RHSA-2008:0522 - Security Advisory

Overview
Updated Packages

Synopsis

Important: perl security update

Type/Severity

Security Advisory: Important

Topic

Updated perl packages that fix a security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

A flaw was found in Perl's regular expression engine. A specially crafted
regular expression with Unicode characters could trigger a buffer overflow,
causing Perl to crash, or possibly execute arbitrary code with the
privileges of the user running Perl. (CVE-2008-1927)

Users of perl are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.2 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.2 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.2 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.6 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.6 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.6 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.2 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.2 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 443928 - CVE-2008-1927 perl: heap corruption by regular expressions with utf8 characters

CVEs

CVE-2008-1927

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
perl-5.8.8-10.el5_2.3.src.rpm	SHA-256: 7e560169b2b9b97339520956095df9b633d6345d5c2a51b4bc185a1569074bbe
x86_64
perl-5.8.8-10.el5_2.3.x86_64.rpm	SHA-256: fe466fe4a382b0afc4d21864e00a0746aef08a16c5456f096978ad97bddfb518
perl-suidperl-5.8.8-10.el5_2.3.x86_64.rpm	SHA-256: 062a3028ba9b7c13ead18e920e359a50ab704b88ba0966d91c780e7c0e3ed02f
ia64
perl-5.8.8-10.el5_2.3.ia64.rpm	SHA-256: ce18d41c4f5a54833174836ad43e465cd1fd3e85e16a0c454d8b6d4a66e16ed9
perl-suidperl-5.8.8-10.el5_2.3.ia64.rpm	SHA-256: 6c7ad82b4df590458bd1d470c083096418676000c650bd4961313edc78679907
i386
perl-5.8.8-10.el5_2.3.i386.rpm	SHA-256: 66be0bb4591cc3ad097d9d074eb3ecac149baef819b483e79d6d26c502a5a17a
perl-suidperl-5.8.8-10.el5_2.3.i386.rpm	SHA-256: 3ec9e0d1936f6dc731fd67a79da4524fd2197c221d8bb58bfb9faaaa256472c8

Red Hat Enterprise Linux Server 4

SRPM
perl-5.8.5-36.el4_6.3.src.rpm	SHA-256: 9d836595fbebe2ca5cffc4bcb21d97f297779f9c4d8979e153d8fddaebc72314
x86_64
perl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 2a9496759dfdb5b18c68120a1ed0e6586324241369d22995a3fcc75ed44b5164
perl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 2a9496759dfdb5b18c68120a1ed0e6586324241369d22995a3fcc75ed44b5164
perl-suidperl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 5c4a22dd38e44c9e9bc6a1def056680d77a8e0289d9f584fd0316315e5a08f2e
perl-suidperl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 5c4a22dd38e44c9e9bc6a1def056680d77a8e0289d9f584fd0316315e5a08f2e
ia64
perl-5.8.5-36.el4_6.3.ia64.rpm	SHA-256: b49da529946938fbe7fb0c61d98adbf1b2a1e057ff1f67a3081baf42a4924c41
perl-5.8.5-36.el4_6.3.ia64.rpm	SHA-256: b49da529946938fbe7fb0c61d98adbf1b2a1e057ff1f67a3081baf42a4924c41
perl-suidperl-5.8.5-36.el4_6.3.ia64.rpm	SHA-256: b81e6f7e1163cdf529219b343e2ead5ff7581baa8a28e871e8c1db5f0f6dbc8b
perl-suidperl-5.8.5-36.el4_6.3.ia64.rpm	SHA-256: b81e6f7e1163cdf529219b343e2ead5ff7581baa8a28e871e8c1db5f0f6dbc8b
i386
perl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: 4352eb9c8c5ec626e42066671321a4c61494bff66919d233e66479824823da71
perl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: 4352eb9c8c5ec626e42066671321a4c61494bff66919d233e66479824823da71
perl-suidperl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: aa6c8edbb2fb1d47857c97162c4aea65d9f49dac604ce498d1b35292cfe26cd4
perl-suidperl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: aa6c8edbb2fb1d47857c97162c4aea65d9f49dac604ce498d1b35292cfe26cd4

