what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.207

Mandriva Linux Security Advisory 2007.207
Posted Nov 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, resulting in the possible execution of arbitrary code with the permissions of the user running Perl.

tags | advisory, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2007-5116
SHA-256 | 37ebdc3f13e1eb779e7cd63aa7636b79508f0ec1d89d2455e1f0a73175c8afe5
Download | Favorite | View

Mandriva Linux Security Advisory 2007.207

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:207
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : perl
 Date    : November 5, 2007
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular
 expression engine.  Specially crafted input to a regular expression can
 cause Perl to improperly allocate memory, resulting in the possible
 execution of arbitrary code with the permissions of the user running
 Perl.
 
 Updated packages have been patched to prevent these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 7dee97092269465ccb5de0f35321ab13  2007.0/i586/perl-5.8.8-7.1mdv2007.0.i586.rpm
 efd626e1f1efd248e6c6570e88a599c3  2007.0/i586/perl-base-5.8.8-7.1mdv2007.0.i586.rpm
 62b10d28a5abc05d3b8cd35c7f68e8aa  2007.0/i586/perl-devel-5.8.8-7.1mdv2007.0.i586.rpm
 3a9dc19143ab6a27713fdeb6665d8d76  2007.0/i586/perl-doc-5.8.8-7.1mdv2007.0.i586.rpm
 60b511580ae4f514434dd111efa42872  2007.0/i586/perl-suid-5.8.8-7.1mdv2007.0.i586.rpm 
 08e44392992b4ab983bf85debb8be462  2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 be33f079454aec3b88f21716dfacf8d6  2007.0/x86_64/perl-5.8.8-7.1mdv2007.0.x86_64.rpm
 5a82850218434119c3f55047b3068213  2007.0/x86_64/perl-base-5.8.8-7.1mdv2007.0.x86_64.rpm
 4f995ed4fa46f2bf79a427d9341e895b  2007.0/x86_64/perl-devel-5.8.8-7.1mdv2007.0.x86_64.rpm
 e949a7e20661c6c5f4c4511f25196ff6  2007.0/x86_64/perl-doc-5.8.8-7.1mdv2007.0.x86_64.rpm
 a3df44cc0b957b02bfcab3eed98542dd  2007.0/x86_64/perl-suid-5.8.8-7.1mdv2007.0.x86_64.rpm 
 08e44392992b4ab983bf85debb8be462  2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 efb800025ab3001b90af0e16e5a49886  2007.1/i586/perl-5.8.8-10.1mdv2007.1.i586.rpm
 515beec177dd5a0418090016ae357274  2007.1/i586/perl-base-5.8.8-10.1mdv2007.1.i586.rpm
 ae79195a6f27e44fd4ff7899497cf948  2007.1/i586/perl-devel-5.8.8-10.1mdv2007.1.i586.rpm
 f721306e820d4c66db3466917cde67f9  2007.1/i586/perl-doc-5.8.8-10.1mdv2007.1.i586.rpm
 85a219e5b2c3788841024be8d81b2cac  2007.1/i586/perl-suid-5.8.8-10.1mdv2007.1.i586.rpm 
 9b22a92ec4a3dc898a12bbb80ada4de2  2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 1a17302f843293a5dc0063fe3e4549c0  2007.1/x86_64/perl-5.8.8-10.1mdv2007.1.x86_64.rpm
 c85ba481d517ec81c54eea5bc7064405  2007.1/x86_64/perl-base-5.8.8-10.1mdv2007.1.x86_64.rpm
 5d3b84a1444339a83058bc3493506d22  2007.1/x86_64/perl-devel-5.8.8-10.1mdv2007.1.x86_64.rpm
 005d395a8717bd5af248820eb01cc1d8  2007.1/x86_64/perl-doc-5.8.8-10.1mdv2007.1.x86_64.rpm
 f6c966ea032f921f033934d1f894b96b  2007.1/x86_64/perl-suid-5.8.8-10.1mdv2007.1.x86_64.rpm 
 9b22a92ec4a3dc898a12bbb80ada4de2  2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 6e84010549818c839e91034391b79f4f  2008.0/i586/perl-5.8.8-12.1mdv2008.0.i586.rpm
 f09541f2caf348aee64161cecdf7276e  2008.0/i586/perl-base-5.8.8-12.1mdv2008.0.i586.rpm
 dce7ae7aba1d356fd366075b67478493  2008.0/i586/perl-devel-5.8.8-12.1mdv2008.0.i586.rpm
 b3169afea74fd707021d03410172b6c0  2008.0/i586/perl-doc-5.8.8-12.1mdv2008.0.i586.rpm
 78585fde0ad5b02f3e7c0f01d31a1ccf  2008.0/i586/perl-suid-5.8.8-12.1mdv2008.0.i586.rpm 
 584ad050342c7136e161fc48d29398bf  2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 6ee9071cb1b0a6f38e731b1cd9a421e7  2008.0/x86_64/perl-5.8.8-12.1mdv2008.0.x86_64.rpm
 d7bd85fb101d94bf1dc84bcf817533d7  2008.0/x86_64/perl-base-5.8.8-12.1mdv2008.0.x86_64.rpm
 031487e27d7f2a12003efe8ab714a096  2008.0/x86_64/perl-devel-5.8.8-12.1mdv2008.0.x86_64.rpm
 3c1846b134cbd1461ffd291a95f6e2d2  2008.0/x86_64/perl-doc-5.8.8-12.1mdv2008.0.x86_64.rpm
 99f545fefe35f45b5d90d2f98fe14da5  2008.0/x86_64/perl-suid-5.8.8-12.1mdv2008.0.x86_64.rpm 
 584ad050342c7136e161fc48d29398bf  2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm

