[Rio-pm] Fwd: [Full-disclosure] [ MDVSA-2010:115 ] perl

breno breno em rio.pm.org
Sábado Junho 12 21:38:37 PDT 2010


Isso tem um tempinho já, né? Foi corrigido no final de abril... será
que só agora as distros corrigiram o problema (ou lançaram o boletim
oficial)?

2010/6/12 Nuba Princigalli <nuba em fastmail.fm>:
>
> "Multiplas vulnerabilidades no Safe.pm"
>
> Eu ri :)
>
> On Sat, 12 Jun 2010, Oscar Marques wrote:
>
>> Date: Sat, 12 Jun 2010 09:47:00 -0300
>> From: Oscar Marques <oscarbm em gmail.com>
>> Reply-To: Perl Mongers Rio de Janeiro <rio-pm em pm.org>
>> To: Perl Mongers Rio de Janeiro <rio-pm em pm.org>
>> Subject: [Rio-pm] Fwd: [Full-disclosure] [ MDVSA-2010:115 ] perl
>>
>> ---------- Forwarded message ----------
>> From: <security em mandriva.com>
>> Date: 2010/6/11
>> Subject: [Full-disclosure] [ MDVSA-2010:115 ] perl
>> To: full-disclosure em lists.grok.org.uk
>>
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> _______________________________________________________________________
>>
>> Mandriva Linux Security Advisory                         MDVSA-2010:115
>> http://www.mandriva.com/security/
>> _______________________________________________________________________
>>
>> Package : perl
>> Date    : June 11, 2010
>> Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0,
>>         Multi Network Firewall 2.0
>> _______________________________________________________________________
>>
>> Problem Description:
>>
>> Multiple vulnerabilities has been discovered and corrected in
>> Safe.pm which could lead to escalated privilegies (CVE-2010-1168,
>> CVE-2010-1447). The updated packages have been patched to correct
>> these issues.
>> _______________________________________________________________________
>>
>> References:
>>
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447
>> _______________________________________________________________________
>>
>> Updated Packages:
>>
>> Mandriva Linux 2009.0:
>> 00d3098831f3c94fd3e301a2e9b3d3d2
>> 2009.0/i586/perl-5.10.0-25.2mdv2009.0.i586.rpm
>> 5eb7a1bda35c58f0bf353cfa845ef65e
>> 2009.0/i586/perl-base-5.10.0-25.2mdv2009.0.i586.rpm
>> e465d32e8e21049d63ebc6c44730b691
>> 2009.0/i586/perl-devel-5.10.0-25.2mdv2009.0.i586.rpm
>> 479cdd1789b4ddb41e9309ebf24ba418
>> 2009.0/i586/perl-doc-5.10.0-25.2mdv2009.0.i586.rpm
>> 7c0936a984a432ed2e1bfc44c0d09fc9
>> 2009.0/i586/perl-suid-5.10.0-25.2mdv2009.0.i586.rpm
>> 82a2602a2f8ae6cf3a675a6918e24d3e
>> 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm
>>
>> Mandriva Linux 2009.0/X86_64:
>> d3f41fadc8bd3688a8b0189eb1968c77
>> 2009.0/x86_64/perl-5.10.0-25.2mdv2009.0.x86_64.rpm
>> e5655094bbf5d1925db468ff707b8e18
>> 2009.0/x86_64/perl-base-5.10.0-25.2mdv2009.0.x86_64.rpm
>> 3c7aa589dfc884a80e4e70b269140d44
>> 2009.0/x86_64/perl-devel-5.10.0-25.2mdv2009.0.x86_64.rpm
>> 96691039825e0d138ecfb4f4731736ea
