-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1556-2 security@debian.org http://www.debian.org/security/ Florian Weimer April 27, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : perl Vulnerability : heap buffer overflow Problem type : local (remote) Debian-specific: no CVE Id : CVE-2008-1927 Debian Bug : 454792 An editorial mistake resulted in DSA-1556-1 not correctly applying the required change, making it ineffective. This DSA has been reissued as DSA-1556-2. We apologize for the inconvenience. The text of the original DSA follows. It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out. For the stable distribution (etch), this problem has been fixed in version 5.8.8-7etch3. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your perl packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3.dsc Size/MD5 checksum: 1033 a64a02ca01379537d6b203f10b4057b0 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3.diff.gz Size/MD5 checksum: 99389 ac6b2e452c2062c5e98148f55220b9f3 Architecture independent packages: http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch3_all.deb Size/MD5 checksum: 2313550 6150633786b45319e72c73ab60a20d5a http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch3_all.deb Size/MD5 checksum: 7348642 36d0578f3232446b96d10f3488c23949 http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch3_all.deb Size/MD5 checksum: 41038 dfc3818aa0723f40b5ef8d5ca73d06e6 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_alpha.deb Size/MD5 checksum: 2928940 521789d9f4f06e19f38f2d80e60e57ca http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_alpha.deb Size/MD5 checksum: 1012 6ce87e637517b7fec825004a905114d5 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_alpha.deb Size/MD5 checksum: 4150130 aa2954d40e69b38fe52dfa61b079587e http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_alpha.deb Size/MD5 checksum: 880010 26b0f20c23af58b5338d9d299985f5eb http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_alpha.deb Size/MD5 checksum: 821768 a68207e952d88524c69ca2514f83da2c http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_alpha.deb Size/MD5 checksum: 36238 741dcafe355fbad6377c64e1efe99339 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_amd64.deb Size/MD5 checksum: 630678 14542161388a8c503c7a7abb6d33d4d4 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_amd64.deb Size/MD5 checksum: 2735170 cc9d44d140168420a31f976087a6848b http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_amd64.deb Size/MD5 checksum: 1010 650fb6254665901c0cb840f910954a11 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_amd64.deb Size/MD5 checksum: 32798 153d300bc6ffad71441acf04afde4803 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_amd64.deb Size/MD5 checksum: 809292 02d678a10a760c707043700080fe6677 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_amd64.deb Size/MD5 checksum: 4237990 6e0392904c08c4fba6bb93ee1ace7dd0 arm architecture (ARM) http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_arm.deb Size/MD5 checksum: 3409592 23428b1370d50aad1f425feb1cff4559 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_arm.deb Size/MD5 checksum: 30344 c874fcfe16c4f6e3a53014fb6376e0cc http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_arm.deb Size/MD5 checksum: 2548190 f2a0f316e55c5f048132edda75149b22 http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_arm.deb Size/MD5 checksum: 562106 3dc05aa3411b106ba3d3d2902f01c5b4 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_arm.deb Size/MD5 checksum: 1008 5b67dea39e217a3f0039b4f5a4d51c48 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_arm.deb Size/MD5 checksum: 759956 810ecc85a40cd4731c89be7c5f5151b3 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_hppa.deb Size/MD5 checksum: 694276 a8e08f8325c27edb5528356594dee301 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_hppa.deb Size/MD5 checksum: 1008 fb441621a9b8622675a63f82706ed4f1 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_hppa.deb Size/MD5 checksum: 2735400 b10f4ee6ada5dc2a1a42b26c5090c0e6 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_hppa.deb Size/MD5 checksum: 4198474 394b378c3188ac1ea1bd9cae71a138e3 http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_hppa.deb Size/MD5 checksum: 33208 aeaec5068584da309184b6b937b00fdf http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_hppa.deb Size/MD5 checksum: 871692 7595034132ebbe7b65bb2e0ab739ea62 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_i386.deb Size/MD5 checksum: 585418 750a89f0e8ed51e7dd784010d37b22f2 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_i386.deb Size/MD5 checksum: 760444 84dfd960de2e6c3193ead1578fc6178a http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_i386.deb