RedHat: Updated perl-DBI package fixes security issue

    Date01 Feb 2005
    CategoryRed Hat
    6984
    Posted ByJoe Shakespeare
    An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available.
    - ---------------------------------------------------------------------
                       Red Hat Security Advisory
    
    Synopsis:          Updated perl-DBI package fixes security issue
    Advisory ID:       RHSA-2005:069-01
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-069.html
    Issue date:        2005-02-01
    Updated on:        2005-02-01
    Product:           Red Hat Enterprise Linux
    CVE Names:         CAN-2005-0077
    - ---------------------------------------------------------------------
    
    1. Summary:
    
    An updated perl-DBI package that fixes a temporary file flaw in
    DBI::ProxyServer is now available.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
    Red Hat Linux Advanced Workstation 2.1 - ia64
    Red Hat Enterprise Linux ES version 2.1 - i386
    Red Hat Enterprise Linux WS version 2.1 - i386
    Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
    Red Hat Desktop version 3 - i386, x86_64
    Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
    Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
    
    3. Problem description:
    
    DBI is a database access Application Programming Interface (API) for
    the Perl programming language. 
    
    The Debian Security Audit Project discovered that the DBI library creates a
    temporary PID file in an insecure manner.  A local user could overwrite or
    create files as a different user who happens to run an application which
    uses DBI::ProxyServer.  The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CAN-2005-0077 to this issue. 
    
    Users should update to this erratum package which disables the temporary
    PID file unless configured.
    
    4. Solution:
    
    Before applying this update, make sure that all previously-released
    errata relevant to your system have been applied.  Use Red Hat
    Network to download and update your packages.  To launch the Red Hat
    Update Agent, use the following command:
    
        up2date
    
    For information on how to install packages manually, refer to the
    following Web page for the System Administration or Customization
    guide specific to your system:
    
        http://www.redhat.com/docs/manuals/enterprise/
    
    5. Bug IDs fixed (http://bugzilla.redhat.com/):
    
    145577 - CAN-2005-0077 perl-DBI insecure temporary file usage
    
    6. RPMs required:
    
    Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/perl-DBI-1.18-3.src.rpm
    b614c046679c98e6cee4b3ef143aff6e  perl-DBI-1.18-3.src.rpm
    
    i386:
    22af0266ecb99d0997a2d9f245e3a048  perl-DBI-1.18-3.i386.rpm
    
    ia64:
    c77842c2d3164aaaccbdbc835b28834b  perl-DBI-1.18-3.ia64.rpm
    
    Red Hat Linux Advanced Workstation 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/perl-DBI-1.18-3.src.rpm
    b614c046679c98e6cee4b3ef143aff6e  perl-DBI-1.18-3.src.rpm
    
    ia64:
    c77842c2d3164aaaccbdbc835b28834b  perl-DBI-1.18-3.ia64.rpm
    
    Red Hat Enterprise Linux ES version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/perl-DBI-1.18-3.src.rpm
    b614c046679c98e6cee4b3ef143aff6e  perl-DBI-1.18-3.src.rpm
    
    i386:
    22af0266ecb99d0997a2d9f245e3a048  perl-DBI-1.18-3.i386.rpm
    
    Red Hat Enterprise Linux WS version 2.1:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/perl-DBI-1.18-3.src.rpm
    b614c046679c98e6cee4b3ef143aff6e  perl-DBI-1.18-3.src.rpm
    
    i386:
    22af0266ecb99d0997a2d9f245e3a048  perl-DBI-1.18-3.i386.rpm
    
    Red Hat Enterprise Linux AS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/perl-DBI-1.32-9.src.rpm
    eabf3cd83dd61c9b09d2bb6e2160755a  perl-DBI-1.32-9.src.rpm
    
    i386:
    6aea6d47ab2a26300af6ed577405e6b7  perl-DBI-1.32-9.i386.rpm
    
    ia64:
    9f9dbb9313e84f86908b00aeb737c424  perl-DBI-1.32-9.ia64.rpm
    
    ppc:
    ff90be122c3636ba3b2b253428092633  perl-DBI-1.32-9.ppc.rpm
    
    s390:
    fc8faf4640441c1b5cd77972a23ac4ec  perl-DBI-1.32-9.s390.rpm
    
    s390x:
    371823a6fb25f64dd773073c814d513b  perl-DBI-1.32-9.s390x.rpm
    
    x86_64:
    86936f627f02c8f96da5467c536997e6  perl-DBI-1.32-9.x86_64.rpm
    
    Red Hat Desktop version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/perl-DBI-1.32-9.src.rpm
    eabf3cd83dd61c9b09d2bb6e2160755a  perl-DBI-1.32-9.src.rpm
    
    i386:
    6aea6d47ab2a26300af6ed577405e6b7  perl-DBI-1.32-9.i386.rpm
    
    x86_64:
    86936f627f02c8f96da5467c536997e6  perl-DBI-1.32-9.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/perl-DBI-1.32-9.src.rpm
    eabf3cd83dd61c9b09d2bb6e2160755a  perl-DBI-1.32-9.src.rpm
    
    i386:
    6aea6d47ab2a26300af6ed577405e6b7  perl-DBI-1.32-9.i386.rpm
    
    ia64:
    9f9dbb9313e84f86908b00aeb737c424  perl-DBI-1.32-9.ia64.rpm
    
    x86_64:
    86936f627f02c8f96da5467c536997e6  perl-DBI-1.32-9.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/perl-DBI-1.32-9.src.rpm
    eabf3cd83dd61c9b09d2bb6e2160755a  perl-DBI-1.32-9.src.rpm
    
    i386:
    6aea6d47ab2a26300af6ed577405e6b7  perl-DBI-1.32-9.i386.rpm
    
    ia64:
    9f9dbb9313e84f86908b00aeb737c424  perl-DBI-1.32-9.ia64.rpm
    
    x86_64:
    86936f627f02c8f96da5467c536997e6  perl-DBI-1.32-9.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://www.redhat.com/security/team/key/#package
    
    7. References:
    
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0077
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://www.redhat.com/security/team/contact/
    
    Copyright 2005 Red Hat, Inc.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.76,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":12.93,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.31,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.