Issued:
2007-11-05
Updated:
2007-11-05

RHSA-2007:0966 - Security Advisory

Synopsis

Important: perl security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Perl packages that fix a security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl. (CVE-2007-5116)

Users of Perl are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server 3 x86_64
  • Red Hat Enterprise Linux Server 3 ia64
  • Red Hat Enterprise Linux Server 3 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Workstation 3 x86_64
  • Red Hat Enterprise Linux Workstation 3 ia64
  • Red Hat Enterprise Linux Workstation 3 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux Desktop 3 x86_64
  • Red Hat Enterprise Linux Desktop 3 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems 3 s390x
  • Red Hat Enterprise Linux for IBM z Systems 3 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian 3 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 323571 - CVE-2007-5116 perl regular expression UTF parsing errors

Red Hat Enterprise Linux Server 5

SRPM
perl-5.8.8-10.el5_0.2.src.rpm SHA-256: 9a88098a249d5cb271c4a4152694108ca805e5f0ff0a358f5ed348683472016e
x86_64
perl-5.8.8-10.el5_0.2.x86_64.rpm SHA-256: 6136eb3d8f8e92629e15c4a0ed300a7a4cbdc531d056d4b1695476090510c4b3
perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm SHA-256: bc80e125b39eb50f65478773032a7a8ed50c2966446430a934fc96ce435bd286
ia64
perl-5.8.8-10.el5_0.2.ia64.rpm SHA-256: bcba74136b0920d74be4670480fdf32aca17b940bfd0cbd209a3d71e129dff88
perl-suidperl-5.8.8-10.el5_0.2.ia64.rpm SHA-256: 6643c61f5b7af152326b12f9f4dd61110a49336c6c3d33d926b6ab23d462ee0e
i386
perl-5.8.8-10.el5_0.2.i386.rpm SHA-256: c1843f7b263f0a2ae7a1c7807b2a2fcc27a38759f6c11e83c29e23818b745210
perl-suidperl-5.8.8-10.el5_0.2.i386.rpm SHA-256: 0a84e2cdc4372ca247669b070db1e741b3dfb886555c1b828ad5ae8280584b20

Red Hat Enterprise Linux Server 4

SRPM
perl-5.8.5-36.el4_5.2.src.rpm SHA-256: 9f9fe848cf82e262432e111adc4c0f5be8d413f841bc9e6e99b8c753bcbba03d
x86_64
perl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 8a65f6051d954598a030328619e0ee37ed4cf23ed7f3873418377d7273449dc5
perl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 8a65f6051d954598a030328619e0ee37ed4cf23ed7f3873418377d7273449dc5
perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 97ba94cb20030f845334e92dd80b118776829de473066bf041e304c5d1ff574e
perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 97ba94cb20030f845334e92dd80b118776829de473066bf041e304c5d1ff574e
ia64
perl-5.8.5-36.el4_5.2.ia64.rpm SHA-256: 73dc20071efe08ca1b52f74673f03ddfda079bebc068ff7a7b0c659a87735848
perl-5.8.5-36.el4_5.2.ia64.rpm SHA-256: 73dc20071efe08ca1b52f74673f03ddfda079bebc068ff7a7b0c659a87735848
perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm SHA-256: a1eb711a54a1311c940efcd02f0a767d55f98bdee4cf96a8d0feb2dc93f24434
perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm SHA-256: a1eb711a54a1311c940efcd02f0a767d55f98bdee4cf96a8d0feb2dc93f24434
i386
perl-5.8.5-36.el4_5.2.i386.rpm SHA-256: 645a3b5e540d89f6d5fad489b23c5d939cafd39f1533afef7d4a2a4050dd6717
perl-5.8.5-36.el4_5.2.i386.rpm SHA-256: 645a3b5e540d89f6d5fad489b23c5d939cafd39f1533afef7d4a2a4050dd6717
perl-suidperl-5.8.5-36.el4_5.2.i386.rpm SHA-256: aa92a16389e98ca0dba8c2695dc1e6caf4000dbee99eb6ef3ecb43bb6ec568e4
perl-suidperl-5.8.5-36.el4_5.2.i386.rpm SHA-256: aa92a16389e98ca0dba8c2695dc1e6caf4000dbee99eb6ef3ecb43bb6ec568e4

