[Rio-pm] Fwd: [Full-disclosure] [ MDVSA-2010:115 ] perl

Samir Cury rimasy em gmail.com
Domingo Junho 13 04:09:13 PDT 2010 

Esse é o lado ruim dos sistemas de empacotamento

On Sun, Jun 13, 2010 at 1:38 AM, breno <breno em rio.pm.org> wrote:

> Isso tem um tempinho já, né? Foi corrigido no final de abril... será
> que só agora as distros corrigiram o problema (ou lançaram o boletim
> oficial)?
>
> 2010/6/12 Nuba Princigalli <nuba em fastmail.fm>:
> >
> > "Multiplas vulnerabilidades no Safe.pm"
> >
> > Eu ri :)
> >
> > On Sat, 12 Jun 2010, Oscar Marques wrote:
> >
> >> Date: Sat, 12 Jun 2010 09:47:00 -0300
> >> From: Oscar Marques <oscarbm em gmail.com>
> >> Reply-To: Perl Mongers Rio de Janeiro <rio-pm em pm.org>
> >> To: Perl Mongers Rio de Janeiro <rio-pm em pm.org>
> >> Subject: [Rio-pm] Fwd: [Full-disclosure] [ MDVSA-2010:115 ] perl
> >>
> >> ---------- Forwarded message ----------
> >> From: <security em mandriva.com>
> >> Date: 2010/6/11
> >> Subject: [Full-disclosure] [ MDVSA-2010:115 ] perl
> >> To: full-disclosure em lists.grok.org.uk
> >>
> >>
> >>
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> _______________________________________________________________________
> >>
> >> Mandriva Linux Security Advisory                         MDVSA-2010:115
> >> http://www.mandriva.com/security/
> >> _______________________________________________________________________
> >>
> >> Package : perl
> >> Date    : June 11, 2010
> >> Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0,
> >>         Multi Network Firewall 2.0
> >> _______________________________________________________________________
> >>
> >> Problem Description:
> >>
> >> Multiple vulnerabilities has been discovered and corrected in
> >> Safe.pm which could lead to escalated privilegies (CVE-2010-1168,
> >> CVE-2010-1447). The updated packages have been patched to correct
> >> these issues.
> >> _______________________________________________________________________
> >>
> >> References:
> >>
> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168
> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447
> >> _______________________________________________________________________
> >>
> >> Updated Packages:
> >>
> >> Mandriva Linux 2009.0:
> >> 00d3098831f3c94fd3e301a2e9b3d3d2
> >> 2009.0/i586/perl-5.10.0-25.2mdv2009.0.i586.rpm
> >> 5eb7a1bda35c58f0bf353cfa845ef65e
> >> 2009.0/i586/perl-base-5.10.0-25.2mdv2009.0.i586.rpm
> >> e465d32e8e21049d63ebc6c44730b691
> >> 2009.0/i586/perl-devel-5.10.0-25.2mdv2009.0.i586.rpm
> >> 479cdd1789b4ddb41e9309ebf24ba418
> >> 2009.0/i586/perl-doc-5.10.0-25.2mdv2009.0.i586.rpm
> >> 7c0936a984a432ed2e1bfc44c0d09fc9
> >> 2009.0/i586/perl-suid-5.10.0-25.2mdv2009.0.i586.rpm
> >> 82a2602a2f8ae6cf3a675a6918e24d3e
> >> 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm
> >>
> >> Mandriva Linux 2009.0/X86_64:
> >> d3f41fadc8bd3688a8b0189eb1968c77
> >> 2009.0/x86_64/perl-5.10.0-25.2mdv2009.0.x86_64.rpm
> >> e5655094bbf5d1925db468ff707b8e18
> >> 2009.0/x86_64/perl-base-5.10.0-25.2mdv2009.0.x86_64.rpm
> >> 3c7aa589dfc884a80e4e70b269140d44
> >> 2009.0/x86_64/perl-devel-5.10.0-25.2mdv2009.0.x86_64.rpm
