Esse é o lado ruim dos sistemas de empacotamento<br><br><div class="gmail_quote">On Sun, Jun 13, 2010 at 1:38 AM, breno <span dir="ltr"><<a href="mailto:breno@rio.pm.org">breno@rio.pm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Isso tem um tempinho já, né? Foi corrigido no final de abril... será<br>
que só agora as distros corrigiram o problema (ou lançaram o boletim<br>
oficial)?<br>
<br>
2010/6/12 Nuba Princigalli <<a href="mailto:nuba@fastmail.fm">nuba@fastmail.fm</a>>:<br>
<div><div></div><div class="h5">><br>
> "Multiplas vulnerabilidades no Safe.pm"<br>
><br>
> Eu ri :)<br>
><br>
> On Sat, 12 Jun 2010, Oscar Marques wrote:<br>
><br>
>> Date: Sat, 12 Jun 2010 09:47:00 -0300<br>
>> From: Oscar Marques <<a href="mailto:oscarbm@gmail.com">oscarbm@gmail.com</a>><br>
>> Reply-To: Perl Mongers Rio de Janeiro <<a href="mailto:rio-pm@pm.org">rio-pm@pm.org</a>><br>
>> To: Perl Mongers Rio de Janeiro <<a href="mailto:rio-pm@pm.org">rio-pm@pm.org</a>><br>
>> Subject: [Rio-pm] Fwd: [Full-disclosure] [ MDVSA-2010:115 ] perl<br>
>><br>
>> ---------- Forwarded message ----------<br>
>> From: <<a href="mailto:security@mandriva.com">security@mandriva.com</a>><br>
>> Date: 2010/6/11<br>
>> Subject: [Full-disclosure] [ MDVSA-2010:115 ] perl<br>
>> To: <a href="mailto:full-disclosure@lists.grok.org.uk">full-disclosure@lists.grok.org.uk</a><br>
>><br>
>><br>
>><br>
>> -----BEGIN PGP SIGNED MESSAGE-----<br>
>> Hash: SHA1<br>
>><br>
>> _______________________________________________________________________<br>
>><br>
>> Mandriva Linux Security Advisory MDVSA-2010:115<br>
>> <a href="http://www.mandriva.com/security/" target="_blank">http://www.mandriva.com/security/</a><br>
>> _______________________________________________________________________<br>
>><br>
>> Package : perl<br>
>> Date : June 11, 2010<br>
>> Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0,<br>
>> Multi Network Firewall 2.0<br>
>> _______________________________________________________________________<br>
>><br>
>> Problem Description:<br>
>><br>
>> Multiple vulnerabilities has been discovered and corrected in<br>
>> Safe.pm which could lead to escalated privilegies (CVE-2010-1168,<br>
>> CVE-2010-1447). The updated packages have been patched to correct<br>
>> these issues.<br>
>> _______________________________________________________________________<br>
>><br>
>> References:<br>
>><br>
>> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168</a><br>
>> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447</a><br>
>> _______________________________________________________________________<br>
>><br>
>> Updated Packages:<br>
>><br>
>> Mandriva Linux 2009.0:<br>