 Corporate 3.0:
 9388a0766403e1accc6afc3d963960ba  corporate/3.0/i586/perl-5.8.3-5.6.C30mdk.i586.rpm
 a67623fb7d2e4e18ca8976c64e43a4ca  corporate/3.0/i586/perl-base-5.8.3-5.6.C30mdk.i586.rpm
 9068ad50c3e10c29940bb071651a8d4d  corporate/3.0/i586/perl-devel-5.8.3-5.6.C30mdk.i586.rpm
 a8a2e1b1963c212e4644c320f27c71d3  corporate/3.0/i586/perl-doc-5.8.3-5.6.C30mdk.i586.rpm 
 15b73b73ea6dd0de1100e1445690c034  corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 f2f7445b49d5d7afa7b3766d71bdf65f  corporate/3.0/x86_64/perl-5.8.3-5.6.C30mdk.x86_64.rpm
 ef5dabb99fdbe28068089eba1fd8bcc4  corporate/3.0/x86_64/perl-base-5.8.3-5.6.C30mdk.x86_64.rpm
 4a5a04a330db20f460229aa69ded5e95  corporate/3.0/x86_64/perl-devel-5.8.3-5.6.C30mdk.x86_64.rpm
 2bc06d931706f57fa946822f9396ffd6  corporate/3.0/x86_64/perl-doc-5.8.3-5.6.C30mdk.x86_64.rpm 
 15b73b73ea6dd0de1100e1445690c034  corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm

 Corporate 4.0:
 e158109794ad5e71bc02f41adec150e1  corporate/4.0/i586/perl-5.8.7-3.3.20060mlcs4.i586.rpm
 03c680726cf01c3d8f25cb7d61d7bb10  corporate/4.0/i586/perl-base-5.8.7-3.3.20060mlcs4.i586.rpm
 51f55a3998dbcf2e9abcf821ffb3026f  corporate/4.0/i586/perl-devel-5.8.7-3.3.20060mlcs4.i586.rpm
 f936e8720be0d37223b8a97dc2ed2704  corporate/4.0/i586/perl-doc-5.8.7-3.3.20060mlcs4.i586.rpm
 b4068ddb2d92f4845c29a6b3ca8feef5  corporate/4.0/i586/perl-suid-5.8.7-3.3.20060mlcs4.i586.rpm 
 3b23f4612d0a011d50c5eb6960ffa5c4  corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 c42250a8c42a0e349102ff977c6659cc  corporate/4.0/x86_64/perl-5.8.7-3.3.20060mlcs4.x86_64.rpm
 82d2bcbda0229415464c10471f881517  corporate/4.0/x86_64/perl-base-5.8.7-3.3.20060mlcs4.x86_64.rpm
 7f07eddd92d4c49b3ee5c32c69d52996  corporate/4.0/x86_64/perl-devel-5.8.7-3.3.20060mlcs4.x86_64.rpm
 140b57c79fc305a52e13ce5550e7d05c  corporate/4.0/x86_64/perl-doc-5.8.7-3.3.20060mlcs4.x86_64.rpm
 ec3007ca202716e0c3872c37141fc2cc  corporate/4.0/x86_64/perl-suid-5.8.7-3.3.20060mlcs4.x86_64.rpm 
 3b23f4612d0a011d50c5eb6960ffa5c4  corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 8ea5d389e9ddd9ca2e1b78869ad14ca7  mnf/2.0/i586/perl-5.8.3-5.6.M20mdk.i586.rpm
 f53bd974980010568e5153578d628323  mnf/2.0/i586/perl-base-5.8.3-5.6.M20mdk.i586.rpm
 1335c295512b38ea524e201c66551132  mnf/2.0/i586/perl-devel-5.8.3-5.6.M20mdk.i586.rpm
 8e306b59ecbb8583d5c1e4e74ef62e34  mnf/2.0/i586/perl-doc-5.8.3-5.6.M20mdk.i586.rpm 
 7576ea8ec817978b4602f5bf4c3436c5  mnf/2.0/SRPMS/perl-5.8.3-5.6.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHL9FBmqjQ0CJFipgRAhxaAJ44oWRrf/Q1Zj9q+HP4Y3pj9Y8XugCg398H
Rl9c0TwvCe/HjAyI42+NhlU=
=o1R+
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close