1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2265-1] perl security update

    From Florian Weimer@1:229/2 to All on Mon Jun 20 20:20:01 2011
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2265-1 [email protected] http://www.debian.org/security/ Florian Weimer
    June 20, 2011 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : perl
    Vulnerability : lack of tainted flag propagation
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2011-1487
    Debian Bug : 622817

    Mark Martinec discovered that Perl incorrectly clears the tainted flag
    on values returned by case conversion functions such as "lc". This
    may expose preexisting vulnerabilities in applications which use these functions while processing untrusted input. No such applications are
    known at this stage. Such applications will cease to work when this
    security update is applied because taint checks are designed to
    prevent such unsafe use of untrusted input data.

    For the oldstable distribution (lenny), this problem has been fixed in
    version 5.10.0-19lenny4.

    For the stable distribution (squeeze), this problem has been fixed in
    version 5.10.1-17squeeze1.

    For the testing distribution (wheezy), this problem has been fixed in
    version <missing>.

    For the testing distribution (wheezy) and the unstable distribution
    (sid), this problem has been fixed in version 5.10.1-20.

    We recommend that you upgrade your perl packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.9 (GNU/Linux)

    iQEcBAEBAgAGBQJN/4lsAAoJEL97/wQC1SS+4QcH/icu00TLCWUO8uInv1KmYodv wONEZwP2WlMxhgyad/Ou7q0Yr5Mbvq+pF9GVK/nuglGhKPSRwfHjV310U4IRKY1Q 8tWUr9pMIVbqP+rcK6NbQO0bfzv5MwscXD3AOcsbmNeEg8OYPCudaY3ELZrDOg0L 2FzbXwbnBbJkDcxfGFg3rBPmWLShpROKUPp6A0/hcrFlMGwVSSF4Y1AnJxQPmj0z YMCuQp+6G5tmC+Vdc5MJg/gz3YeBMcV1Hsb5HZSQ3altCmgpJnGSJ5RInm8ahx9J R9aSZ5OhyLaFQloPau6MVrwu567lfEdwDQmB4vN24/JX17pwXvObgP0UgSCRTNs=
    =7fCH
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Junior Gamez Aguilera@1:229/2 to All on Wed Jun 22 21:20:02 2011
    XPost: linux.debian.security
    From: [email protected]

    after applying this upgrade mailscanner stop working, it start to enter
    in a continuous cicle of restart. please could you verify this?
    I have to go back to previous version in order to put mailscanner to work. greetings
    Jr

    El 20/06/2011 02:15 p.m., Florian Weimer escribi�:
    ------------------------------------------------------------------------- Debian Security Advisory DSA-2265-1 [email protected] http://www.debian.org/security/ Florian Weimer June 20, 2011 http://www.debian.org/security/faq -------------------------------------------------------------------------

    Package : perl
    Vulnerability : lack of tainted flag propagation
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2011-1487
    Debian Bug : 622817

    Mark Martinec discovered that Perl incorrectly clears the tainted flag
    on values returned by case conversion functions such as "lc". This
    may expose preexisting vulnerabilities in applications which use these functions while processing untrusted input. No such applications are
    known at this stage. Such applications will cease to work when this
    security update is applied because taint checks are designed to
    prevent such unsafe use of untrusted input data.

    For the oldstable distribution (lenny), this problem has been fixed in version 5.10.0-19lenny4.

    For the stable distribution (squeeze), this problem has been fixed in
    version 5.10.1-17squeeze1.

    For the testing distribution (wheezy), this problem has been fixed in
    version <missing>.

    For the testing distribution (wheezy) and the unstable distribution
    (sid), this problem has been fixed in version 5.10.1-20.

    We recommend that you upgrade your perl packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]


    --
    Este mensaje ha sido analizado por MailScanner
    en busca de virus y otros contenidos peligrosos,
    y se considera que est� limpio.



    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)