[Rio-pm] Fwd: [Full-disclosure] [ MDVSA-2010:115 ] perl

Domingo Junho 13 21:04:30 PDT 2010

que não mantém compatibilidade/relação com o CPAN

2010/6/13 Samir Cury <rimasy em gmail.com>

> Esse é o lado ruim dos sistemas de empacotamento
>
>
> On Sun, Jun 13, 2010 at 1:38 AM, breno <breno em rio.pm.org> wrote:
>
>> Isso tem um tempinho já, né? Foi corrigido no final de abril... será
>> que só agora as distros corrigiram o problema (ou lançaram o boletim
>> oficial)?
>>
>> 2010/6/12 Nuba Princigalli <nuba em fastmail.fm>:
>> >
>> > "Multiplas vulnerabilidades no Safe.pm"
>> >
>> > Eu ri :)
>> >
>> > On Sat, 12 Jun 2010, Oscar Marques wrote:
>> >
>> >> Date: Sat, 12 Jun 2010 09:47:00 -0300
>> >> From: Oscar Marques <oscarbm em gmail.com>
>> >> Reply-To: Perl Mongers Rio de Janeiro <rio-pm em pm.org>
>> >> To: Perl Mongers Rio de Janeiro <rio-pm em pm.org>
>> >> Subject: [Rio-pm] Fwd: [Full-disclosure] [ MDVSA-2010:115 ] perl
>> >>
>> >> ---------- Forwarded message ----------
>> >> From: <security em mandriva.com>
>> >> Date: 2010/6/11
>> >> Subject: [Full-disclosure] [ MDVSA-2010:115 ] perl
>> >> To: full-disclosure em lists.grok.org.uk
>> >>
>> >>
>> >>
>> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> Hash: SHA1
>> >>
>> >> _______________________________________________________________________
>> >>
>> >> Mandriva Linux Security Advisory                         MDVSA-2010:115
>> >> http://www.mandriva.com/security/
>> >> _______________________________________________________________________
>> >>
>> >> Package : perl
>> >> Date    : June 11, 2010
>> >> Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0,
>> >>         Multi Network Firewall 2.0
>> >> _______________________________________________________________________
>> >>
>> >> Problem Description:
>> >>
>> >> Multiple vulnerabilities has been discovered and corrected in
>> >> Safe.pm which could lead to escalated privilegies (CVE-2010-1168,
>> >> CVE-2010-1447). The updated packages have been patched to correct
>> >> these issues.
>> >> _______________________________________________________________________
>> >>
>> >> References:
>> >>
>> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168
>> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447
>> >> _______________________________________________________________________
>> >>
>> >> Updated Packages:
>> >>
>> >> Mandriva Linux 2009.0:
>> >> 00d3098831f3c94fd3e301a2e9b3d3d2
>> >> 2009.0/i586/perl-5.10.0-25.2mdv2009.0.i586.rpm
>> >> 5eb7a1bda35c58f0bf353cfa845ef65e
>> >> 2009.0/i586/perl-base-5.10.0-25.2mdv2009.0.i586.rpm
>> >> e465d32e8e21049d63ebc6c44730b691
>> >> 2009.0/i586/perl-devel-5.10.0-25.2mdv2009.0.i586.rpm
>> >> 479cdd1789b4ddb41e9309ebf24ba418
>> >> 2009.0/i586/perl-doc-5.10.0-25.2mdv2009.0.i586.rpm
>> >> 7c0936a984a432ed2e1bfc44c0d09fc9
>> >> 2009.0/i586/perl-suid-5.10.0-25.2mdv2009.0.i586.rpm
>> >> 82a2602a2f8ae6cf3a675a6918e24d3e
>> >> 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm
>> >>
>> >> Mandriva Linux 2009.0/X86_64:
>> >> d3f41fadc8bd3688a8b0189eb1968c77
>> >> 2009.0/x86_64/perl-5.10.0-25.2mdv2009.0.x86_64.rpm
>> >> e5655094bbf5d1925db468ff707b8e18
>> >> 2009.0/x86_64/perl-base-5.10.0-25.2mdv2009.0.x86_64.rpm
>> >> 3c7aa589dfc884a80e4e70b269140d44
>> >> 2009.0/x86_64/perl-devel-5.10.0-25.2mdv2009.0.x86_64.rpm
>> >> 96691039825e0d138ecfb4f4731736ea
