Published:
10 March 1998
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-98.034 -- Red Hat Linux Bulletin Vulnerability in perl symlinks 11 March 1998 =========================================================================== Red Hat Software, Inc. has released the following advisory concerning the vulnerability in perl symlinks. All versions of perl for Red Hat Linux are vulnerable to /tmp symlink attacks. The following security bulletin is provided as a service to AUSCERT's members. As AUSCERT did not write this document, AUSCERT has had no control over its content. As such, the decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It will not be updated when the original bulletin is. If downloading at a later date, it is recommended that the bulletin is retrieved from the original authors to ensure that the information is still current. Contact information for Red Hat Software is included below. If you have any questions or need further information, please contact them directly. For more information from Red Hat Software visit: http://www.redhat.com Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AUSCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: auscert@auscert.org.au Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AUSCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. Facsimile: (07) 3365 7031 - --------------------------BEGIN INCLUDED TEXT-------------------- All versions of perl for Red Hat Linux have /tmp symlink attacks. New packages are available for Red Hat 4.2 and Red Hat 5.0 which fix these problems. All users of Red Hat Linux are encouraged to upgrade to the new perl releases immediately. As always, these packages have been signed with the Red Hat PGP key. Thanks to the contributors of BUGTRAQ for finding and fixing this bug. Erik Red Hat 5.0 - ------------- i386: rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/perl-5.004-3.i386.rpm alpha: rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/perl-5.004-3.alpha.rpm Red Hat 4.2 - ------------- i386: rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/perl-5.004-0.1.i386.rpm alpha: rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/perl-5.004-0.1.alpha.rpm SPARC: rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/perl-5.004-0.1.sparc.rpm - --------------------------END INCLUDED TEXT-------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBNQ0TfSh9+71yA2DNAQF+3QP/QosUBak3o4F4PUr1INEo5MwUmn+qlSGi BrIBZIcFYUNAE96y6i7uLWcbbXixO7zx0qxaB8Ms8LwwpdHoegFm5ZWkFI09Zauk eMX8UKH/D8iSSTrgLJbPQvzx1/Jz0CeHyD1kO1A7ESQaoq2VhMruBYt01ojaRsp+ ZmrcmrQRQ/g= =DT6C -----END PGP SIGNATURE-----