Submit a story to LinuxSecurity!

Thanks very much for your interest in sharing your story with us. Our site is driven by users like you.

Post anonymously

Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.

 

    Back

    Debian: perl Information leak vulnerabilities

    Date19 Apr 2004
    CategoryDebian
    3085
    Posted ByLinuxSecurity Advisories
    DSA 431-1 incorporated a partial fix for this problem. This advisoryincludes a more complete fix which corrects some additional cases. 
    
Debian Security Advisory DSA 431-2                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
http://www.debian.org/security/                             Matt Zimmerman
April 16th, 2004                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : perl
Vulnerability  : information leak
Problem-Type   : local
Debian-specific: no
CVE Ids        : CAN-2003-0618

Paul Szabo discovered a number of similar bugs in suidperl, a helper
program to run perl scripts with setuid privileges.  By exploiting
these bugs, an attacker could abuse suidperl to discover information
about files (such as testing for their existence and some of their
permissions) that should not be accessible to unprivileged users.

DSA 431-1 incorporated a partial fix for this problem.  This advisory
includes a more complete fix which corrects some additional cases.

For the current stable distribution (woody) this problem has been
fixed in version 5.6.1-8.7.

For the unstable distribution, this problem has been fixed in version
5.8.3-3.

We recommend that you update your perl package if you have the
"perl-suid" package installed.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7.dsc
      Size/MD5 checksum:      687 a991455e0aceb15577058550a4e7a58b
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7.diff.gz
      Size/MD5 checksum:   157187 c4142d9553724963475e3ac83b7cfa75
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
      Size/MD5 checksum:  5983695 ec1ff15464809b562aecfaa2e65edba6

  Architecture independent components:

     http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.7_all.deb
      Size/MD5 checksum:    30986 605d678c5351a04c559eb91c92224330
     http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.7_all.deb
      Size/MD5 checksum:  3892174 622ee5f4426479eac9923ce8a615f8bb
     http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.7_all.deb
      Size/MD5 checksum:  1284502 c502b6581cddcbec73603365ba2b3c91

  Alpha architecture:

     http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:   620294 07e38c51c8ca20102b088fdce1fab354
     http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:   435786 ecadd53c15edb37aa6919210dfa71a7d
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:  1217702 66bbe713ab6017e91dd050d2bc3a3626
     http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:   208726 98fb9debca3d28a7b92454a03fba23da
     http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:  2826500 8998d4bb47b35558e302cddce343a79a
     http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:    34570 b706eb26f78cc37ebc1d037301a98160

  ARM architecture:

     http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_arm.deb
      Size/MD5 checksum:   516692 c767fd61532053e819d860b59120adfc
     http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_arm.deb
      Size/MD5 checksum:   362950 17996f407fec576584b7f57c13d335f9
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_arm.deb
      Size/MD5 checksum:  1164306 b94f9f79d1cfc369146d13ce87d5b13a
     http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_arm.deb
      Size/MD5 checksum:   545424 ef03138c3fbf6e4814d9bfcec3c3778a
     http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_arm.deb
      Size/MD5 checksum:  2307408 962e45a6371c99305a9fb9a5ab9a4ec2
     http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_arm.deb
      Size/MD5 checksum:    29204 8f1fb543b1889960bb621af8fcbd7ddf

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_i386.deb
      Size/MD5 checksum:   424654 0ad393b304d64b7c952ac84f237aca52
     http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_i386.deb
      Size/MD5 checksum:   347984 150e94da2d527462997f519a09bd6299
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_i386.deb
      Size/MD5 checksum:  1159654 3d9f6212d155543e9386b51a63254f51
     http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_i386.deb
      Size/MD5 checksum:   497374 f23b673fab7977a06c4b683c47abbd4d
     http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_i386.deb
      Size/MD5 checksum:  2119098 d811ed3c32389f4b7f96af510c60b2ca
     http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_i386.deb
      Size/MD5 checksum:    28424 8050f765f6e6c1d2846f1ecffea46410

  Intel IA-64 architecture:

     http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:   703800 98b9613a766899236656b3d14f853cad
     http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:   599440 5884023305567e2154cf21db04ad4a4d
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:  1266508 805f604c9e913eacc63b81b1063cfa64
     http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:   226492 21d55eaeb321baa8b18ceac3bc5d1a82
     http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:  3312646 55a3421d9a6077cb6bbcb896227818f2
     http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:    44934 469d65c1903c6e5dbb7b2d379967f36a