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
perl-5.8.5-36.el4_5.2.src.rpm SHA-256: 9f9fe848cf82e262432e111adc4c0f5be8d413f841bc9e6e99b8c753bcbba03d
x86_64
perl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 8a65f6051d954598a030328619e0ee37ed4cf23ed7f3873418377d7273449dc5
perl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 8a65f6051d954598a030328619e0ee37ed4cf23ed7f3873418377d7273449dc5
perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 97ba94cb20030f845334e92dd80b118776829de473066bf041e304c5d1ff574e
perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 97ba94cb20030f845334e92dd80b118776829de473066bf041e304c5d1ff574e
ia64
perl-5.8.5-36.el4_5.2.ia64.rpm SHA-256: 73dc20071efe08ca1b52f74673f03ddfda079bebc068ff7a7b0c659a87735848
perl-5.8.5-36.el4_5.2.ia64.rpm SHA-256: 73dc20071efe08ca1b52f74673f03ddfda079bebc068ff7a7b0c659a87735848
perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm SHA-256: a1eb711a54a1311c940efcd02f0a767d55f98bdee4cf96a8d0feb2dc93f24434
perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm SHA-256: a1eb711a54a1311c940efcd02f0a767d55f98bdee4cf96a8d0feb2dc93f24434
i386
perl-5.8.5-36.el4_5.2.i386.rpm SHA-256: 645a3b5e540d89f6d5fad489b23c5d939cafd39f1533afef7d4a2a4050dd6717
perl-5.8.5-36.el4_5.2.i386.rpm SHA-256: 645a3b5e540d89f6d5fad489b23c5d939cafd39f1533afef7d4a2a4050dd6717
perl-suidperl-5.8.5-36.el4_5.2.i386.rpm SHA-256: aa92a16389e98ca0dba8c2695dc1e6caf4000dbee99eb6ef3ecb43bb6ec568e4
perl-suidperl-5.8.5-36.el4_5.2.i386.rpm SHA-256: aa92a16389e98ca0dba8c2695dc1e6caf4000dbee99eb6ef3ecb43bb6ec568e4

Red Hat Enterprise Linux Workstation 5

SRPM
perl-5.8.8-10.el5_0.2.src.rpm SHA-256: 9a88098a249d5cb271c4a4152694108ca805e5f0ff0a358f5ed348683472016e
x86_64
perl-5.8.8-10.el5_0.2.i386.rpm SHA-256: c1843f7b263f0a2ae7a1c7807b2a2fcc27a38759f6c11e83c29e23818b745210
perl-5.8.8-10.el5_0.2.x86_64.rpm SHA-256: 6136eb3d8f8e92629e15c4a0ed300a7a4cbdc531d056d4b1695476090510c4b3
perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm SHA-256: bc80e125b39eb50f65478773032a7a8ed50c2966446430a934fc96ce435bd286
i386
perl-5.8.8-10.el5_0.2.i386.rpm SHA-256: c1843f7b263f0a2ae7a1c7807b2a2fcc27a38759f6c11e83c29e23818b745210
perl-suidperl-5.8.8-10.el5_0.2.i386.rpm SHA-256: 0a84e2cdc4372ca247669b070db1e741b3dfb886555c1b828ad5ae8280584b20

