Back

    Debian: perl Information leak vulnerabilities

    Date 19 Apr 2004
    Category Debian Linux Distribution - Security Advisories
    3221
    Posted By LinuxSecurity Advisories
    DSA 431-1 incorporated a partial fix for this problem. This advisoryincludes a more complete fix which corrects some additional cases. 
    
Debian Security Advisory DSA 431-2                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
https://www.debian.org/security/                             Matt Zimmerman
April 16th, 2004                         https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : perl
Vulnerability  : information leak
Problem-Type   : local
Debian-specific: no
CVE Ids        : CAN-2003-0618

Paul Szabo discovered a number of similar bugs in suidperl, a helper
program to run perl scripts with setuid privileges.  By exploiting
these bugs, an attacker could abuse suidperl to discover information
about files (such as testing for their existence and some of their
permissions) that should not be accessible to unprivileged users.

DSA 431-1 incorporated a partial fix for this problem.  This advisory
includes a more complete fix which corrects some additional cases.

For the current stable distribution (woody) this problem has been
fixed in version 5.6.1-8.7.

For the unstable distribution, this problem has been fixed in version
5.8.3-3.

We recommend that you update your perl package if you have the
"perl-suid" package installed.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7.dsc
      Size/MD5 checksum:      687 a991455e0aceb15577058550a4e7a58b
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7.diff.gz
      Size/MD5 checksum:   157187 c4142d9553724963475e3ac83b7cfa75
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1.orig.tar.gz
      Size/MD5 checksum:  5983695 ec1ff15464809b562aecfaa2e65edba6

  Architecture independent components:

     https://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.6.1-8.7_all.deb
      Size/MD5 checksum:    30986 605d678c5351a04c559eb91c92224330
     https://security.debian.org/pool/updates/main/p/perl/perl-doc_5.6.1-8.7_all.deb
      Size/MD5 checksum:  3892174 622ee5f4426479eac9923ce8a615f8bb
     https://security.debian.org/pool/updates/main/p/perl/perl-modules_5.6.1-8.7_all.deb
      Size/MD5 checksum:  1284502 c502b6581cddcbec73603365ba2b3c91

  Alpha architecture:

     https://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:   620294 07e38c51c8ca20102b088fdce1fab354
     https://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:   435786 ecadd53c15edb37aa6919210dfa71a7d
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:  1217702 66bbe713ab6017e91dd050d2bc3a3626
     https://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:   208726 98fb9debca3d28a7b92454a03fba23da
     https://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:  2826500 8998d4bb47b35558e302cddce343a79a
     https://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_alpha.deb
      Size/MD5 checksum:    34570 b706eb26f78cc37ebc1d037301a98160

  ARM architecture:

     https://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_arm.deb
      Size/MD5 checksum:   516692 c767fd61532053e819d860b59120adfc
     https://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_arm.deb
      Size/MD5 checksum:   362950 17996f407fec576584b7f57c13d335f9
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_arm.deb
      Size/MD5 checksum:  1164306 b94f9f79d1cfc369146d13ce87d5b13a
     https://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_arm.deb
      Size/MD5 checksum:   545424 ef03138c3fbf6e4814d9bfcec3c3778a
     https://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_arm.deb
      Size/MD5 checksum:  2307408 962e45a6371c99305a9fb9a5ab9a4ec2
     https://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_arm.deb
      Size/MD5 checksum:    29204 8f1fb543b1889960bb621af8fcbd7ddf

  Intel IA-32 architecture:

     https://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_i386.deb
      Size/MD5 checksum:   424654 0ad393b304d64b7c952ac84f237aca52
     https://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_i386.deb
      Size/MD5 checksum:   347984 150e94da2d527462997f519a09bd6299
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_i386.deb
      Size/MD5 checksum:  1159654 3d9f6212d155543e9386b51a63254f51
     https://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_i386.deb
      Size/MD5 checksum:   497374 f23b673fab7977a06c4b683c47abbd4d
     https://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_i386.deb
      Size/MD5 checksum:  2119098 d811ed3c32389f4b7f96af510c60b2ca
     https://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_i386.deb
      Size/MD5 checksum:    28424 8050f765f6e6c1d2846f1ecffea46410

  Intel IA-64 architecture:

     https://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:   703800 98b9613a766899236656b3d14f853cad
     https://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:   599440 5884023305567e2154cf21db04ad4a4d
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:  1266508 805f604c9e913eacc63b81b1063cfa64
     https://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:   226492 21d55eaeb321baa8b18ceac3bc5d1a82
     https://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:  3312646 55a3421d9a6077cb6bbcb896227818f2
     https://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_ia64.deb
      Size/MD5 checksum:    44934 469d65c1903c6e5dbb7b2d379967f36a

  HP Precision architecture:

     https://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:   623292 e8cc3a186195903aa19161c483418525
     https://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:   473744 c1c09e61b138d2e2c5ebab4cc6f02e82
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:  1211678 f594b871f8d8893b1122f4baf41bf738
     https://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:   208596 fc67aeda5dbe15ad3fd2e8a63c8bd78d
     https://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:  2288234 9c6cc1afd6d73db52950bbacdf6f1b21
     https://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_hppa.deb
      Size/MD5 checksum:    33806 488f0b0c06014c6965ebc37c23a31c97