Red Hat Enterprise Linux Server - Extended Update Support 4.6

SRPM
perl-5.8.5-36.el4_6.3.src.rpm	SHA-256: 9d836595fbebe2ca5cffc4bcb21d97f297779f9c4d8979e153d8fddaebc72314
x86_64
perl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 2a9496759dfdb5b18c68120a1ed0e6586324241369d22995a3fcc75ed44b5164
perl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 2a9496759dfdb5b18c68120a1ed0e6586324241369d22995a3fcc75ed44b5164
perl-suidperl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 5c4a22dd38e44c9e9bc6a1def056680d77a8e0289d9f584fd0316315e5a08f2e
perl-suidperl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 5c4a22dd38e44c9e9bc6a1def056680d77a8e0289d9f584fd0316315e5a08f2e
ia64
perl-5.8.5-36.el4_6.3.ia64.rpm	SHA-256: b49da529946938fbe7fb0c61d98adbf1b2a1e057ff1f67a3081baf42a4924c41
perl-5.8.5-36.el4_6.3.ia64.rpm	SHA-256: b49da529946938fbe7fb0c61d98adbf1b2a1e057ff1f67a3081baf42a4924c41
perl-suidperl-5.8.5-36.el4_6.3.ia64.rpm	SHA-256: b81e6f7e1163cdf529219b343e2ead5ff7581baa8a28e871e8c1db5f0f6dbc8b
perl-suidperl-5.8.5-36.el4_6.3.ia64.rpm	SHA-256: b81e6f7e1163cdf529219b343e2ead5ff7581baa8a28e871e8c1db5f0f6dbc8b
i386
perl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: 4352eb9c8c5ec626e42066671321a4c61494bff66919d233e66479824823da71
perl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: 4352eb9c8c5ec626e42066671321a4c61494bff66919d233e66479824823da71
perl-suidperl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: aa6c8edbb2fb1d47857c97162c4aea65d9f49dac604ce498d1b35292cfe26cd4
perl-suidperl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: aa6c8edbb2fb1d47857c97162c4aea65d9f49dac604ce498d1b35292cfe26cd4

Red Hat Enterprise Linux Workstation 5

SRPM
perl-5.8.8-10.el5_2.3.src.rpm	SHA-256: 7e560169b2b9b97339520956095df9b633d6345d5c2a51b4bc185a1569074bbe
x86_64
perl-5.8.8-10.el5_2.3.i386.rpm	SHA-256: 66be0bb4591cc3ad097d9d074eb3ecac149baef819b483e79d6d26c502a5a17a
perl-5.8.8-10.el5_2.3.x86_64.rpm	SHA-256: fe466fe4a382b0afc4d21864e00a0746aef08a16c5456f096978ad97bddfb518
perl-suidperl-5.8.8-10.el5_2.3.x86_64.rpm	SHA-256: 062a3028ba9b7c13ead18e920e359a50ab704b88ba0966d91c780e7c0e3ed02f
i386
perl-5.8.8-10.el5_2.3.i386.rpm	SHA-256: 66be0bb4591cc3ad097d9d074eb3ecac149baef819b483e79d6d26c502a5a17a
perl-suidperl-5.8.8-10.el5_2.3.i386.rpm	SHA-256: 3ec9e0d1936f6dc731fd67a79da4524fd2197c221d8bb58bfb9faaaa256472c8

Red Hat Enterprise Linux Workstation 4

SRPM
perl-5.8.5-36.el4_6.3.src.rpm	SHA-256: 9d836595fbebe2ca5cffc4bcb21d97f297779f9c4d8979e153d8fddaebc72314
x86_64
perl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 2a9496759dfdb5b18c68120a1ed0e6586324241369d22995a3fcc75ed44b5164
perl-suidperl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 5c4a22dd38e44c9e9bc6a1def056680d77a8e0289d9f584fd0316315e5a08f2e
ia64
perl-5.8.5-36.el4_6.3.ia64.rpm	SHA-256: b49da529946938fbe7fb0c61d98adbf1b2a1e057ff1f67a3081baf42a4924c41
perl-suidperl-5.8.5-36.el4_6.3.ia64.rpm	SHA-256: b81e6f7e1163cdf529219b343e2ead5ff7581baa8a28e871e8c1db5f0f6dbc8b
i386
perl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: 4352eb9c8c5ec626e42066671321a4c61494bff66919d233e66479824823da71
perl-suidperl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: aa6c8edbb2fb1d47857c97162c4aea65d9f49dac604ce498d1b35292cfe26cd4

