Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1678-1] New perl packages fix privilege escalation (1/2

From Steffen Joeris@1:229/2 to All on Wed Dec 3 07:20:06 2008

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1678-1 [email protected] http://www.debian.org/security/ Steffen Joeris December 03, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : perl
Vulnerability : design flaws
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2008-5302 CVE-2008-5303
Debian Bug : 286905 286922

Paul Szabo rediscovered a vulnerability in the File::Path::rmtree
function of Perl. It was possible to exploit a race condition to create
setuid binaries in a directory tree or remove arbitrary files when a
process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later.

For the stable distribution (etch), these problems have been fixed in
version 5.8.8-7etch5.

For the unstable distribution (sid), these problems have been fixed in
version 5.10.0-18 and will migrate to the testing distribution (lenny)
shortly.

We recommend that you upgrade your perl packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5.dsc
Size/MD5 checksum: 750 a57837967b7420057558cab7efca9202
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz
Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5.diff.gz
Size/MD5 checksum: 105052 cfd4c3d27c5a7a342c441383867dae89

Architecture independent packages:

http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch5_all.deb
Size/MD5 checksum: 41082 9dfa8758852aadcaadb2edbdfa17f942
http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch5_all.deb
Size/MD5 checksum: 7378812 3baade38d4a703ae7db0e2f7d7b2df62
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch5_all.deb
Size/MD5 checksum: 2316518 dc45e7d6fbedf992db42f31326457df2

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_alpha.deb
Size/MD5 checksum: 4150162 345ac6cfebda2d2e6807a1dc0e14957c
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_alpha.deb
Size/MD5 checksum: 1006 f010eb97c3f81b2958c7546ba69296eb
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_alpha.deb
Size/MD5 checksum: 2928894 52f0aa7e688e63cd4d487a6492d9ee2e
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_alpha.deb
Size/MD5 checksum: 36236 eb16c8490e1e164ef6444f4b7680fbc6
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_alpha.deb
Size/MD5 checksum: 821796 d48d9e6f1a07eafdc6acb6d990cf1fbc
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_alpha.deb
Size/MD5 checksum: 880174 f32a7823fd919ada981b3eda1abe6a70

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_amd64.deb
Size/MD5 checksum: 630776 4f134545671885f476770a9da3695301
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_amd64.deb
Size/MD5 checksum: 806610 02ed83b2872342eb732c0179daa52869
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_amd64.deb
Size/MD5 checksum: 32774 4db9f5a96272f4a561abadbc3a1ed175
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_amd64.deb
Size/MD5 checksum: 4248964 b09695271b26cb6b6245a791e9e7122d
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_amd64.deb
Size/MD5 checksum: 2735132 c8bb2c571273b1ef47beb05874ae4277
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_amd64.deb
Size/MD5 checksum: 1010 4223d65b463272ca026ee7e7d7d0ff02

arm architecture (ARM)

http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_arm.deb
Size/MD5 checksum: 1008 fd5146b7fceeb55c7ba16831e95f0b4a
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_arm.deb
Size/MD5 checksum: 562112 24fe7aacf39d42673555f228e6edd5d7
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_arm.deb
Size/MD5 checksum: 30338 57ce7264534de68fe870e72eaae6a186
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_arm.deb
Size/MD5 checksum: 3410084 382ee29a48541e9270cb20926ff2c58a
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_arm.deb
Size/MD5 checksum: 760136 6939901d705dbdac94e959ebab73d32a
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_arm.deb
Size/MD5 checksum: 2548202 07796362a684d112be9dbea0ff5a2ab5

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch5_i386.deb
Size/MD5 checksum: 3589118 bdcb99ed51d06b1639d98a661ce42d58
http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.8-7etch5_i386.deb
Size/MD5 checksum: 527162 c511226a2cbddb98a170c8f563d6670a
http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.8-7etch5_i386.deb
Size/MD5 checksum: 585396 f3f34d325de643667d4c12f897a15f48
http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.8-7etch5_i386.deb
Size/MD5 checksum: 32070 59d70d1ee4f0e7584230095ca079ceb7
http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.8-7etch5_i386.deb
Size/MD5 checksum: 2491980 7149381d9862cc1ebd20092fae76dda9
http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.8-7etch5_i386.deb
Size/MD5 checksum: 762200 40254226d8ae5963a908661350816f0c

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH
- Michal Wronka
  Thu Jun 4 23:13:51 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	714
Nodes:	16 (2 / 14)
Uptime:	142:08:11
Calls:	12,088
Calls today:	1
Files:	14,998
Messages:	6,517,451

[SECURITY] [DSA 1678-1] New perl packages fix privilege escalation (1/2

Who's Online

Recent Visitors

System Info