Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0866 -- [UNIX/Linux][RedHat]
Important: perl security update
6 November 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: perl
Publisher: Red Hat
Operating System: UNIX variants (UNIX, Linux, OSX)
Red Hat Linux
Impact: Execute Arbitrary Code/Commands
Increased Privileges
Access: Existing Account
CVE Names: CVE-2007-5116
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0966.html
https://rhn.redhat.com/errata/RHSA-2007-1011.html
Comment: This ESB contains two Red Hat advisories.
This advisory references vulnerabilities in products which run on
platforms other than Red Hat. It is recommended that administrators
running perl check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: perl security update
Advisory ID: RHSA-2007:0966-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0966.html
Issue date: 2007-11-05
Updated on: 2007-11-05
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-5116
- - ---------------------------------------------------------------------
1. Summary:
Updated Perl packages that fix a security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
Perl is a high-level programming language commonly used for system
administration utilities and Web programming.
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl. (CVE-2007-5116)
Users of Perl are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.
Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing this issue.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
323571 - CVE-2007-5116 perl regular expression UTF parsing errors
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb perl-5.8.0-97.EL3.src.rpm
i386:
08110ae481534b78aca8583e466d0d11 perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1 perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4 perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf perl-suidperl-5.8.0-97.EL3.i386.rpm
ia64:
8daacbf394685b47dcd68cb3a1c87bee perl-5.8.0-97.EL3.ia64.rpm
46b2846b37ca14e8e4ebd960435a2e3a perl-CGI-2.89-97.EL3.ia64.rpm
dc6f8cad4ca4779ff43fad3d99599d87 perl-CPAN-1.61-97.EL3.ia64.rpm
ba5572804a0300adcf821914806bfed1 perl-DB_File-1.806-97.EL3.ia64.rpm
1e9a1cccea333cd08b27c48793163ffb perl-debuginfo-5.8.0-97.EL3.ia64.rpm
e0944c1db59ba589012b7dac36521de9 perl-suidperl-5.8.0-97.EL3.ia64.rpm
ppc:
e615fd2475ce99ca74d5a4956b042f77 perl-5.8.0-97.EL3.ppc.rpm
795d3acbb9c53adc03d794fc149b68ee perl-CGI-2.89-97.EL3.ppc.rpm
6db24a415cbd5ec6d4cf010c8e438191 perl-CPAN-1.61-97.EL3.ppc.rpm
3c187eb1c14ba3abb3e995b98f3252c7 perl-DB_File-1.806-97.EL3.ppc.rpm
ae0a212933e8b2c1e3c0d77f1e64c39c perl-debuginfo-5.8.0-97.EL3.ppc.rpm
c5f452f0c24cc1d8481eaaf01ac328e2 perl-suidperl-5.8.0-97.EL3.ppc.rpm
s390:
2a72259ab24620832ecb561959117eed perl-5.8.0-97.EL3.s390.rpm
12183a27b2ff2de7d789e8aa5f1108b5 perl-CGI-2.89-97.EL3.s390.rpm
428a1688d05660f07bc492147d041bad perl-CPAN-1.61-97.EL3.s390.rpm
3096dd9080963cfceeac8bf95261f01d perl-DB_File-1.806-97.EL3.s390.rpm
39842e40fa258dd16f3b434df44eba4a perl-debuginfo-5.8.0-97.EL3.s390.rpm
c3bd3d5726b222cd77e15cfecf5efda5 perl-suidperl-5.8.0-97.EL3.s390.rpm
s390x:
52f0e7173410f550c5c26bbe79f7f29d perl-5.8.0-97.EL3.s390x.rpm
878d39ad48bac5bc724083d6fafc5bac perl-CGI-2.89-97.EL3.s390x.rpm
3f3b35f013b39d6f736d832b4a877be2 perl-CPAN-1.61-97.EL3.s390x.rpm
3ce11d8210bd2a35484c4e66eae587e4 perl-DB_File-1.806-97.EL3.s390x.rpm
efee43aed37dbe6750cf9d2a96edb630 perl-debuginfo-5.8.0-97.EL3.s390x.rpm
96df21531273fa0e5ea61a2e94274535 perl-suidperl-5.8.0-97.EL3.s390x.rpm
x86_64:
019400b949f68db6ee1922ffb9dec9fa perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8 perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227 perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570 perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3 perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d perl-suidperl-5.8.0-97.EL3.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb perl-5.8.0-97.EL3.src.rpm
i386:
08110ae481534b78aca8583e466d0d11 perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1 perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4 perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf perl-suidperl-5.8.0-97.EL3.i386.rpm
x86_64:
019400b949f68db6ee1922ffb9dec9fa perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8 perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227 perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570 perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3 perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d perl-suidperl-5.8.0-97.EL3.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb perl-5.8.0-97.EL3.src.rpm
