--Yylu36WmvOXNoKYn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline =========================================================== Ubuntu Security Notice USN-44-1 December 21, 2004 perl vulnerabilities CAN-2004-0452 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: perl-modules The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.2. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A race condition and possible information leak has been discovered in Perl's File::Path::rmtree(). This function changes the permission of files and directories before removing them to avoid problems with wrong permissions. However, they were made readable and writable not only for the owner, but for the entire world, which opened a race condition and a possible information leak (if the actual removal of a file/directory failed for some reason). Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2.diff.gz Size/MD5: 57275 7c5bfeaebe727e706b2f5187a83ca30d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2.dsc Size/MD5: 727 f9f33d4fff77573d6dcf4b06bc360837 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.2_all.deb Size/MD5: 36536 a00d1cd79825a29cb0711563b9c3e090 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.2_all.deb Size/MD5: 7049930 0a95b9e57ea618a92c1d7dcf5f2acf68 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.2_all.deb Size/MD5: 2181378 13957c0f2d39068891ec94c2b6ca8e21 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.2_amd64.deb Size/MD5: 605384 cf119880fc05c4f39b88020906853153 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.2_amd64.deb Size/MD5: 1030 f945f03d278b406e7002d7ca2a9daa7d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.2_amd64.deb Size/MD5: 786796 04cec9bde93828ae970a50f0c17d742c http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.2_amd64.deb Size/MD5: 3819858 e399fb65322565bea74b1c368376e0a9 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.2_amd64.deb Size/MD5: 32834 2fdd6630ed9734ecf52175317abd73bb http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2_amd64.deb Size/MD5: 3834294 8c2bc2159adf44eaa11c00ed822dcbe2 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.2_i386.deb Size/MD5: 546846 c280e92bca69e4d35afec165f269548c http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.2_i386.deb Size/MD5: 494038 3bef54ba7fd432eaa2eb8f457bd76c16 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.2_i386.deb Size/MD5: 727156 7db0cb83924058566c96008473c62e48 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.2_i386.deb Size/MD5: 3631004 fe315ecd0b69a9b36bc06b8fd4ce696a http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.2_i386.deb Size/MD5: 30814 2c399de025ab3beda085d2a1ccb53450 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2_i386.deb Size/MD5: 3229768 4bb3ed09adcd85a543472aab7ca9225a powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.2_powerpc.deb Size/MD5: 560978 bf01c6b3573261f5b44aa20b75ac0747 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.2_powerpc.deb Size/MD5: 1032 c6b483f4ec3021bb9d198a566d017e86 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.2_powerpc.deb Size/MD5: 718122 f4b86a11865691a5aa54329530bac295 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.2_powerpc.deb Size/MD5: 3817060 904ec3058d81e037e086c3eeb9a1cc39 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.2_powerpc.deb Size/MD5: 30560 47a80c652b51ce2042eeaa4ae5919346 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.2_powerpc.deb Size/MD5: 3477172 6412491bf1c5aad614efdf142daaf667 --Yylu36WmvOXNoKYn Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBx/qBDecnbV4Fd/IRAjvPAJ9RAvdPyyi1TWrUcUgVfc2ETZ6SXgCeKAzK gFjuFRG86OvWWSyoQZIYulA= =t68T -----END PGP SIGNATURE----- --Yylu36WmvOXNoKYn--