>> 00d3098831f3c94fd3e301a2e9b3d3d2<br>
>> 2009.0/i586/perl-5.10.0-25.2mdv2009.0.i586.rpm<br>
>> 5eb7a1bda35c58f0bf353cfa845ef65e<br>
>> 2009.0/i586/perl-base-5.10.0-25.2mdv2009.0.i586.rpm<br>
>> e465d32e8e21049d63ebc6c44730b691<br>
>> 2009.0/i586/perl-devel-5.10.0-25.2mdv2009.0.i586.rpm<br>
>> 479cdd1789b4ddb41e9309ebf24ba418<br>
>> 2009.0/i586/perl-doc-5.10.0-25.2mdv2009.0.i586.rpm<br>
>> 7c0936a984a432ed2e1bfc44c0d09fc9<br>
>> 2009.0/i586/perl-suid-5.10.0-25.2mdv2009.0.i586.rpm<br>
>> 82a2602a2f8ae6cf3a675a6918e24d3e<br>
>> 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm<br>
>><br>
>> Mandriva Linux 2009.0/X86_64:<br>
>> d3f41fadc8bd3688a8b0189eb1968c77<br>
>> 2009.0/x86_64/perl-5.10.0-25.2mdv2009.0.x86_64.rpm<br>
>> e5655094bbf5d1925db468ff707b8e18<br>
>> 2009.0/x86_64/perl-base-5.10.0-25.2mdv2009.0.x86_64.rpm<br>
>> 3c7aa589dfc884a80e4e70b269140d44<br>
>> 2009.0/x86_64/perl-devel-5.10.0-25.2mdv2009.0.x86_64.rpm<br>
>> 96691039825e0d138ecfb4f4731736ea<br>
>> 2009.0/x86_64/perl-doc-5.10.0-25.2mdv2009.0.x86_64.rpm<br>
>> 6854569c6281b018af7afbb2f3bc04ad<br>
>> 2009.0/x86_64/perl-suid-5.10.0-25.2mdv2009.0.x86_64.rpm<br>
>> 82a2602a2f8ae6cf3a675a6918e24d3e<br>
>> 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm<br>
>><br>
>> Mandriva Linux 2009.1:<br>
>> 32ac91fdee352364f14770ec855e0375<br>
>> 2009.1/i586/perl-5.10.0-25.1mdv2009.1.i586.rpm<br>
>> a6d92fad394404c4f6e4ecdedf0ef3d0<br>
>> 2009.1/i586/perl-base-5.10.0-25.1mdv2009.1.i586.rpm<br>
>> 6ec44b6cd15d787afa051aa2f7a079a0<br>
>> 2009.1/i586/perl-devel-5.10.0-25.1mdv2009.1.i586.rpm<br>
>> 56cc85abe12ffc13e91c7d606c3f5a2f<br>
>> 2009.1/i586/perl-doc-5.10.0-25.1mdv2009.1.i586.rpm<br>
>> 6e5389395602f29f3678c9e8a5f1aa15<br>
>> 2009.1/i586/perl-suid-5.10.0-25.1mdv2009.1.i586.rpm<br>
>> d67bc28faa49cd0656ac8256c7cff801<br>
>> 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm<br>
>><br>
>> Mandriva Linux 2009.1/X86_64:<br>
>> 5e955d0a68966fa5e8a408381e7046dd<br>
>> 2009.1/x86_64/perl-5.10.0-25.1mdv2009.1.x86_64.rpm<br>
>> 9de85776e7e93665721dce1731474229<br>
>> 2009.1/x86_64/perl-base-5.10.0-25.1mdv2009.1.x86_64.rpm<br>
>> 2dcc1876750306565ca77cfa69e83e2b<br>
>> 2009.1/x86_64/perl-devel-5.10.0-25.1mdv2009.1.x86_64.rpm<br>
>> 2a24a59f7557ecd5f9f231677b50fa00<br>
>> 2009.1/x86_64/perl-doc-5.10.0-25.1mdv2009.1.x86_64.rpm<br>
>> bb2d6a661623d31317822aeb7308b9dd<br>
>> 2009.1/x86_64/perl-suid-5.10.0-25.1mdv2009.1.x86_64.rpm<br>
>> d67bc28faa49cd0656ac8256c7cff801<br>
>> 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm<br>
>><br>
>> Corporate 4.0:<br>
>> b326fe2db35f1dd9ac9169f9af6b5fc1<br>
>> corporate/4.0/i586/perl-5.8.7-3.6.20060mlcs4.i586.rpm<br>
>> 3283f2531e5d33008b61575d7c90cedd<br>