  Motorola 680x0 architecture:

     https://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:   399780 2ee914f94573b737c0ec2960f5b6021b
     https://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:   332258 d82a12ead7f31eb08297dcf297f11ac3
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:  1149542 e0d91210417e01baee9daecbd2bf9d08
     https://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:   192322 80b9769f249667bb5a8497f408b4f1ca
     https://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:  2131942 662fc5f69355ab54808eb3e202d362db
     https://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_m68k.deb
      Size/MD5 checksum:    27486 86f8f0d96fbada9634ab44d85c88a266

  Big endian MIPS architecture:

     https://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_mips.deb
      Size/MD5 checksum:   522852 39a821b855c5f94f1880238f08dbd157
     https://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_mips.deb
      Size/MD5 checksum:   364940 9e3d5a5fc15458565a4f1b73bba170a2
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_mips.deb
      Size/MD5 checksum:  1159180 84fc705de28814be8ea604250e817889
     https://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_mips.deb
      Size/MD5 checksum:   185938 0e50a8c0f01a1f1543f9cae137eb4dd5
     https://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_mips.deb
      Size/MD5 checksum:  2408720 1c16ad8df71d2d0dc6f3406945e7c452
     https://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_mips.deb
      Size/MD5 checksum:    28782 972d38da8c32efe69a873fe672f46b4d

  Little endian MIPS architecture:

     https://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:   516598 46517edcc8756a1cf8ab9da1c33dac22
     https://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:   361580 bb8f03ff7a601a26f700b1cf0cceb730
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:  1160358 3b6d35a5fe4e99fd2d11c8bad52175d5
     https://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:   185442 71c02babd3baf6aa2e8f0e307263dde6
     https://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:  2265660 136f94b40250507788f57bbb2bde6f13
     https://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_mipsel.deb
      Size/MD5 checksum:    28352 48eb4a7ee90f6f9d811a03e943241119

  PowerPC architecture:

     https://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:   567782 150087235609b5db08d25ea73d1a4f8c
     https://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:   400802 1dfaa93883376741b2fb3b8d16084eee
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:  1183410 e6b36359842d16b760f211b768ffcfdb
     https://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:   202314 14355f64ccdf27a760445291895aa4ed
     https://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:  2301236 f3c8a582a29b1fe1a92a783c03129f33
     https://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_powerpc.deb
      Size/MD5 checksum:    30570 8651038ad39122fc271cdfdbd70baec0

  IBM S/390 architecture:

     https://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_s390.deb
      Size/MD5 checksum:   456344 c152e120efd8b83ddb067b2baa12d661
     https://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_s390.deb
      Size/MD5 checksum:   405160 379d96724db8ef0489449b6d6c75d650
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_s390.deb
      Size/MD5 checksum:  1168056 80c3d6a9f7c9669f8a641264f1543165
     https://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_s390.deb
      Size/MD5 checksum:   191384 b2cca1f491a3e5c9a353092aa1f59b08
     https://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_s390.deb
      Size/MD5 checksum:  2210640 d475d03fbcdfb8e6a92552ded1243806
     https://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_s390.deb
      Size/MD5 checksum:    32538 fff120c1e5282e999e318f801cd2cafd

  Sun Sparc architecture:

     https://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:   529134 116cf6d1c774077ef118cfac42af6779
     https://security.debian.org/pool/updates/main/p/perl/libperl5.6_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:   404524 6568c1e828c1dcae39ceabe381d75b0b
     https://security.debian.org/pool/updates/main/p/perl/perl_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:  1191856 f6dac34265d1772e6cfd3c1224fa6f37
     https://security.debian.org/pool/updates/main/p/perl/perl-base_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:   211210 7d978926ebb4f1de043559ec13edcb50
     https://security.debian.org/pool/updates/main/p/perl/perl-debug_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:  2285564 a852621df3ac940ee6cc769af2ec4f14
     https://security.debian.org/pool/updates/main/p/perl/perl-suid_5.6.1-8.7_sparc.deb
      Size/MD5 checksum:    30718 28588a5423729c87f2f7865228ad20dd

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  https://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and  https://packages.debian.org/

    Get the Latest News & Insights

    Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

    Related News

    First Point Version Ubuntu 20.04.1 LTS Arrives With A Lot Of Bug Fixes
    First Point Version Ubuntu 20.04.1 LTS Arrives With A Lot Of Bug Fixes
    GRUB2 Boot Failure Issues Fixed in Debian and Ubuntu, Update Now
    GRUB2 Boot Failure Issues Fixed in Debian and Ubuntu, Update Now
    Linux Foundation Addresses Open Source Security
    Linux Foundation Addresses Open Source Security
    Linux 5.8 launched: Linus Torvalds's 'biggest release of all time' brings these new updates
    Linux 5.8 launched: Linus Torvalds's 'biggest release of all time' brings these new updates

    LinuxSecurity Poll

    If you are using full-disk encryption: are you concerned about the resulting performance hit?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/34-if-you-are-using-full-disk-encryption-are-you-concerned-about-the-resulting-performance-hit?task=poll.vote&format=json
    34
    radio
    [{"id":"120","title":"Yes","votes":"14","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"121","title":"No ","votes":"10","type":"x","order":"2","pct":41.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    openSUSE: 2020:1175-1: important: java-11-openjdk
    Date 09 Aug 2020 @ 16:13
    Debian LTS: DLA-2319-1: xrdp security update
    Date 09 Aug 2020 @ 12:32
    Debian LTS: DLA-2316-1: ruby-kramdown security update
    Date 09 Aug 2020 @ 00:29
    openSUSE: 2020:1172-1: moderate: opera
    Date 08 Aug 2020 @ 22:12

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Our Cookie Policy