Oval Definition:oval:com.redhat.rhsa:def:20050105
Revision Date:2005-02-07Version:502
Title:RHSA-2005:105: perl security update (Important)
Description:Perl is a high-level programming language commonly used for system administration utilities and Web programming.

Kevin Finisterre discovered a stack based buffer overflow flaw in sperl, the Perl setuid wrapper. A local user could create a sperl executable script with a carefully created path name, overflowing the buffer and leading to root privilege escalation. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0156 to this issue.

Kevin Finisterre discovered a flaw in sperl which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0155 to this issue.

Users of Perl are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Family:unixClass:patch
Status:Reference(s):CVE-2004-0452
CVE-2005-0155
CVE-2005-0156
RHSA-2005:105-01
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND Package Information
  • perl-CGI is earlier than 2:2.81-89.10
  • AND perl-CGI is signed with Red Hat master key
  • OR
  • perl-DB_File is earlier than 2:1.804-89.10
  • AND perl-DB_File is signed with Red Hat master key
  • OR
  • perl-suidperl is earlier than 2:5.8.0-89.10
  • AND perl-suidperl is signed with Red Hat master key
  • OR
  • perl-CPAN is earlier than 2:1.61-89.10
  • AND perl-CPAN is signed with Red Hat master key
  • OR
  • perl is earlier than 2:5.8.0-89.10
  • AND perl is signed with Red Hat master key
    • BACK