>> >> 2009.0/x86_64/perl-doc-5.10.0-25.2mdv2009.0.x86_64.rpm
>> >> 6854569c6281b018af7afbb2f3bc04ad
>> >> 2009.0/x86_64/perl-suid-5.10.0-25.2mdv2009.0.x86_64.rpm
>> >> 82a2602a2f8ae6cf3a675a6918e24d3e
>> >> 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm
>> >>
>> >> Mandriva Linux 2009.1:
>> >> 32ac91fdee352364f14770ec855e0375
>> >> 2009.1/i586/perl-5.10.0-25.1mdv2009.1.i586.rpm
>> >> a6d92fad394404c4f6e4ecdedf0ef3d0
>> >> 2009.1/i586/perl-base-5.10.0-25.1mdv2009.1.i586.rpm
>> >> 6ec44b6cd15d787afa051aa2f7a079a0
>> >> 2009.1/i586/perl-devel-5.10.0-25.1mdv2009.1.i586.rpm
>> >> 56cc85abe12ffc13e91c7d606c3f5a2f
>> >> 2009.1/i586/perl-doc-5.10.0-25.1mdv2009.1.i586.rpm
>> >> 6e5389395602f29f3678c9e8a5f1aa15
>> >> 2009.1/i586/perl-suid-5.10.0-25.1mdv2009.1.i586.rpm
>> >> d67bc28faa49cd0656ac8256c7cff801
>> >> 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm
>> >>
>> >> Mandriva Linux 2009.1/X86_64:
>> >> 5e955d0a68966fa5e8a408381e7046dd
>> >> 2009.1/x86_64/perl-5.10.0-25.1mdv2009.1.x86_64.rpm
>> >> 9de85776e7e93665721dce1731474229
>> >> 2009.1/x86_64/perl-base-5.10.0-25.1mdv2009.1.x86_64.rpm
>> >> 2dcc1876750306565ca77cfa69e83e2b
>> >> 2009.1/x86_64/perl-devel-5.10.0-25.1mdv2009.1.x86_64.rpm
>> >> 2a24a59f7557ecd5f9f231677b50fa00
>> >> 2009.1/x86_64/perl-doc-5.10.0-25.1mdv2009.1.x86_64.rpm
>> >> bb2d6a661623d31317822aeb7308b9dd
>> >> 2009.1/x86_64/perl-suid-5.10.0-25.1mdv2009.1.x86_64.rpm
>> >> d67bc28faa49cd0656ac8256c7cff801
>> >> 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm
>> >>
>> >> Corporate 4.0:
>> >> b326fe2db35f1dd9ac9169f9af6b5fc1
>> >> corporate/4.0/i586/perl-5.8.7-3.6.20060mlcs4.i586.rpm
>> >> 3283f2531e5d33008b61575d7c90cedd
>> >> corporate/4.0/i586/perl-base-5.8.7-3.6.20060mlcs4.i586.rpm
>> >> 2dea5e372272c9990fb79d5e0b3d4c16
>> >> corporate/4.0/i586/perl-devel-5.8.7-3.6.20060mlcs4.i586.rpm
>> >> 245ea4f820b232d147045b1e02e1bbb5
>> >> corporate/4.0/i586/perl-doc-5.8.7-3.6.20060mlcs4.i586.rpm
>> >> 3e2bad0ffc7ed43c865c6ae1b76f05ef
>> >> corporate/4.0/i586/perl-suid-5.8.7-3.6.20060mlcs4.i586.rpm
>> >> 65dfaa9de6379b4d1f7a7b996b6af8be
>> >> corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm
>> >>
>> >> Corporate 4.0/X86_64:
>> >> 2bb0dc22bd0bae5dd123d95f7f304934
>> >> corporate/4.0/x86_64/perl-5.8.7-3.6.20060mlcs4.x86_64.rpm
>> >> 54dd2c26efb5f0b83f8f82cc6da12e46
>> >> corporate/4.0/x86_64/perl-base-5.8.7-3.6.20060mlcs4.x86_64.rpm
>> >> 15f9345bd763e98aff10ffc36811f699
>> >> corporate/4.0/x86_64/perl-devel-5.8.7-3.6.20060mlcs4.x86_64.rpm
>> >> 297218e6bf27da8dd414078b36218757
>> >> corporate/4.0/x86_64/perl-doc-5.8.7-3.6.20060mlcs4.x86_64.rpm
>> >> 526f48beb05b4175e867bc1ec852fa77
>> >> corporate/4.0/x86_64/perl-suid-5.8.7-3.6.20060mlcs4.x86_64.rpm
>> >> 65dfaa9de6379b4d1f7a7b996b6af8be
>> >> corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm
>> >>
>> >> Mandriva Enterprise Server 5:
>> >> 95bfe8ce07733fe7ec7890bacf1770f5
>> >> mes5/i586/perl-5.10.0-25.2mdvmes5.1.i586.rpm
>> >> 04d8c9d3262848cae5211d136c83b995
>> >> mes5/i586/perl-base-5.10.0-25.2mdvmes5.1.i586.rpm
>> >> 8186d5d14d1aec46e27b12540c98673a
>> >> mes5/i586/perl-devel-5.10.0-25.2mdvmes5.1.i586.rpm
>> >> 0f13e7c3e3ed27b539e1f1cb8a881be2
>> >> mes5/i586/perl-doc-5.10.0-25.2mdvmes5.1.i586.rpm
>> >> 4e9f1aae20148662c3dee770a792f55c
>> >> mes5/i586/perl-suid-5.10.0-25.2mdvmes5.1.i586.rpm
