Help
This is a multi-part message in MIME format...
------------=_1218482735-11275-8097
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:165
http://www.mandriva.com/security/
_______________________________________________________________________
Package : perl
Date : August 11, 2008
Affected: 2008.1
_______________________________________________________________________
Problem Description:
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly
check permissions before performing a chmod, which allows local users
to modify the permissions of arbitrary files via a symlink attack.
The updated packages have been patched to fix this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2827
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
a94542e9e9504a4d11be4acb0977cbca 2008.1/i586/perl-5.10.0-13.1mdv2008.1.i586.rpm
95515e6c74da5d6b28e954d68a3c06f2 2008.1/i586/perl-base-5.10.0-13.1mdv2008.1.i586.rpm
b39451214d71c3cc151ce1c2c2e6969c 2008.1/i586/perl-devel-5.10.0-13.1mdv2008.1.i586.rpm
0ed618fc4dda3f804bd051af35d1073e 2008.1/i586/perl-doc-5.10.0-13.1mdv2008.1.i586.rpm
5c8292c188b1cfbd9509013060a8832e 2008.1/i586/perl-suid-5.10.0-13.1mdv2008.1.i586.rpm
894e08eab70f76a470e5faaccd35c684 2008.1/SRPMS/perl-5.10.0-13.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
9cbac47b99f5619c99c0bf127036728f 2008.1/x86_64/perl-5.10.0-13.1mdv2008.1.x86_64.rpm
28affc527b9b3fa016a15a8b334c12ad 2008.1/x86_64/perl-base-5.10.0-13.1mdv2008.1.x86_64.rpm
8a1015ddbf192d5d288c27eb887c2ea0 2008.1/x86_64/perl-devel-5.10.0-13.1mdv2008.1.x86_64.rpm
9e42182860712bed39366687feaebfa7 2008.1/x86_64/perl-doc-5.10.0-13.1mdv2008.1.x86_64.rpm
89f28b330583f90b4655f77e9740cc88 2008.1/x86_64/perl-suid-5.10.0-13.1mdv2008.1.x86_64.rpm
894e08eab70f76a470e5faaccd35c684 2008.1/SRPMS/perl-5.10.0-13.1mdv2008.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIoGdPmqjQ0CJFipgRAp4mAJoCpHxauxYDW1nbfmVX8a2JUl21vgCg5k8H
HGMbkEpJ/3sCupxLk6GCiBg=
=2DHh
-----END PGP SIGNATURE-----
------------=_1218482735-11275-8097
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________
------------=_1218482735-11275-8097--
Page 1 of 1
[Security Announce] [ MDVSA-2008:165 ] perl
Share this topic:
Page 1 of 1