=========================================================== Ubuntu Security Notice USN-222-1 December 02, 2005 perl vulnerability CVE-2005-3962 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: perl-base The problem can be corrected by upgrading the affected package to version 5.8.4-2ubuntu0.5 (for Ubuntu 4.10), 5.8.4-6ubuntu1.1 (for Ubuntu 5.04), or 5.8.7-5ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program. However, this attack was only possible in insecure Perl programs which use variables with user-defined values in string interpolations without checking their validity. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5.diff.gz Size/MD5: 60449 138a02883a2dbe7a64ab04afdd66e9d9 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5.dsc Size/MD5: 727 703d3ffd2a87bde7c541c6e8e837aadb http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-2ubuntu0.5_all.deb Size/MD5: 37058 bd3315452eecd9d428dabe16e53f2ded http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-2ubuntu0.5_all.deb Size/MD5: 7049780 5786917c60337ce874fe75bd3356ca12 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-2ubuntu0.5_all.deb Size/MD5: 2181250 7c97e5758dfff350f684ba84aab0a2dc amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 605446 b75c1a5bf7e1663f74c99fe3b42ceab7 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 1030 010890e33535d7a9b5f3c29fb18c2278 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 787320 7028286655aa8f1583cbc33de1769810 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 3819880 c0234ca782a1821ceb46a6e3f31c5040 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 32838 298ae33f6e488bb5676358862672bf7d http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_amd64.deb Size/MD5: 3834290 ea9cb2fe0d5da2cf9f41280d82af236f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 546916 c1696ad6b6cc8b135ef8b9b3c4d641dc http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 494116 6969f99be7a08e72397f88141cf792fa http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 727682 8df403b46255458380f8f1cc470695cf http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 3631196 8b2c590421d6fb1990c10cbbd082127e http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 30812 e59daea11508610cce6fbfe1d1d27352 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_i386.deb Size/MD5: 3229772 b29f36a2a1d486b13b021785ae7416e4 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 561030 3d81dd76a5b743776b4c8b9596199075 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 1036 febc4be8e86ba57988038b2245098602 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 718498 5e1d9871793e853806968c95d065da8c http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 3817110 71b313d4d4e8fbaf159c570ca8a67ccc http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 30564 869d07e824d69d9eb729ffac2ee3e307 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-2ubuntu0.5_powerpc.deb Size/MD5: 3477134 5bc641ebc225d4df2d758a27bc4b076d Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1.diff.gz Size/MD5: 85222 f860ad98b388fe9b8bb86cc7e35345c7 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1.dsc Size/MD5: 744 a7ed7714ee125e9ef47ad3815ef631d9 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4.orig.tar.gz Size/MD5: 12094233 912050a9cb6b0f415b76ba56052fb4cf Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.4-6ubuntu1.1_all.deb Size/MD5: 37848 e127ed7dfc844352edc5decfce571304 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.4-6ubuntu1.1_all.deb Size/MD5: 7050018 04f464518415aba917f23fb92aa2c692 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.4-6ubuntu1.1_all.deb Size/MD5: 2178096 dd899c9f55a68afd7b9fbfd20be24e6d amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 605492 e7ced10f4d56325865215644ca3cf206 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 1032 0de0991b480a41be576e0eb314cf9076 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 791098 48622e7501239e1bf514a478958e641f http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 3825826 86680f4b3ec293e8ff7d6766aa8e34fc http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 32840 9087597015a77995be3fae92dc8875dd http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_amd64.deb Size/MD5: 3833986 0e950b7f25c2c2d133cdc5deeed083bc i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 547172 be2b0d1b086af1fe4de25456d8db0a32 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 494206 a23e58dc0ed626af909d7b5d6992665c http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 731022 5cbdd58be91bec1b8bda5b9e0ce5041c http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 3630452 340473c47f02b82e3ab58ebce8a2cb4c http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 30464 5c493e827dcd495f0a74be1cb7d76d26 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_i386.deb Size/MD5: 3230234 6dfd8e1ffc89ab95f380093ae676829a powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 625218 71310d2d768fe03cf6a9a23a4d43298a http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 1044 45d4349e536701ce7ed8032056da3ba0 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 789578 1ff2f2abd2469dc46cb7cbda0d9be51d http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 3588104 2fbb1cb36d1f38af8a165397bbe08695 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 33578 9b2011b06bf9837f88d24cbc4051067c http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.4-6ubuntu1.1_powerpc.deb Size/MD5: 3509086 5029a74793ea9a46ddf8053a94193d21 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1.diff.gz Size/MD5: 134597 d5eb14b2a7b72b5fef014284cb989404 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1.dsc Size/MD5: 724 cc3cd8ed85ab22c3dc5bcc28e4dfa166 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7.orig.tar.gz Size/MD5: 12512211 dacefa1fe3c5b6d7bbc334ad94826131 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-perl_5.8.7-5ubuntu1.1_all.deb Size/MD5: 39132 1698e69173383d40dbf7265ea9c31c75 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.7-5ubuntu1.1_all.deb Size/MD5: 7206644 da242594035cf2bf1e7f7e73e67c2562 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.7-5ubuntu1.1_all.deb Size/MD5: 2325766 7f69e0426eca9092f4e0da8c12be7cb5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 641136 5f3b2d6818b93ce69f45c2225475f994 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 1008 909ca536921167aa03a9bcfe17504ecc http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 819570 323c17484cbcdd2325016faa41954d9d http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 2689162 81924c3f4ea92a95efe6ca26a9e93d35 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 31392 7b62c900f9d4226baf46536f33aa43cb http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_amd64.deb Size/MD5: 3974714 ec727b329279874b06c3a1ff4eaf013d i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 560106 4a7bfbf041785c53c17549b9fe8b5651 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 505946 8b87d461dd40e550869ab377449cd07b http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 737400 49b7d3f90c86c53c75dddaf1c7451b01 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 2453904 932044f5e5b32e7cbe7ebe7ba1787806 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 28828 1824f7c1147d4039b5ad8e0880329fc2 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_i386.deb Size/MD5: 3297136 39cdfaba9743158eb0f770e2caec2adc powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 656086 7fbb2c2885063467fb63ceadf83856e0 http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 1008 c463dda6c6b94f4a279d8180924c1fa3 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 814770 ba1a2147b2717afdeb6bc6c603748684 http://security.ubuntu.com/ubuntu/pool/universe/p/perl/perl-debug_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 2646280 c7debfc211977a5587eeb353dcf9ac09 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 31994 635f808e87308177acc302816f65a566 http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.7-5ubuntu1.1_powerpc.deb Size/MD5: 3657374 cbe8f520cc8e821b288c06af052822f6