perl-5.8.8-32.1.0.1.AXS3
エラータID: AXSA:2010-362:02
リリース日:
2010/06/09 Wednesday - 16:12
題名:
perl-5.8.8-32.1.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Perl の File::Path 1.08 または 2.07 (lib/File/Path.pm) の rmtree 関数には、任意の setuid バイナリを作成される脆弱性が存在します。
本脆弱性は、CVE-2005-0448、CVE-2004-0452、および CVE-2008-2827 とは異なる脆弱性です。(CVE-2008-5302)
- Perl の File::Path 1.08 (lib/File/Path.pm) の rmtree 関数には、任意のファイルを削除される脆弱性が存在します。
本脆弱性は、CVE-2005-0448、CVE-2004-0452、および CVE-2008-2827 とは異なる脆弱性です。(CVE-2008-5303)
- PostgreSQL は 手続き言語 PL/perl を適切に制限しておらず, 巧妙に細工されたスクリプトによって, リモートの認証されたユーザが任意の Perl コードを実行する脆弱性があります。(CVE-2010-1447)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
現時点では CVE-2010-1168 の情報が公開されておりません。
CVEの情報が公開され次第情報をアップデートいたします。
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-5302
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
CVE-2008-5303
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
CVE-2010-1168
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."
CVE-2010-1447
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.
追加情報:
N/A
ダウンロード:
SRPMS
- perl-5.8.8-32.1.0.1.AXS3.src.rpm
MD5: 9c33dd213240fb30960cf0ad6091de93
SHA-256: f55f0ff4965c262220b2b4f4133c11a9317ca0cce16de5e68e6dfc4815f984f7
Size: 9.88 MB
Asianux Server 3 for x86
- perl-5.8.8-32.1.0.1.AXS3.i386.rpm
MD5: 199bb1124d9fad80353758c7611a7c1f
SHA-256: 6e6ee63614f941bb09fbc3f0c2c4194eea8a2256620b76ed07a09440676c0468
Size: 11.61 MB - perl-suidperl-5.8.8-32.1.0.1.AXS3.i386.rpm
MD5: 8def739bb06dc053bacbfc56aeabdf43
SHA-256: de4cdd6e151911d3e3456d0c78b9f481014da5d77120eabae68628e79a911e1e
Size: 61.86 kB
Asianux Server 3 for x86_64
- perl-5.8.8-32.1.0.1.AXS3.x86_64.rpm
MD5: 378f573faad1c1bdf0bde242b0471e5e
SHA-256: f0c0c58b6c880f137a8e77c9262c1390d6f9b8ee0a349f8da4be630f02b8ac68
Size: 12.24 MB - perl-suidperl-5.8.8-32.1.0.1.AXS3.x86_64.rpm
MD5: cdc29e7c9c85b14dd840e520b7013089
SHA-256: 42a18c58e88c8a360abda8f5e4d7bd0292f8f294a06c4875bcc4050a1aa408c3
Size: 62.73 kB