Published:
10 March 1998
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-98.034 -- Red Hat Linux Bulletin
Vulnerability in perl symlinks
11 March 1998
===========================================================================
Red Hat Software, Inc. has released the following advisory concerning the
vulnerability in perl symlinks. All versions of perl for Red Hat Linux
are vulnerable to /tmp symlink attacks.
The following security bulletin is provided as a service to AUSCERT's
members. As AUSCERT did not write this document, AUSCERT has had no
control over its content. As such, the decision to use any or all of this
information is the responsibility of each user or organisation, and should
be done so in accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It will
not be updated when the original bulletin is. If downloading at a later
date, it is recommended that the bulletin is retrieved from the original
authors to ensure that the information is still current.
Contact information for Red Hat Software is included below. If you have any
questions or need further information, please contact them directly.
For more information from Red Hat Software visit: http://www.redhat.com
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AUSCERT or your
representative in FIRST (Forum of Incident Response and Security Teams).
Internet Email: auscert@auscert.org.au
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AUSCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
Facsimile: (07) 3365 7031
- --------------------------BEGIN INCLUDED TEXT--------------------
All versions of perl for Red Hat Linux have /tmp symlink attacks. New
packages are available for Red Hat 4.2 and Red Hat 5.0 which fix these
problems. All users of Red Hat Linux are encouraged to upgrade to the
new perl releases immediately. As always, these packages have been signed
with the Red Hat PGP key. Thanks to the contributors of BUGTRAQ for finding
and fixing this bug.
Erik
Red Hat 5.0
- -------------
i386:
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/perl-5.004-3.i386.rpm
alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/perl-5.004-3.alpha.rpm
Red Hat 4.2
- -------------
i386:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/perl-5.004-0.1.i386.rpm
alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/perl-5.004-0.1.alpha.rpm
SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/perl-5.004-0.1.sparc.rpm
- --------------------------END INCLUDED TEXT--------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBNQ0TfSh9+71yA2DNAQF+3QP/QosUBak3o4F4PUr1INEo5MwUmn+qlSGi
BrIBZIcFYUNAE96y6i7uLWcbbXixO7zx0qxaB8Ms8LwwpdHoegFm5ZWkFI09Zauk
eMX8UKH/D8iSSTrgLJbPQvzx1/Jz0CeHyD1kO1A7ESQaoq2VhMruBYt01ojaRsp+
ZmrcmrQRQ/g=
=DT6C
-----END PGP SIGNATURE-----