1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4226-1] perl security update

    From Salvatore Bonaccorso@1:229/2 to All on Tue Jun 12 06:50:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4226-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    June 12, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : perl
    CVE ID : CVE-2018-12015
    Debian Bug : 900834

    Jakub Wilk discovered a directory traversal flaw in the Archive::Tar
    module, allowing an attacker to overwrite any file writable by the
    extracting user via a specially crafted tar archive.

    For the oldstable distribution (jessie), this problem has been fixed
    in version 5.20.2-3+deb8u11.

    For the stable distribution (stretch), this problem has been fixed in
    version 5.24.1-3+deb9u4.

    We recommend that you upgrade your perl packages.

    For the detailed security status of perl please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/perl

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsfUF9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R0vw/8C8JM4x+DX3SAMCQsP0jLshcMMLZ4HJ/3aloi/3+cfzyJO4J/DOaxM4BA cPEW5HdcuGWKcAJl/SMy5j94RdIlYgh08lQDEbJwCgxxmVlzC1e7LgSdxFuqTTSb uRAdTvEpDj5s+tTLKWkZrr6WALrs/yg+RFsxtbZ7NvgFu1Uj3HGHpav0ylQY8YRR yaq43eLvFp/znPrXkAeja7pY0hPLAaSkxN7NuMM/osJ/sKiTzpXeinQoxIc5qCqC lhso86lb+hq6iZ7T78nUbe+jb/a3K+feAfXsCjdYI37tMgNRE4EosWKREhp0h1J7 WqvXvQpxlbwd4Ilf6SnKmhUcrtC7NL/t7wIsmvsLU88rgmOOpOqlDbCPRVTsNVdq Ccx/+qZYc0d5Jiq0NHxRCpSU5W0TgoekOWs2C4jYTJ7dH/7IxWB6fe/VagHLhQAq D16UHe+3Y7RkLa+44Za4JHGzjURwwjYzbS+MOIZFHz6/hk+gZBvEIF//6AJgXtZL NMXzhOstl35abQ6EoR82nx71gYbVyG4022K3XWcUhX+UUeLAYv1+b3ZGVXHjBiQB mLnCwG+l7TdQyWDMWswrf/MT9k8BsmIUe9K0XXSRsr+NAXRzEQjMhiJJIwiFp0YG 8bTjHqaQuvrop7CwC/d9vtj7852ukAnnGL32FRQwDlu14gTarsM=
    =22Iz
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)