Red Hat Enterprise Linux Workstation 4

SRPM
perl-5.8.5-36.el4_5.2.src.rpm SHA-256: 9f9fe848cf82e262432e111adc4c0f5be8d413f841bc9e6e99b8c753bcbba03d
x86_64
perl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 8a65f6051d954598a030328619e0ee37ed4cf23ed7f3873418377d7273449dc5
perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 97ba94cb20030f845334e92dd80b118776829de473066bf041e304c5d1ff574e
ia64
perl-5.8.5-36.el4_5.2.ia64.rpm SHA-256: 73dc20071efe08ca1b52f74673f03ddfda079bebc068ff7a7b0c659a87735848
perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm SHA-256: a1eb711a54a1311c940efcd02f0a767d55f98bdee4cf96a8d0feb2dc93f24434
i386
perl-5.8.5-36.el4_5.2.i386.rpm SHA-256: 645a3b5e540d89f6d5fad489b23c5d939cafd39f1533afef7d4a2a4050dd6717
perl-suidperl-5.8.5-36.el4_5.2.i386.rpm SHA-256: aa92a16389e98ca0dba8c2695dc1e6caf4000dbee99eb6ef3ecb43bb6ec568e4

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 5

SRPM
perl-5.8.8-10.el5_0.2.src.rpm SHA-256: 9a88098a249d5cb271c4a4152694108ca805e5f0ff0a358f5ed348683472016e
x86_64
perl-5.8.8-10.el5_0.2.i386.rpm SHA-256: c1843f7b263f0a2ae7a1c7807b2a2fcc27a38759f6c11e83c29e23818b745210
perl-5.8.8-10.el5_0.2.x86_64.rpm SHA-256: 6136eb3d8f8e92629e15c4a0ed300a7a4cbdc531d056d4b1695476090510c4b3
perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm SHA-256: bc80e125b39eb50f65478773032a7a8ed50c2966446430a934fc96ce435bd286
i386
perl-5.8.8-10.el5_0.2.i386.rpm SHA-256: c1843f7b263f0a2ae7a1c7807b2a2fcc27a38759f6c11e83c29e23818b745210
perl-suidperl-5.8.8-10.el5_0.2.i386.rpm SHA-256: 0a84e2cdc4372ca247669b070db1e741b3dfb886555c1b828ad5ae8280584b20

Red Hat Enterprise Linux Desktop 4

SRPM
perl-5.8.5-36.el4_5.2.src.rpm SHA-256: 9f9fe848cf82e262432e111adc4c0f5be8d413f841bc9e6e99b8c753bcbba03d
x86_64
perl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 8a65f6051d954598a030328619e0ee37ed4cf23ed7f3873418377d7273449dc5
perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm SHA-256: 97ba94cb20030f845334e92dd80b118776829de473066bf041e304c5d1ff574e
i386
perl-5.8.5-36.el4_5.2.i386.rpm SHA-256: 645a3b5e540d89f6d5fad489b23c5d939cafd39f1533afef7d4a2a4050dd6717
perl-suidperl-5.8.5-36.el4_5.2.i386.rpm SHA-256: aa92a16389e98ca0dba8c2695dc1e6caf4000dbee99eb6ef3ecb43bb6ec568e4

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
perl-5.8.8-10.el5_0.2.src.rpm SHA-256: 9a88098a249d5cb271c4a4152694108ca805e5f0ff0a358f5ed348683472016e
s390x
perl-5.8.8-10.el5_0.2.s390x.rpm SHA-256: 1bec3144e587878d0c539ad1dff36c8e0dc76b5ebbbf2f22cfa721f138355ba1
perl-suidperl-5.8.8-10.el5_0.2.s390x.rpm SHA-256: c192740b53bcaca5c8ef50d94de997ade5f8cee78d1f8668f582a43e654f487d

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
perl-5.8.5-36.el4_5.2.src.rpm SHA-256: 9f9fe848cf82e262432e111adc4c0f5be8d413f841bc9e6e99b8c753bcbba03d
s390x
perl-5.8.5-36.el4_5.2.s390x.rpm SHA-256: 55e7f1610c26e0a80f3273ba3002977f7cfafddc8a12e4664d38372232185bf5
perl-suidperl-5.8.5-36.el4_5.2.s390x.rpm SHA-256: b9caf23cab5f617e4f95afcda3bb60c3208661e929e88a24d490d6e3c5818b96
s390
perl-5.8.5-36.el4_5.2.s390.rpm SHA-256: b7719f336633963f67113e3063393507f15191dcf0c8956a04947ca5bcc3f632
perl-suidperl-5.8.5-36.el4_5.2.s390.rpm SHA-256: 0dc75b031683e1eed7f3fa5df2419db0e84a2d1a268f5e53b075f0243c675963