Red Hat Enterprise Linux Desktop 5

SRPM
perl-5.8.8-10.el5_2.3.src.rpm	SHA-256: 7e560169b2b9b97339520956095df9b633d6345d5c2a51b4bc185a1569074bbe
x86_64
perl-5.8.8-10.el5_2.3.i386.rpm	SHA-256: 66be0bb4591cc3ad097d9d074eb3ecac149baef819b483e79d6d26c502a5a17a
perl-5.8.8-10.el5_2.3.x86_64.rpm	SHA-256: fe466fe4a382b0afc4d21864e00a0746aef08a16c5456f096978ad97bddfb518
perl-suidperl-5.8.8-10.el5_2.3.x86_64.rpm	SHA-256: 062a3028ba9b7c13ead18e920e359a50ab704b88ba0966d91c780e7c0e3ed02f
i386
perl-5.8.8-10.el5_2.3.i386.rpm	SHA-256: 66be0bb4591cc3ad097d9d074eb3ecac149baef819b483e79d6d26c502a5a17a
perl-suidperl-5.8.8-10.el5_2.3.i386.rpm	SHA-256: 3ec9e0d1936f6dc731fd67a79da4524fd2197c221d8bb58bfb9faaaa256472c8

Red Hat Enterprise Linux Desktop 4

SRPM
perl-5.8.5-36.el4_6.3.src.rpm	SHA-256: 9d836595fbebe2ca5cffc4bcb21d97f297779f9c4d8979e153d8fddaebc72314
x86_64
perl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 2a9496759dfdb5b18c68120a1ed0e6586324241369d22995a3fcc75ed44b5164
perl-suidperl-5.8.5-36.el4_6.3.x86_64.rpm	SHA-256: 5c4a22dd38e44c9e9bc6a1def056680d77a8e0289d9f584fd0316315e5a08f2e
i386
perl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: 4352eb9c8c5ec626e42066671321a4c61494bff66919d233e66479824823da71
perl-suidperl-5.8.5-36.el4_6.3.i386.rpm	SHA-256: aa6c8edbb2fb1d47857c97162c4aea65d9f49dac604ce498d1b35292cfe26cd4

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
perl-5.8.8-10.el5_2.3.src.rpm	SHA-256: 7e560169b2b9b97339520956095df9b633d6345d5c2a51b4bc185a1569074bbe
s390x
perl-5.8.8-10.el5_2.3.s390x.rpm	SHA-256: 970244b5d9580939c77ab33dc039cb544b655d8334e1ae9bf695074d447f41ec
perl-suidperl-5.8.8-10.el5_2.3.s390x.rpm	SHA-256: 87b217055f27d00c5ba099728721fa19e79c82ac7b1af0456388be078826445e

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
perl-5.8.5-36.el4_6.3.src.rpm	SHA-256: 9d836595fbebe2ca5cffc4bcb21d97f297779f9c4d8979e153d8fddaebc72314
s390x
perl-5.8.5-36.el4_6.3.s390x.rpm	SHA-256: 8c0aebb48a66ac7881e700e3eb4d115a74d214dcab2511993e0f471ecc558160
perl-suidperl-5.8.5-36.el4_6.3.s390x.rpm	SHA-256: ffe9a1cc2b7ade06c357dc11b29aba7a1a6537dc0de40e37cbdef4427a9806eb
s390
perl-5.8.5-36.el4_6.3.s390.rpm	SHA-256: 07601d0bebfdc624370e9d52c7d3b7edab107290c8105bf1c4b95311b1ec5d58
perl-suidperl-5.8.5-36.el4_6.3.s390.rpm	SHA-256: dd22ea7a45495cd669ab0d5bdcef066432aff6288ea39be522293ad9bb77d0b5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.6