>> corporate/4.0/i586/perl-base-5.8.7-3.6.20060mlcs4.i586.rpm<br>
>> 2dea5e372272c9990fb79d5e0b3d4c16<br>
>> corporate/4.0/i586/perl-devel-5.8.7-3.6.20060mlcs4.i586.rpm<br>
>> 245ea4f820b232d147045b1e02e1bbb5<br>
>> corporate/4.0/i586/perl-doc-5.8.7-3.6.20060mlcs4.i586.rpm<br>
>> 3e2bad0ffc7ed43c865c6ae1b76f05ef<br>
>> corporate/4.0/i586/perl-suid-5.8.7-3.6.20060mlcs4.i586.rpm<br>
>> 65dfaa9de6379b4d1f7a7b996b6af8be<br>
>> corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm<br>
>><br>
>> Corporate 4.0/X86_64:<br>
>> 2bb0dc22bd0bae5dd123d95f7f304934<br>
>> corporate/4.0/x86_64/perl-5.8.7-3.6.20060mlcs4.x86_64.rpm<br>
>> 54dd2c26efb5f0b83f8f82cc6da12e46<br>
>> corporate/4.0/x86_64/perl-base-5.8.7-3.6.20060mlcs4.x86_64.rpm<br>
>> 15f9345bd763e98aff10ffc36811f699<br>
>> corporate/4.0/x86_64/perl-devel-5.8.7-3.6.20060mlcs4.x86_64.rpm<br>
>> 297218e6bf27da8dd414078b36218757<br>
>> corporate/4.0/x86_64/perl-doc-5.8.7-3.6.20060mlcs4.x86_64.rpm<br>
>> 526f48beb05b4175e867bc1ec852fa77<br>
>> corporate/4.0/x86_64/perl-suid-5.8.7-3.6.20060mlcs4.x86_64.rpm<br>
>> 65dfaa9de6379b4d1f7a7b996b6af8be<br>
>> corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm<br>
>><br>
>> Mandriva Enterprise Server 5:<br>
>> 95bfe8ce07733fe7ec7890bacf1770f5<br>
>> mes5/i586/perl-5.10.0-25.2mdvmes5.1.i586.rpm<br>
>> 04d8c9d3262848cae5211d136c83b995<br>
>> mes5/i586/perl-base-5.10.0-25.2mdvmes5.1.i586.rpm<br>
>> 8186d5d14d1aec46e27b12540c98673a<br>
>> mes5/i586/perl-devel-5.10.0-25.2mdvmes5.1.i586.rpm<br>
>> 0f13e7c3e3ed27b539e1f1cb8a881be2<br>
>> mes5/i586/perl-doc-5.10.0-25.2mdvmes5.1.i586.rpm<br>
>> 4e9f1aae20148662c3dee770a792f55c<br>
>> mes5/i586/perl-suid-5.10.0-25.2mdvmes5.1.i586.rpm<br>
>> d9e5230e96aa99ef5c5a5c52e3061c4a<br>
>> mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm<br>
>><br>
>> Mandriva Enterprise Server 5/X86_64:<br>
>> 869dfeea157fc17cedf1e9e66ddb3bb9<br>
>> mes5/x86_64/perl-5.10.0-25.2mdvmes5.1.x86_64.rpm<br>
>> b20b2f46b7a74f8e98e19c8b917e6292<br>
>> mes5/x86_64/perl-base-5.10.0-25.2mdvmes5.1.x86_64.rpm<br>
>> 116dc346f811a5cd6bfaec340b79aac1<br>
>> mes5/x86_64/perl-devel-5.10.0-25.2mdvmes5.1.x86_64.rpm<br>
>> 75d5d76d48f16ea5af6e5a903e553d43<br>
>> mes5/x86_64/perl-doc-5.10.0-25.2mdvmes5.1.x86_64.rpm<br>
>> c0067e1c7f55bfffc7f7527a4268b6c8<br>
>> mes5/x86_64/perl-suid-5.10.0-25.2mdvmes5.1.x86_64.rpm<br>
>> d9e5230e96aa99ef5c5a5c52e3061c4a<br>
>> mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm<br>
>><br>
>> Multi Network Firewall 2.0:<br>
>> 116523d57e391e8200aa088228b97c6a<br>
>> mnf/2.0/i586/perl-5.8.3-5.9.M20mdk.i586.rpm<br>
>> c618fe9ae03b5631f77b601e1cc3261c<br>
>> mnf/2.0/i586/perl-base-5.8.3-5.9.M20mdk.i586.rpm<br>
