<br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername"></b> <span dir="ltr"><<a href="mailto:security@mandriva.com">security@mandriva.com</a>></span><br>Date: 2010/6/11<br>
Subject: [Full-disclosure] [ MDVSA-2010:115 ] perl<br>To: <a href="mailto:full-disclosure@lists.grok.org.uk">full-disclosure@lists.grok.org.uk</a><br><br><br><br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
_______________________________________________________________________<br>
<br>
Mandriva Linux Security Advisory MDVSA-2010:115<br>
<a href="http://www.mandriva.com/security/" target="_blank">http://www.mandriva.com/security/</a><br>
_______________________________________________________________________<br>
<br>
Package : perl<br>
Date : June 11, 2010<br>
Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0,<br>
Multi Network Firewall 2.0<br>
_______________________________________________________________________<br>
<br>
Problem Description:<br>
<br>
Multiple vulnerabilities has been discovered and corrected in<br>
Safe.pm which could lead to escalated privilegies (CVE-2010-1168,<br>
CVE-2010-1447). The updated packages have been patched to correct<br>
these issues.<br>
_______________________________________________________________________<br>
<br>
References:<br>
<br>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168</a><br>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447</a><br>
_______________________________________________________________________<br>
<br>
Updated Packages:<br>
<br>
Mandriva Linux 2009.0:<br>
00d3098831f3c94fd3e301a2e9b3d3d2 2009.0/i586/perl-5.10.0-25.2mdv2009.0.i586.rpm<br>
5eb7a1bda35c58f0bf353cfa845ef65e 2009.0/i586/perl-base-5.10.0-25.2mdv2009.0.i586.rpm<br>
e465d32e8e21049d63ebc6c44730b691 2009.0/i586/perl-devel-5.10.0-25.2mdv2009.0.i586.rpm<br>
479cdd1789b4ddb41e9309ebf24ba418 2009.0/i586/perl-doc-5.10.0-25.2mdv2009.0.i586.rpm<br>
7c0936a984a432ed2e1bfc44c0d09fc9 2009.0/i586/perl-suid-5.10.0-25.2mdv2009.0.i586.rpm<br>
82a2602a2f8ae6cf3a675a6918e24d3e 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm<br>
<br>
Mandriva Linux 2009.0/X86_64:<br>
d3f41fadc8bd3688a8b0189eb1968c77 2009.0/x86_64/perl-5.10.0-25.2mdv2009.0.x86_64.rpm<br>
e5655094bbf5d1925db468ff707b8e18 2009.0/x86_64/perl-base-5.10.0-25.2mdv2009.0.x86_64.rpm<br>
3c7aa589dfc884a80e4e70b269140d44 2009.0/x86_64/perl-devel-5.10.0-25.2mdv2009.0.x86_64.rpm<br>
96691039825e0d138ecfb4f4731736ea 2009.0/x86_64/perl-doc-5.10.0-25.2mdv2009.0.x86_64.rpm<br>
6854569c6281b018af7afbb2f3bc04ad 2009.0/x86_64/perl-suid-5.10.0-25.2mdv2009.0.x86_64.rpm<br>
82a2602a2f8ae6cf3a675a6918e24d3e 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm<br>
<br>
Mandriva Linux 2009.1:<br>
32ac91fdee352364f14770ec855e0375 2009.1/i586/perl-5.10.0-25.1mdv2009.1.i586.rpm<br>
a6d92fad394404c4f6e4ecdedf0ef3d0 2009.1/i586/perl-base-5.10.0-25.1mdv2009.1.i586.rpm<br>
6ec44b6cd15d787afa051aa2f7a079a0 2009.1/i586/perl-devel-5.10.0-25.1mdv2009.1.i586.rpm<br>
56cc85abe12ffc13e91c7d606c3f5a2f 2009.1/i586/perl-doc-5.10.0-25.1mdv2009.1.i586.rpm<br>
6e5389395602f29f3678c9e8a5f1aa15 2009.1/i586/perl-suid-5.10.0-25.1mdv2009.1.i586.rpm<br>
d67bc28faa49cd0656ac8256c7cff801 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm<br>
<br>
Mandriva Linux 2009.1/X86_64:<br>
5e955d0a68966fa5e8a408381e7046dd 2009.1/x86_64/perl-5.10.0-25.1mdv2009.1.x86_64.rpm<br>
9de85776e7e93665721dce1731474229 2009.1/x86_64/perl-base-5.10.0-25.1mdv2009.1.x86_64.rpm<br>
2dcc1876750306565ca77cfa69e83e2b 2009.1/x86_64/perl-devel-5.10.0-25.1mdv2009.1.x86_64.rpm<br>
2a24a59f7557ecd5f9f231677b50fa00 2009.1/x86_64/perl-doc-5.10.0-25.1mdv2009.1.x86_64.rpm<br>
bb2d6a661623d31317822aeb7308b9dd 2009.1/x86_64/perl-suid-5.10.0-25.1mdv2009.1.x86_64.rpm<br>
d67bc28faa49cd0656ac8256c7cff801 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm<br>
<br>
Corporate 4.0:<br>
b326fe2db35f1dd9ac9169f9af6b5fc1 corporate/4.0/i586/perl-5.8.7-3.6.20060mlcs4.i586.rpm<br>
3283f2531e5d33008b61575d7c90cedd corporate/4.0/i586/perl-base-5.8.7-3.6.20060mlcs4.i586.rpm<br>