SRPM
perl-5.8.5-36.el4_6.3.src.rpm	SHA-256: 9d836595fbebe2ca5cffc4bcb21d97f297779f9c4d8979e153d8fddaebc72314
s390x
perl-5.8.5-36.el4_6.3.s390x.rpm	SHA-256: 8c0aebb48a66ac7881e700e3eb4d115a74d214dcab2511993e0f471ecc558160
perl-suidperl-5.8.5-36.el4_6.3.s390x.rpm	SHA-256: ffe9a1cc2b7ade06c357dc11b29aba7a1a6537dc0de40e37cbdef4427a9806eb
s390
perl-5.8.5-36.el4_6.3.s390.rpm	SHA-256: 07601d0bebfdc624370e9d52c7d3b7edab107290c8105bf1c4b95311b1ec5d58
perl-suidperl-5.8.5-36.el4_6.3.s390.rpm	SHA-256: dd22ea7a45495cd669ab0d5bdcef066432aff6288ea39be522293ad9bb77d0b5

Red Hat Enterprise Linux for Power, big endian 5

SRPM
perl-5.8.8-10.el5_2.3.src.rpm	SHA-256: 7e560169b2b9b97339520956095df9b633d6345d5c2a51b4bc185a1569074bbe
ppc
perl-5.8.8-10.el5_2.3.ppc.rpm	SHA-256: 83697451f79f1f4a714385916bfbaf0529411e7078ceb09ad08de0ae41482815
perl-suidperl-5.8.8-10.el5_2.3.ppc.rpm	SHA-256: 90f14602edd181793eac940a6fff61f9ba49f291e6d0cb87981ce12fcecc6480

Red Hat Enterprise Linux for Power, big endian 4

SRPM
perl-5.8.5-36.el4_6.3.src.rpm	SHA-256: 9d836595fbebe2ca5cffc4bcb21d97f297779f9c4d8979e153d8fddaebc72314
ppc
perl-5.8.5-36.el4_6.3.ppc.rpm	SHA-256: ea65874a533de672f333a2ea9d07bc8cd4e41b1eaf19e256c81c37ffe6f95098
perl-suidperl-5.8.5-36.el4_6.3.ppc.rpm	SHA-256: 28031e1a1d4656a3def1ad0f7596ab42b2caf4fba951e4ffbc1fa98e527705ed

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.6

SRPM
perl-5.8.5-36.el4_6.3.src.rpm	SHA-256: 9d836595fbebe2ca5cffc4bcb21d97f297779f9c4d8979e153d8fddaebc72314
ppc
perl-5.8.5-36.el4_6.3.ppc.rpm	SHA-256: ea65874a533de672f333a2ea9d07bc8cd4e41b1eaf19e256c81c37ffe6f95098
perl-suidperl-5.8.5-36.el4_6.3.ppc.rpm	SHA-256: 28031e1a1d4656a3def1ad0f7596ab42b2caf4fba951e4ffbc1fa98e527705ed

Red Hat Enterprise Linux Server from RHUI 5

SRPM
perl-5.8.8-10.el5_2.3.src.rpm	SHA-256: 7e560169b2b9b97339520956095df9b633d6345d5c2a51b4bc185a1569074bbe
x86_64
perl-5.8.8-10.el5_2.3.x86_64.rpm	SHA-256: fe466fe4a382b0afc4d21864e00a0746aef08a16c5456f096978ad97bddfb518
perl-suidperl-5.8.8-10.el5_2.3.x86_64.rpm	SHA-256: 062a3028ba9b7c13ead18e920e359a50ab704b88ba0966d91c780e7c0e3ed02f
i386
perl-5.8.8-10.el5_2.3.i386.rpm	SHA-256: 66be0bb4591cc3ad097d9d074eb3ecac149baef819b483e79d6d26c502a5a17a
perl-suidperl-5.8.8-10.el5_2.3.i386.rpm	SHA-256: 3ec9e0d1936f6dc731fd67a79da4524fd2197c221d8bb58bfb9faaaa256472c8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.