>> >> d9e5230e96aa99ef5c5a5c52e3061c4a
>> >> mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm
>> >>
>> >> Mandriva Enterprise Server 5/X86_64:
>> >> 869dfeea157fc17cedf1e9e66ddb3bb9
>> >> mes5/x86_64/perl-5.10.0-25.2mdvmes5.1.x86_64.rpm
>> >> b20b2f46b7a74f8e98e19c8b917e6292
>> >> mes5/x86_64/perl-base-5.10.0-25.2mdvmes5.1.x86_64.rpm
>> >> 116dc346f811a5cd6bfaec340b79aac1
>> >> mes5/x86_64/perl-devel-5.10.0-25.2mdvmes5.1.x86_64.rpm
>> >> 75d5d76d48f16ea5af6e5a903e553d43
>> >> mes5/x86_64/perl-doc-5.10.0-25.2mdvmes5.1.x86_64.rpm
>> >> c0067e1c7f55bfffc7f7527a4268b6c8
>> >> mes5/x86_64/perl-suid-5.10.0-25.2mdvmes5.1.x86_64.rpm
>> >> d9e5230e96aa99ef5c5a5c52e3061c4a
>> >> mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm
>> >>
>> >> Multi Network Firewall 2.0:
>> >> 116523d57e391e8200aa088228b97c6a
>> >> mnf/2.0/i586/perl-5.8.3-5.9.M20mdk.i586.rpm
>> >> c618fe9ae03b5631f77b601e1cc3261c
>> >> mnf/2.0/i586/perl-base-5.8.3-5.9.M20mdk.i586.rpm
>> >> 3ecda619d7cc1afe47b1bbfafa0b9672
>> >> mnf/2.0/i586/perl-devel-5.8.3-5.9.M20mdk.i586.rpm
>> >> 04bfa6b5384b173164912fc4adad9459
>> >> mnf/2.0/i586/perl-doc-5.8.3-5.9.M20mdk.i586.rpm
>> >> 72247c85df7d57f488f9792eb88d2b3d
>> >> mnf/2.0/SRPMS/perl-5.8.3-5.9.M20mdk.src.rpm
>> >> _______________________________________________________________________
>> >>
>> >> To upgrade automatically use MandrivaUpdate or urpmi.  The verification
>> >> of md5 checksums and GPG signatures is performed automatically for you.
>> >>
>> >> All packages are signed by Mandriva for security.  You can obtain the
>> >> GPG public key of the Mandriva Security Team by executing:
>> >>
>> >> gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
>> >>
>> >> You can view other update advisories for Mandriva Linux at:
>> >>
>> >> http://www.mandriva.com/security/advisories
>> >>
>> >> If you want to report vulnerabilities, please contact
>> >>
>> >> security_(at)_mandriva.com
>> >> _______________________________________________________________________
>> >>
>> >> Type Bits/KeyID     Date       User ID
>> >> pub  1024D/22458A98 2000-07-10 Mandriva Security Team
>> >> <security*mandriva.com>
>> >> -----BEGIN PGP SIGNATURE-----
>> >> Version: GnuPG v1.4.9 (GNU/Linux)
>> >>
>> >> iD8DBQFMEnfBmqjQ0CJFipgRAjqEAJsErSC9PCwvbWa5h7royEJCuAjytgCgm3a2
>> >> NFcHdnhcspKfkVASVXYME3A=
>> >> =3PM8
>> >> -----END PGP SIGNATURE-----
>> >>
>> >> _______________________________________________
>> >> Full-Disclosure - We believe in it.
>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> >> Hosted and sponsored by Secunia - http://secunia.com/
>> >>
>> >
>> > --
>> > _______________________________________________
>> > Rio-pm mailing list
>> > Rio-pm em pm.org
>> > http://mail.pm.org/mailman/listinfo/rio-pm
>> > _______________________________________________
>> > Rio-pm mailing list
>> > Rio-pm em pm.org
>> > http://mail.pm.org/mailman/listinfo/rio-pm
>> >
>> _______________________________________________
>> Rio-pm mailing list
>> Rio-pm em pm.org
>> http://mail.pm.org/mailman/listinfo/rio-pm
>>
>
>
> _______________________________________________
> Rio-pm mailing list
> Rio-pm em pm.org
> http://mail.pm.org/mailman/listinfo/rio-pm
>
-------------- Próxima Parte ----------
Um anexo em HTML foi limpo...
URL: <http://mail.pm.org/pipermail/rio-pm/attachments/20100614/bde463c4/attachment.html>