2dea5e372272c9990fb79d5e0b3d4c16 corporate/4.0/i586/perl-devel-5.8.7-3.6.20060mlcs4.i586.rpm<br>
245ea4f820b232d147045b1e02e1bbb5 corporate/4.0/i586/perl-doc-5.8.7-3.6.20060mlcs4.i586.rpm<br>
3e2bad0ffc7ed43c865c6ae1b76f05ef corporate/4.0/i586/perl-suid-5.8.7-3.6.20060mlcs4.i586.rpm<br>
65dfaa9de6379b4d1f7a7b996b6af8be corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm<br>
<br>
Corporate 4.0/X86_64:<br>
2bb0dc22bd0bae5dd123d95f7f304934 corporate/4.0/x86_64/perl-5.8.7-3.6.20060mlcs4.x86_64.rpm<br>
54dd2c26efb5f0b83f8f82cc6da12e46 corporate/4.0/x86_64/perl-base-5.8.7-3.6.20060mlcs4.x86_64.rpm<br>
15f9345bd763e98aff10ffc36811f699 corporate/4.0/x86_64/perl-devel-5.8.7-3.6.20060mlcs4.x86_64.rpm<br>
297218e6bf27da8dd414078b36218757 corporate/4.0/x86_64/perl-doc-5.8.7-3.6.20060mlcs4.x86_64.rpm<br>
526f48beb05b4175e867bc1ec852fa77 corporate/4.0/x86_64/perl-suid-5.8.7-3.6.20060mlcs4.x86_64.rpm<br>
65dfaa9de6379b4d1f7a7b996b6af8be corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm<br>
<br>
Mandriva Enterprise Server 5:<br>
95bfe8ce07733fe7ec7890bacf1770f5 mes5/i586/perl-5.10.0-25.2mdvmes5.1.i586.rpm<br>
04d8c9d3262848cae5211d136c83b995 mes5/i586/perl-base-5.10.0-25.2mdvmes5.1.i586.rpm<br>
8186d5d14d1aec46e27b12540c98673a mes5/i586/perl-devel-5.10.0-25.2mdvmes5.1.i586.rpm<br>
0f13e7c3e3ed27b539e1f1cb8a881be2 mes5/i586/perl-doc-5.10.0-25.2mdvmes5.1.i586.rpm<br>
4e9f1aae20148662c3dee770a792f55c mes5/i586/perl-suid-5.10.0-25.2mdvmes5.1.i586.rpm<br>
d9e5230e96aa99ef5c5a5c52e3061c4a mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm<br>
<br>
Mandriva Enterprise Server 5/X86_64:<br>
869dfeea157fc17cedf1e9e66ddb3bb9 mes5/x86_64/perl-5.10.0-25.2mdvmes5.1.x86_64.rpm<br>
b20b2f46b7a74f8e98e19c8b917e6292 mes5/x86_64/perl-base-5.10.0-25.2mdvmes5.1.x86_64.rpm<br>
116dc346f811a5cd6bfaec340b79aac1 mes5/x86_64/perl-devel-5.10.0-25.2mdvmes5.1.x86_64.rpm<br>
75d5d76d48f16ea5af6e5a903e553d43 mes5/x86_64/perl-doc-5.10.0-25.2mdvmes5.1.x86_64.rpm<br>
c0067e1c7f55bfffc7f7527a4268b6c8 mes5/x86_64/perl-suid-5.10.0-25.2mdvmes5.1.x86_64.rpm<br>
d9e5230e96aa99ef5c5a5c52e3061c4a mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm<br>
<br>
Multi Network Firewall 2.0:<br>
116523d57e391e8200aa088228b97c6a mnf/2.0/i586/perl-5.8.3-5.9.M20mdk.i586.rpm<br>
c618fe9ae03b5631f77b601e1cc3261c mnf/2.0/i586/perl-base-5.8.3-5.9.M20mdk.i586.rpm<br>
3ecda619d7cc1afe47b1bbfafa0b9672 mnf/2.0/i586/perl-devel-5.8.3-5.9.M20mdk.i586.rpm<br>
04bfa6b5384b173164912fc4adad9459 mnf/2.0/i586/perl-doc-5.8.3-5.9.M20mdk.i586.rpm<br>
72247c85df7d57f488f9792eb88d2b3d mnf/2.0/SRPMS/perl-5.8.3-5.9.M20mdk.src.rpm<br>
_______________________________________________________________________<br>
<br>
To upgrade automatically use MandrivaUpdate or urpmi. The verification<br>
of md5 checksums and GPG signatures is performed automatically for you.<br>
<br>
All packages are signed by Mandriva for security. You can obtain the<br>
GPG public key of the Mandriva Security Team by executing:<br>
<br>
gpg --recv-keys --keyserver <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a> 0x22458A98<br>
<br>
You can view other update advisories for Mandriva Linux at:<br>
<br>
<a href="http://www.mandriva.com/security/advisories" target="_blank">http://www.mandriva.com/security/advisories</a><br>
<br>
If you want to report vulnerabilities, please contact<br>
<br>
security_(at)_<a href="http://mandriva.com" target="_blank">mandriva.com</a><br>
_______________________________________________________________________<br>
<br>
Type Bits/KeyID Date User ID<br>
pub 1024D/22458A98 2000-07-10 Mandriva Security Team<br>
<security*<a href="http://mandriva.com" target="_blank">mandriva.com</a>><br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.9 (GNU/Linux)<br>
<br>
iD8DBQFMEnfBmqjQ0CJFipgRAjqEAJsErSC9PCwvbWa5h7royEJCuAjytgCgm3a2<br>
NFcHdnhcspKfkVASVXYME3A=<br>
=3PM8<br>
-----END PGP SIGNATURE-----<br>
<div><div></div><div class="h5"><br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</div></div></div><br>