> >> 96691039825e0d138ecfb4f4731736ea
> >> 2009.0/x86_64/perl-doc-5.10.0-25.2mdv2009.0.x86_64.rpm
> >> 6854569c6281b018af7afbb2f3bc04ad
> >> 2009.0/x86_64/perl-suid-5.10.0-25.2mdv2009.0.x86_64.rpm
> >> 82a2602a2f8ae6cf3a675a6918e24d3e
> >> 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm
> >>
> >> Mandriva Linux 2009.1:
> >> 32ac91fdee352364f14770ec855e0375
> >> 2009.1/i586/perl-5.10.0-25.1mdv2009.1.i586.rpm
> >> a6d92fad394404c4f6e4ecdedf0ef3d0
> >> 2009.1/i586/perl-base-5.10.0-25.1mdv2009.1.i586.rpm
> >> 6ec44b6cd15d787afa051aa2f7a079a0
> >> 2009.1/i586/perl-devel-5.10.0-25.1mdv2009.1.i586.rpm
> >> 56cc85abe12ffc13e91c7d606c3f5a2f
> >> 2009.1/i586/perl-doc-5.10.0-25.1mdv2009.1.i586.rpm
> >> 6e5389395602f29f3678c9e8a5f1aa15
> >> 2009.1/i586/perl-suid-5.10.0-25.1mdv2009.1.i586.rpm
> >> d67bc28faa49cd0656ac8256c7cff801
> >> 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm
> >>
> >> Mandriva Linux 2009.1/X86_64:
> >> 5e955d0a68966fa5e8a408381e7046dd
> >> 2009.1/x86_64/perl-5.10.0-25.1mdv2009.1.x86_64.rpm
> >> 9de85776e7e93665721dce1731474229
> >> 2009.1/x86_64/perl-base-5.10.0-25.1mdv2009.1.x86_64.rpm
> >> 2dcc1876750306565ca77cfa69e83e2b
> >> 2009.1/x86_64/perl-devel-5.10.0-25.1mdv2009.1.x86_64.rpm
> >> 2a24a59f7557ecd5f9f231677b50fa00
> >> 2009.1/x86_64/perl-doc-5.10.0-25.1mdv2009.1.x86_64.rpm
> >> bb2d6a661623d31317822aeb7308b9dd
> >> 2009.1/x86_64/perl-suid-5.10.0-25.1mdv2009.1.x86_64.rpm
> >> d67bc28faa49cd0656ac8256c7cff801
> >> 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm
> >>
> >> Corporate 4.0:
> >> b326fe2db35f1dd9ac9169f9af6b5fc1
> >> corporate/4.0/i586/perl-5.8.7-3.6.20060mlcs4.i586.rpm
> >> 3283f2531e5d33008b61575d7c90cedd
> >> corporate/4.0/i586/perl-base-5.8.7-3.6.20060mlcs4.i586.rpm
> >> 2dea5e372272c9990fb79d5e0b3d4c16
> >> corporate/4.0/i586/perl-devel-5.8.7-3.6.20060mlcs4.i586.rpm
> >> 245ea4f820b232d147045b1e02e1bbb5
> >> corporate/4.0/i586/perl-doc-5.8.7-3.6.20060mlcs4.i586.rpm
> >> 3e2bad0ffc7ed43c865c6ae1b76f05ef
> >> corporate/4.0/i586/perl-suid-5.8.7-3.6.20060mlcs4.i586.rpm
> >> 65dfaa9de6379b4d1f7a7b996b6af8be
> >> corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm
> >>
> >> Corporate 4.0/X86_64:
> >> 2bb0dc22bd0bae5dd123d95f7f304934
> >> corporate/4.0/x86_64/perl-5.8.7-3.6.20060mlcs4.x86_64.rpm
> >> 54dd2c26efb5f0b83f8f82cc6da12e46
> >> corporate/4.0/x86_64/perl-base-5.8.7-3.6.20060mlcs4.x86_64.rpm
> >> 15f9345bd763e98aff10ffc36811f699
> >> corporate/4.0/x86_64/perl-devel-5.8.7-3.6.20060mlcs4.x86_64.rpm
> >> 297218e6bf27da8dd414078b36218757
> >> corporate/4.0/x86_64/perl-doc-5.8.7-3.6.20060mlcs4.x86_64.rpm
> >> 526f48beb05b4175e867bc1ec852fa77
> >> corporate/4.0/x86_64/perl-suid-5.8.7-3.6.20060mlcs4.x86_64.rpm
> >> 65dfaa9de6379b4d1f7a7b996b6af8be
> >> corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm
> >>
> >> Mandriva Enterprise Server 5:
> >> 95bfe8ce07733fe7ec7890bacf1770f5
> >> mes5/i586/perl-5.10.0-25.2mdvmes5.1.i586.rpm
> >> 04d8c9d3262848cae5211d136c83b995
> >> mes5/i586/perl-base-5.10.0-25.2mdvmes5.1.i586.rpm
> >> 8186d5d14d1aec46e27b12540c98673a
> >> mes5/i586/perl-devel-5.10.0-25.2mdvmes5.1.i586.rpm
> >> 0f13e7c3e3ed27b539e1f1cb8a881be2