>> 2009.0/x86_64/perl-doc-5.10.0-25.2mdv2009.0.x86_64.rpm
>> 6854569c6281b018af7afbb2f3bc04ad
>> 2009.0/x86_64/perl-suid-5.10.0-25.2mdv2009.0.x86_64.rpm
>> 82a2602a2f8ae6cf3a675a6918e24d3e
>> 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm
>>
>> Mandriva Linux 2009.1:
>> 32ac91fdee352364f14770ec855e0375
>> 2009.1/i586/perl-5.10.0-25.1mdv2009.1.i586.rpm
>> a6d92fad394404c4f6e4ecdedf0ef3d0
>> 2009.1/i586/perl-base-5.10.0-25.1mdv2009.1.i586.rpm
>> 6ec44b6cd15d787afa051aa2f7a079a0
>> 2009.1/i586/perl-devel-5.10.0-25.1mdv2009.1.i586.rpm
>> 56cc85abe12ffc13e91c7d606c3f5a2f
>> 2009.1/i586/perl-doc-5.10.0-25.1mdv2009.1.i586.rpm
>> 6e5389395602f29f3678c9e8a5f1aa15
>> 2009.1/i586/perl-suid-5.10.0-25.1mdv2009.1.i586.rpm
>> d67bc28faa49cd0656ac8256c7cff801
>> 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm
>>
>> Mandriva Linux 2009.1/X86_64:
>> 5e955d0a68966fa5e8a408381e7046dd
>> 2009.1/x86_64/perl-5.10.0-25.1mdv2009.1.x86_64.rpm
>> 9de85776e7e93665721dce1731474229
>> 2009.1/x86_64/perl-base-5.10.0-25.1mdv2009.1.x86_64.rpm
>> 2dcc1876750306565ca77cfa69e83e2b
>> 2009.1/x86_64/perl-devel-5.10.0-25.1mdv2009.1.x86_64.rpm
>> 2a24a59f7557ecd5f9f231677b50fa00
>> 2009.1/x86_64/perl-doc-5.10.0-25.1mdv2009.1.x86_64.rpm
>> bb2d6a661623d31317822aeb7308b9dd
>> 2009.1/x86_64/perl-suid-5.10.0-25.1mdv2009.1.x86_64.rpm
>> d67bc28faa49cd0656ac8256c7cff801
>> 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm
>>
>> Corporate 4.0:
>> b326fe2db35f1dd9ac9169f9af6b5fc1
>> corporate/4.0/i586/perl-5.8.7-3.6.20060mlcs4.i586.rpm
>> 3283f2531e5d33008b61575d7c90cedd
>> corporate/4.0/i586/perl-base-5.8.7-3.6.20060mlcs4.i586.rpm
>> 2dea5e372272c9990fb79d5e0b3d4c16
>> corporate/4.0/i586/perl-devel-5.8.7-3.6.20060mlcs4.i586.rpm
>> 245ea4f820b232d147045b1e02e1bbb5
>> corporate/4.0/i586/perl-doc-5.8.7-3.6.20060mlcs4.i586.rpm
>> 3e2bad0ffc7ed43c865c6ae1b76f05ef
>> corporate/4.0/i586/perl-suid-5.8.7-3.6.20060mlcs4.i586.rpm
>> 65dfaa9de6379b4d1f7a7b996b6af8be
>> corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm
>>
>> Corporate 4.0/X86_64:
>> 2bb0dc22bd0bae5dd123d95f7f304934
>> corporate/4.0/x86_64/perl-5.8.7-3.6.20060mlcs4.x86_64.rpm
>> 54dd2c26efb5f0b83f8f82cc6da12e46
>> corporate/4.0/x86_64/perl-base-5.8.7-3.6.20060mlcs4.x86_64.rpm
>> 15f9345bd763e98aff10ffc36811f699
>> corporate/4.0/x86_64/perl-devel-5.8.7-3.6.20060mlcs4.x86_64.rpm
>> 297218e6bf27da8dd414078b36218757
>> corporate/4.0/x86_64/perl-doc-5.8.7-3.6.20060mlcs4.x86_64.rpm
>> 526f48beb05b4175e867bc1ec852fa77
>> corporate/4.0/x86_64/perl-suid-5.8.7-3.6.20060mlcs4.x86_64.rpm
>> 65dfaa9de6379b4d1f7a7b996b6af8be
>> corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm
>>
>> Mandriva Enterprise Server 5:
>> 95bfe8ce07733fe7ec7890bacf1770f5
>> mes5/i586/perl-5.10.0-25.2mdvmes5.1.i586.rpm
>> 04d8c9d3262848cae5211d136c83b995
>> mes5/i586/perl-base-5.10.0-25.2mdvmes5.1.i586.rpm