>> 3ecda619d7cc1afe47b1bbfafa0b9672<br>
>> mnf/2.0/i586/perl-devel-5.8.3-5.9.M20mdk.i586.rpm<br>
>> 04bfa6b5384b173164912fc4adad9459<br>
>> mnf/2.0/i586/perl-doc-5.8.3-5.9.M20mdk.i586.rpm<br>
>> 72247c85df7d57f488f9792eb88d2b3d<br>
>> mnf/2.0/SRPMS/perl-5.8.3-5.9.M20mdk.src.rpm<br>
>> _______________________________________________________________________<br>
>><br>
>> To upgrade automatically use MandrivaUpdate or urpmi. The verification<br>
>> of md5 checksums and GPG signatures is performed automatically for you.<br>
>><br>
>> All packages are signed by Mandriva for security. You can obtain the<br>
>> GPG public key of the Mandriva Security Team by executing:<br>
>><br>
>> gpg --recv-keys --keyserver <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a> 0x22458A98<br>
>><br>
>> You can view other update advisories for Mandriva Linux at:<br>
>><br>
>> <a href="http://www.mandriva.com/security/advisories" target="_blank">http://www.mandriva.com/security/advisories</a><br>
>><br>
>> If you want to report vulnerabilities, please contact<br>
>><br>
>> security_(at)_<a href="http://mandriva.com" target="_blank">mandriva.com</a><br>
>> _______________________________________________________________________<br>
>><br>
>> Type Bits/KeyID Date User ID<br>
>> pub 1024D/22458A98 2000-07-10 Mandriva Security Team<br>
>> <security*<a href="http://mandriva.com" target="_blank">mandriva.com</a>><br>
>> -----BEGIN PGP SIGNATURE-----<br>
>> Version: GnuPG v1.4.9 (GNU/Linux)<br>
>><br>
>> iD8DBQFMEnfBmqjQ0CJFipgRAjqEAJsErSC9PCwvbWa5h7royEJCuAjytgCgm3a2<br>
>> NFcHdnhcspKfkVASVXYME3A=<br>
>> =3PM8<br>
>> -----END PGP SIGNATURE-----<br>
>><br>
>> _______________________________________________<br>
>> Full-Disclosure - We believe in it.<br>
>> Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>
>> Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
>><br>
><br>
> --<br>
</div></div>> _______________________________________________<br>
> Rio-pm mailing list<br>
> <a href="mailto:Rio-pm@pm.org">Rio-pm@pm.org</a><br>
> <a href="http://mail.pm.org/mailman/listinfo/rio-pm" target="_blank">http://mail.pm.org/mailman/listinfo/rio-pm</a><br>
> _______________________________________________<br>
> Rio-pm mailing list<br>
> <a href="mailto:Rio-pm@pm.org">Rio-pm@pm.org</a><br>
> <a href="http://mail.pm.org/mailman/listinfo/rio-pm" target="_blank">http://mail.pm.org/mailman/listinfo/rio-pm</a><br>
><br>
_______________________________________________<br>
Rio-pm mailing list<br>
<a href="mailto:Rio-pm@pm.org">Rio-pm@pm.org</a><br>
<a href="http://mail.pm.org/mailman/listinfo/rio-pm" target="_blank">http://mail.pm.org/mailman/listinfo/rio-pm</a><br>
</blockquote></div><br>