> >> mes5/i586/perl-doc-5.10.0-25.2mdvmes5.1.i586.rpm
> >> 4e9f1aae20148662c3dee770a792f55c
> >> mes5/i586/perl-suid-5.10.0-25.2mdvmes5.1.i586.rpm
> >> d9e5230e96aa99ef5c5a5c52e3061c4a
> >> mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm
> >>
> >> Mandriva Enterprise Server 5/X86_64:
> >> 869dfeea157fc17cedf1e9e66ddb3bb9
> >> mes5/x86_64/perl-5.10.0-25.2mdvmes5.1.x86_64.rpm
> >> b20b2f46b7a74f8e98e19c8b917e6292
> >> mes5/x86_64/perl-base-5.10.0-25.2mdvmes5.1.x86_64.rpm
> >> 116dc346f811a5cd6bfaec340b79aac1
> >> mes5/x86_64/perl-devel-5.10.0-25.2mdvmes5.1.x86_64.rpm
> >> 75d5d76d48f16ea5af6e5a903e553d43
> >> mes5/x86_64/perl-doc-5.10.0-25.2mdvmes5.1.x86_64.rpm
> >> c0067e1c7f55bfffc7f7527a4268b6c8
> >> mes5/x86_64/perl-suid-5.10.0-25.2mdvmes5.1.x86_64.rpm
> >> d9e5230e96aa99ef5c5a5c52e3061c4a
> >> mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm
> >>
> >> Multi Network Firewall 2.0:
> >> 116523d57e391e8200aa088228b97c6a
> >> mnf/2.0/i586/perl-5.8.3-5.9.M20mdk.i586.rpm
> >> c618fe9ae03b5631f77b601e1cc3261c
> >> mnf/2.0/i586/perl-base-5.8.3-5.9.M20mdk.i586.rpm
> >> 3ecda619d7cc1afe47b1bbfafa0b9672
> >> mnf/2.0/i586/perl-devel-5.8.3-5.9.M20mdk.i586.rpm
> >> 04bfa6b5384b173164912fc4adad9459
> >> mnf/2.0/i586/perl-doc-5.8.3-5.9.M20mdk.i586.rpm
> >> 72247c85df7d57f488f9792eb88d2b3d
> >> mnf/2.0/SRPMS/perl-5.8.3-5.9.M20mdk.src.rpm
> >> _______________________________________________________________________
> >>
> >> To upgrade automatically use MandrivaUpdate or urpmi.  The verification
> >> of md5 checksums and GPG signatures is performed automatically for you.
> >>
> >> All packages are signed by Mandriva for security.  You can obtain the
> >> GPG public key of the Mandriva Security Team by executing:
> >>
> >> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
> >>
> >> You can view other update advisories for Mandriva Linux at:
> >>
> >> http://www.mandriva.com/security/advisories
> >>
> >> If you want to report vulnerabilities, please contact
> >>
> >> security_(at)_mandriva.com
> >> _______________________________________________________________________
> >>
> >> Type Bits/KeyID     Date       User ID
> >> pub  1024D/22458A98 2000-07-10 Mandriva Security Team
> >> <security*mandriva.com>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.4.9 (GNU/Linux)
> >>
> >> iD8DBQFMEnfBmqjQ0CJFipgRAjqEAJsErSC9PCwvbWa5h7royEJCuAjytgCgm3a2
> >> NFcHdnhcspKfkVASVXYME3A=
> >> =3PM8
> >> -----END PGP SIGNATURE-----
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> > --
> > _______________________________________________
> > Rio-pm mailing list
> > Rio-pm em pm.org
> > http://mail.pm.org/mailman/listinfo/rio-pm
> > _______________________________________________
> > Rio-pm mailing list
> > Rio-pm em pm.org
> > http://mail.pm.org/mailman/listinfo/rio-pm
> >
> _______________________________________________
> Rio-pm mailing list
> Rio-pm em pm.org
> http://mail.pm.org/mailman/listinfo/rio-pm
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://mail.pm.org/pipermail/rio-pm/attachments/20100613/62dfd369/attachment-0001.html>

Mais detalhes sobre a lista de discussão Rio-pm