  HP Precision architecture:

     http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:   623292 e8cc3a186195903aa19161c483418525
     http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:   473744 c1c09e61b138d2e2c5ebab4cc6f02e82
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:  1211678 f594b871f8d8893b1122f4baf41bf738
     http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:   208596 fc67aeda5dbe15ad3fd2e8a63c8bd78d
     http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:  2288234 9c6cc1afd6d73db52950bbacdf6f1b21
     http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:    33806 488f0b0c06014c6965ebc37c23a31c97

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:   399780 2ee914f94573b737c0ec2960f5b6021b
     http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:   332258 d82a12ead7f31eb08297dcf297f11ac3
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:  1149542 e0d91210417e01baee9daecbd2bf9d08
     http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:   192322 80b9769f249667bb5a8497f408b4f1ca
     http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:  2131942 662fc5f69355ab54808eb3e202d362db
     http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:    27486 86f8f0d96fbada9634ab44d85c88a266

  Big endian MIPS architecture:

     http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_mips.deb
      Size/MD5 checksum:   522852 39a821b855c5f94f1880238f08dbd157
     http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_mips.deb
      Size/MD5 checksum:   364940 9e3d5a5fc15458565a4f1b73bba170a2
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_mips.deb
      Size/MD5 checksum:  1159180 84fc705de28814be8ea604250e817889
     http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_mips.deb
      Size/MD5 checksum:   185938 0e50a8c0f01a1f1543f9cae137eb4dd5
     http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_mips.deb
      Size/MD5 checksum:  2408720 1c16ad8df71d2d0dc6f3406945e7c452
     http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_mips.deb
      Size/MD5 checksum:    28782 972d38da8c32efe69a873fe672f46b4d

  Little endian MIPS architecture:

     http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:   516598 46517edcc8756a1cf8ab9da1c33dac22
     http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:   361580 bb8f03ff7a601a26f700b1cf0cceb730
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:  1160358 3b6d35a5fe4e99fd2d11c8bad52175d5
     http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:   185442 71c02babd3baf6aa2e8f0e307263dde6
     http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:  2265660 136f94b40250507788f57bbb2bde6f13
     http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:    28352 48eb4a7ee90f6f9d811a03e943241119

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:   567782 150087235609b5db08d25ea73d1a4f8c
     http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:   400802 1dfaa93883376741b2fb3b8d16084eee
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:  1183410 e6b36359842d16b760f211b768ffcfdb
     http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:   202314 14355f64ccdf27a760445291895aa4ed
     http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:  2301236 f3c8a582a29b1fe1a92a783c03129f33
     http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:    30570 8651038ad39122fc271cdfdbd70baec0

  IBM S/390 architecture:

     http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_s390.deb
      Size/MD5 checksum:   456344 c152e120efd8b83ddb067b2baa12d661
     http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_s390.deb
      Size/MD5 checksum:   405160 379d96724db8ef0489449b6d6c75d650
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_s390.deb
      Size/MD5 checksum:  1168056 80c3d6a9f7c9669f8a641264f1543165
     http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_s390.deb
      Size/MD5 checksum:   191384 b2cca1f491a3e5c9a353092aa1f59b08
     http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_s390.deb
      Size/MD5 checksum:  2210640 d475d03fbcdfb8e6a92552ded1243806
     http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_s390.deb
      Size/MD5 checksum:    32538 fff120c1e5282e999e318f801cd2cafd

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:   529134 116cf6d1c774077ef118cfac42af6779
     http://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:   404524 6568c1e828c1dcae39ceabe381d75b0b
     http://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:  1191856 f6dac34265d1772e6cfd3c1224fa6f37
     http://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:   211210 7d978926ebb4f1de043559ec13edcb50
     http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:  2285564 a852621df3ac940ee6cc769af2ec4f14
     http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:    30718 28588a5423729c87f2f7865228ad20dd

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and  http://packages.debian.org/

    Related News

    61 impacted versions of Apache Struts left off security advisories
    61 impacted versions of Apache Struts left off security advisories
    Multiple HTTP/2 DoS flaws found by Netflix
    Multiple HTTP/2 DoS flaws found by Netflix
    The best and worst of Black Hat 2019
    The best and worst of Black Hat 2019
    Hacking forum spills rival’s 321,000 member database
    Hacking forum spills rival’s 321,000 member database
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    Ubuntu 4104-1: Nova vulnerability
    Date19 Aug 2019 @ 15:20
    SUSE: 2019:2180-1 important: python-Django
    Date19 Aug 2019 @ 13:12
    SUSE: 2019:2181-1 important: nodejs6
    Date19 Aug 2019 @ 13:12
    SUSE: 2019:2182-1 moderate: rubygem-rails-html-sanitizer
    Date19 Aug 2019 @ 13:11

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Learn More