>> 8186d5d14d1aec46e27b12540c98673a
>> mes5/i586/perl-devel-5.10.0-25.2mdvmes5.1.i586.rpm
>> 0f13e7c3e3ed27b539e1f1cb8a881be2
>> mes5/i586/perl-doc-5.10.0-25.2mdvmes5.1.i586.rpm
>> 4e9f1aae20148662c3dee770a792f55c
>> mes5/i586/perl-suid-5.10.0-25.2mdvmes5.1.i586.rpm
>> d9e5230e96aa99ef5c5a5c52e3061c4a
>> mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm
>>
>> Mandriva Enterprise Server 5/X86_64:
>> 869dfeea157fc17cedf1e9e66ddb3bb9
>> mes5/x86_64/perl-5.10.0-25.2mdvmes5.1.x86_64.rpm
>> b20b2f46b7a74f8e98e19c8b917e6292
>> mes5/x86_64/perl-base-5.10.0-25.2mdvmes5.1.x86_64.rpm
>> 116dc346f811a5cd6bfaec340b79aac1
>> mes5/x86_64/perl-devel-5.10.0-25.2mdvmes5.1.x86_64.rpm
>> 75d5d76d48f16ea5af6e5a903e553d43
>> mes5/x86_64/perl-doc-5.10.0-25.2mdvmes5.1.x86_64.rpm
>> c0067e1c7f55bfffc7f7527a4268b6c8
>> mes5/x86_64/perl-suid-5.10.0-25.2mdvmes5.1.x86_64.rpm
>> d9e5230e96aa99ef5c5a5c52e3061c4a
>> mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm
>>
>> Multi Network Firewall 2.0:
>> 116523d57e391e8200aa088228b97c6a
>> mnf/2.0/i586/perl-5.8.3-5.9.M20mdk.i586.rpm
>> c618fe9ae03b5631f77b601e1cc3261c
>> mnf/2.0/i586/perl-base-5.8.3-5.9.M20mdk.i586.rpm
>> 3ecda619d7cc1afe47b1bbfafa0b9672
>> mnf/2.0/i586/perl-devel-5.8.3-5.9.M20mdk.i586.rpm
>> 04bfa6b5384b173164912fc4adad9459
>> mnf/2.0/i586/perl-doc-5.8.3-5.9.M20mdk.i586.rpm
>> 72247c85df7d57f488f9792eb88d2b3d
>> mnf/2.0/SRPMS/perl-5.8.3-5.9.M20mdk.src.rpm
>> _______________________________________________________________________
>>
>> To upgrade automatically use MandrivaUpdate or urpmi.  The verification
>> of md5 checksums and GPG signatures is performed automatically for you.
>>
>> All packages are signed by Mandriva for security.  You can obtain the
>> GPG public key of the Mandriva Security Team by executing:
>>
>> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>>
>> You can view other update advisories for Mandriva Linux at:
>>
>> http://www.mandriva.com/security/advisories
>>
>> If you want to report vulnerabilities, please contact
>>
>> security_(at)_mandriva.com
>> _______________________________________________________________________
>>
>> Type Bits/KeyID     Date       User ID
>> pub  1024D/22458A98 2000-07-10 Mandriva Security Team
>> <security*mandriva.com>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.9 (GNU/Linux)
>>
>> iD8DBQFMEnfBmqjQ0CJFipgRAjqEAJsErSC9PCwvbWa5h7royEJCuAjytgCgm3a2
>> NFcHdnhcspKfkVASVXYME3A=
>> =3PM8
>> -----END PGP SIGNATURE-----
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> --
> _______________________________________________
> Rio-pm mailing list
> Rio-pm em pm.org
> http://mail.pm.org/mailman/listinfo/rio-pm
> _______________________________________________
> Rio-pm mailing list
> Rio-pm em pm.org
> http://mail.pm.org/mailman/listinfo/rio-pm
>


Mais detalhes sobre a lista de discussão Rio-pm