d8a3040aa46a76aa40f23cbe9be223c01a
perl-suidperl-5.8.5-36.RHEL4.ia64.rpm SHA-256: eaf419087a75a02c21f04221b8bd39d8a3040aa46a76aa40f23cbe9be223c01a
i386
perl-5.8.5-36.RHEL4.i386.rpm SHA-256: a90e59aa899062d2bd8a1c8e04c0175ee724b63c7ea1c1321e4e2ea905078bd4
perl-5.8.5-36.RHEL4.i386.rpm SHA-256: a90e59aa899062d2bd8a1c8e04c0175ee724b63c7ea1c1321e4e2ea905078bd4
perl-suidperl-5.8.5-36.RHEL4.i386.rpm SHA-256: a1d03211e932d4a7828d17292154eac0a64f42668b6e3933f8a432e8e1e1a5b5
perl-suidperl-5.8.5-36.RHEL4.i386.rpm SHA-256: a1d03211e932d4a7828d17292154eac0a64f42668b6e3933f8a432e8e1e1a5b5

Red Hat Enterprise Linux Workstation 4

SRPM
perl-5.8.5-36.RHEL4.src.rpm SHA-256: 0a5abffdc74439c98465a991868f2e2189deb0fb90f831a604805da920df4367
x86_64
perl-5.8.5-36.RHEL4.x86_64.rpm SHA-256: 1611a430c920669d31accc89e0ec6bacaa87693763ec4fd5e2e2f8c9a5d1f024
perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm SHA-256: f127d6e3519c3725f526049c747372abdc5f15e220f71a191e59c8d32300afbd
ia64
perl-5.8.5-36.RHEL4.ia64.rpm SHA-256: 62a9338a7d70d0c4396c7b582e5e3c82c2fa0b1aae61e5e94c6e6258db83ce43
perl-suidperl-5.8.5-36.RHEL4.ia64.rpm SHA-256: eaf419087a75a02c21f04221b8bd39d8a3040aa46a76aa40f23cbe9be223c01a
i386
perl-5.8.5-36.RHEL4.i386.rpm SHA-256: a90e59aa899062d2bd8a1c8e04c0175ee724b63c7ea1c1321e4e2ea905078bd4
perl-suidperl-5.8.5-36.RHEL4.i386.rpm SHA-256: a1d03211e932d4a7828d17292154eac0a64f42668b6e3933f8a432e8e1e1a5b5

Red Hat Enterprise Linux Desktop 4

SRPM
perl-5.8.5-36.RHEL4.src.rpm SHA-256: 0a5abffdc74439c98465a991868f2e2189deb0fb90f831a604805da920df4367
x86_64
perl-5.8.5-36.RHEL4.x86_64.rpm SHA-256: 1611a430c920669d31accc89e0ec6bacaa87693763ec4fd5e2e2f8c9a5d1f024
perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm SHA-256: f127d6e3519c3725f526049c747372abdc5f15e220f71a191e59c8d32300afbd
i386
perl-5.8.5-36.RHEL4.i386.rpm SHA-256: a90e59aa899062d2bd8a1c8e04c0175ee724b63c7ea1c1321e4e2ea905078bd4
perl-suidperl-5.8.5-36.RHEL4.i386.rpm SHA-256: a1d03211e932d4a7828d17292154eac0a64f42668b6e3933f8a432e8e1e1a5b5

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
perl-5.8.5-36.RHEL4.src.rpm SHA-256: 0a5abffdc74439c98465a991868f2e2189deb0fb90f831a604805da920df4367
s390x
perl-5.8.5-36.RHEL4.s390x.rpm SHA-256: bdbb0a9105d90f157622a7884aaeba1ee91c3c749bff5fe6fdc82d97e54e4c76
perl-suidperl-5.8.5-36.RHEL4.s390x.rpm SHA-256: 14dbe34b2e429d1d119d84baf42e23a0dacb8907f79b98a40e730814f8b4c7dc
s390
perl-5.8.5-36.RHEL4.s390.rpm SHA-256: 6476f951e4b3809d9c499fbc276d0c7359066a35c6a62a5326a86796319a62e6
perl-suidperl-5.8.5-36.RHEL4.s390.rpm SHA-256: 77842e1b89e8e6eb36e1fb20f6628ba1be16b68cfc42badefaa78e716a7e8e9e

Red Hat Enterprise Linux for Power, big endian 4

SRPM
perl-5.8.5-36.RHEL4.src.rpm SHA-256: 0a5abffdc74439c98465a991868f2e2189deb0fb90f831a604805da920df4367
ppc
perl-5.8.5-36.RHEL4.ppc.rpm SHA-256: ab6bae97dfca65c1fcb3e8b439c24a458f744280c26c7562fcaa6b7ec19b7d8c
perl-suidperl-5.8.5-36.RHEL4.ppc.rpm SHA-256: e097d160f46cb0d6c281a55de2ace4f36e14d5ea84b1837fb2486066500479e0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.