Size/MD5 checksum: 3583958 8903237c768dae6f34b07a1ba9684ba0 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_i386.deb Size/MD5 checksum: 2492000 cb7a9d05c896448251c5dae515055338 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_i386.deb Size/MD5 checksum: 527154 f004d1f671fdc770d34681548818891b http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_i386.deb Size/MD5 checksum: 32080 169b3dcf64d02aea0bd0f0b62aeb2019 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_ia64.deb Size/MD5 checksum: 1008 9f967c09935de60b9321c44d8894212e http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_ia64.deb Size/MD5 checksum: 3364466 046847298ebb320b86056452d23a92ab http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_ia64.deb Size/MD5 checksum: 4336102 6ff6abb8bfe16c094b9407bb215a168f http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_ia64.deb Size/MD5 checksum: 51280 2441994f1f61785a96fb56491849f42c http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_ia64.deb Size/MD5 checksum: 978068 4c29b16f2644716dcd77b00feeedfa1a http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_ia64.deb Size/MD5 checksum: 1153844 fceb380f514bebd80fa7d1ecaa41ec17 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_mips.deb Size/MD5 checksum: 32216 2ec36ff356503b6fc0c98faef0042c92 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_mips.deb Size/MD5 checksum: 3678900 e930f656b71e632628ee9e5ad083d4f6 http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_mips.deb Size/MD5 checksum: 693964 c67ba860ab192c7941920d2de57f69ea http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_mips.deb Size/MD5 checksum: 785986 ec30eca10729b7a58bd1ee3878ff84b0 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_mips.deb Size/MD5 checksum: 2781968 e6e72cd6c93f50dc628e08af41dc2a26 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_mips.deb Size/MD5 checksum: 1010 b6f93cf6098eecd4fe06179f0dd47c23 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_mipsel.deb Size/MD5 checksum: 3413532 d440057cc724bfabd65917fc6184519b http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_mipsel.deb Size/MD5 checksum: 32334 b89c1cc895fdbcb309813e914434e83e http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_mipsel.deb Size/MD5 checksum: 784698 abf70292fa9e7f6100d810ee018f4c28 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_mipsel.deb Size/MD5 checksum: 2730374 ab73bdb814b408fe8bcca4ee395c4186 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_mipsel.deb Size/MD5 checksum: 1016 1c3f9b401b4982978a4d769e353b591b http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_mipsel.deb Size/MD5 checksum: 687348 bbf95de1cd60bb397b49b74e20ac161c powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_powerpc.deb Size/MD5 checksum: 810864 f261468604909329540da9dda685325b http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_powerpc.deb Size/MD5 checksum: 32900 ba5131e5c331035c069d49c6ecaf9ddd http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_powerpc.deb Size/MD5 checksum: 1010 ee9735302fa6bd9baae584c85fe92231 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_powerpc.deb Size/MD5 checksum: 3824904 dc95a48f1c20c570c89fbb3a17d2fbf7 http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_powerpc.deb Size/MD5 checksum: 653450 f0ce69e7c51dfc23776b9a0ab09fca16 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_powerpc.deb Size/MD5 checksum: 2710134 e10ba40f94badd889ed8c8a53c1c4a17 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch3_s390.deb Size/MD5 checksum: 33094 09c33ce5eecc5c81c66b99ee79dad2cf http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3_s390.deb Size/MD5 checksum: 4100014 d2abb0aa96cbe52bb8cbb8943c256e98 http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch3_s390.deb Size/MD5 checksum: 1006 a8ad39eaa80c40d019a9282feca516b7 http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch3_s390.deb Size/MD5 checksum: 2796644 212c95d164c8b2b7d72ce2906e49cbd2 http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch3_s390.deb Size/MD5 checksum: 823450 14a09f800b956d85ba8b511eb8a79ebd http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch3_s390.deb Size/MD5 checksum: 633594 d95e0efda1f3d1c28d21a13dc0ded77b These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSBREir97/wQC1SS+AQJDJAf/cyTMqWR/NMe5bIVAJQbpkzeFaTD0PLAU TNlJpIrfTlofKaEDgF7jPS3nMH/Nii242fn5OwlQ4asOsVfHiHBmUEly/tuu/3aj zSZZp746m7dpZgBA3b8RFTcgon0mN/J2nzJPPhJyTgHiEuyOGSpKmPX7Ue4rSP8t rgAboFOR5yot5YRM12xEoDwQSpwvRRZscckZ93a14SrTsVDAOwkhubEp5KDaIKuo s57PhZnnjIpLYjr3hdz/0JcuQXTmIzhGZLJgfpJX9phZcPCF2RQk4BeiJCwNAbos IiUaP5r9CE/pkR6C+WzHX6qUYhlDOzgz/9oz44SXU9Trf04JDWwSZg== =5NNh -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/