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
perl-5.8.5-36.el4_5.2.src.rpm SHA-256: 9f9fe848cf82e262432e111adc4c0f5be8d413f841bc9e6e99b8c753bcbba03d
s390x
perl-5.8.5-36.el4_5.2.s390x.rpm SHA-256: 55e7f1610c26e0a80f3273ba3002977f7cfafddc8a12e4664d38372232185bf5
perl-suidperl-5.8.5-36.el4_5.2.s390x.rpm SHA-256: b9caf23cab5f617e4f95afcda3bb60c3208661e929e88a24d490d6e3c5818b96
s390
perl-5.8.5-36.el4_5.2.s390.rpm SHA-256: b7719f336633963f67113e3063393507f15191dcf0c8956a04947ca5bcc3f632
perl-suidperl-5.8.5-36.el4_5.2.s390.rpm SHA-256: 0dc75b031683e1eed7f3fa5df2419db0e84a2d1a268f5e53b075f0243c675963

Red Hat Enterprise Linux for Power, big endian 5

SRPM
perl-5.8.8-10.el5_0.2.src.rpm SHA-256: 9a88098a249d5cb271c4a4152694108ca805e5f0ff0a358f5ed348683472016e
ppc
perl-5.8.8-10.el5_0.2.ppc.rpm SHA-256: 7a4459d3499cd201d4cbdb6d46e9db52480477cce1528e94058923e738de3275
perl-suidperl-5.8.8-10.el5_0.2.ppc.rpm SHA-256: f9e2344482efc5a4cf621694035c59dfc981376e365e21bfe37f21928bfdc946

Red Hat Enterprise Linux for Power, big endian 4

SRPM
perl-5.8.5-36.el4_5.2.src.rpm SHA-256: 9f9fe848cf82e262432e111adc4c0f5be8d413f841bc9e6e99b8c753bcbba03d
ppc
perl-5.8.5-36.el4_5.2.ppc.rpm SHA-256: 8fbab38818cb2fa63a9edec083b5a4ca74f4a69bd8b2fd2b3f7bd2edd81f2054
perl-suidperl-5.8.5-36.el4_5.2.ppc.rpm SHA-256: 0477a326e6d73e4a906c3de1f585c609681c6858b21148bc9501e44ccb41fe1c

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
perl-5.8.5-36.el4_5.2.src.rpm SHA-256: 9f9fe848cf82e262432e111adc4c0f5be8d413f841bc9e6e99b8c753bcbba03d
ppc
perl-5.8.5-36.el4_5.2.ppc.rpm SHA-256: 8fbab38818cb2fa63a9edec083b5a4ca74f4a69bd8b2fd2b3f7bd2edd81f2054
perl-suidperl-5.8.5-36.el4_5.2.ppc.rpm SHA-256: 0477a326e6d73e4a906c3de1f585c609681c6858b21148bc9501e44ccb41fe1c

Red Hat Enterprise Linux Server from RHUI 5

SRPM
perl-5.8.8-10.el5_0.2.src.rpm SHA-256: 9a88098a249d5cb271c4a4152694108ca805e5f0ff0a358f5ed348683472016e
x86_64
perl-5.8.8-10.el5_0.2.x86_64.rpm SHA-256: 6136eb3d8f8e92629e15c4a0ed300a7a4cbdc531d056d4b1695476090510c4b3
perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm SHA-256: bc80e125b39eb50f65478773032a7a8ed50c2966446430a934fc96ce435bd286
i386
perl-5.8.8-10.el5_0.2.i386.rpm SHA-256: c1843f7b263f0a2ae7a1c7807b2a2fcc27a38759f6c11e83c29e23818b745210
perl-suidperl-5.8.8-10.el5_0.2.i386.rpm SHA-256: 0a84e2cdc4372ca247669b070db1e741b3dfb886555c1b828ad5ae8280584b20

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.