i386:
08110ae481534b78aca8583e466d0d11 perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1 perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4 perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf perl-suidperl-5.8.0-97.EL3.i386.rpm
ia64:
8daacbf394685b47dcd68cb3a1c87bee perl-5.8.0-97.EL3.ia64.rpm
46b2846b37ca14e8e4ebd960435a2e3a perl-CGI-2.89-97.EL3.ia64.rpm
dc6f8cad4ca4779ff43fad3d99599d87 perl-CPAN-1.61-97.EL3.ia64.rpm
ba5572804a0300adcf821914806bfed1 perl-DB_File-1.806-97.EL3.ia64.rpm
1e9a1cccea333cd08b27c48793163ffb perl-debuginfo-5.8.0-97.EL3.ia64.rpm
e0944c1db59ba589012b7dac36521de9 perl-suidperl-5.8.0-97.EL3.ia64.rpm
x86_64:
019400b949f68db6ee1922ffb9dec9fa perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8 perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227 perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570 perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3 perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d perl-suidperl-5.8.0-97.EL3.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb perl-5.8.0-97.EL3.src.rpm
i386:
08110ae481534b78aca8583e466d0d11 perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1 perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4 perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf perl-suidperl-5.8.0-97.EL3.i386.rpm
ia64:
8daacbf394685b47dcd68cb3a1c87bee perl-5.8.0-97.EL3.ia64.rpm
46b2846b37ca14e8e4ebd960435a2e3a perl-CGI-2.89-97.EL3.ia64.rpm
dc6f8cad4ca4779ff43fad3d99599d87 perl-CPAN-1.61-97.EL3.ia64.rpm
ba5572804a0300adcf821914806bfed1 perl-DB_File-1.806-97.EL3.ia64.rpm
1e9a1cccea333cd08b27c48793163ffb perl-debuginfo-5.8.0-97.EL3.ia64.rpm
e0944c1db59ba589012b7dac36521de9 perl-suidperl-5.8.0-97.EL3.ia64.rpm
x86_64:
019400b949f68db6ee1922ffb9dec9fa perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8 perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227 perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570 perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3 perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d perl-suidperl-5.8.0-97.EL3.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428 perl-5.8.5-36.el4_5.2.src.rpm
i386:
f1161acf28aa300ac3a56196e41bc0c0 perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960 perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm
ia64:
7d7126bde8dce636b1829855a3179925 perl-5.8.5-36.el4_5.2.ia64.rpm
6a32482132d4ecc5176a3251daac6d55 perl-debuginfo-5.8.5-36.el4_5.2.ia64.rpm
5facb1cdc620ed11ef59d3bc1743c731 perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm
ppc:
3ead10eac85b4511ba84c5caa2fcd4fe perl-5.8.5-36.el4_5.2.ppc.rpm
90d3f87db8da1a5c64262a6789e21e72 perl-debuginfo-5.8.5-36.el4_5.2.ppc.rpm
f9e58d14af224e7e7a854af2b4c238a3 perl-suidperl-5.8.5-36.el4_5.2.ppc.rpm
s390:
083df771d205431a023ce3106b3abc62 perl-5.8.5-36.el4_5.2.s390.rpm
bb60f65df1e7ae736d85420fea4a5e5b perl-debuginfo-5.8.5-36.el4_5.2.s390.rpm
15ff0e8a816551349bfcfdc0adb3cd52 perl-suidperl-5.8.5-36.el4_5.2.s390.rpm
s390x:
d337f71d48b8577bb6fb32497cf43799 perl-5.8.5-36.el4_5.2.s390x.rpm
db8498f048c019f311f85a8df10654af perl-debuginfo-5.8.5-36.el4_5.2.s390x.rpm
195293ce097b26f3e219ba9697c66445 perl-suidperl-5.8.5-36.el4_5.2.s390x.rpm
x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806 perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428 perl-5.8.5-36.el4_5.2.src.rpm
i386:
f1161acf28aa300ac3a56196e41bc0c0 perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960 perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm
x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806 perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428 perl-5.8.5-36.el4_5.2.src.rpm
i386:
f1161acf28aa300ac3a56196e41bc0c0 perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960 perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm
ia64:
7d7126bde8dce636b1829855a3179925 perl-5.8.5-36.el4_5.2.ia64.rpm
6a32482132d4ecc5176a3251daac6d55 perl-debuginfo-5.8.5-36.el4_5.2.ia64.rpm
5facb1cdc620ed11ef59d3bc1743c731 perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm
x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806 perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428 perl-5.8.5-36.el4_5.2.src.rpm
i386:
f1161acf28aa300ac3a56196e41bc0c0 perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960 perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm
ia64:
7d7126bde8dce636b1829855a3179925 perl-5.8.5-36.el4_5.2.ia64.rpm
6a32482132d4ecc5176a3251daac6d55 perl-debuginfo-5.8.5-36.el4_5.2.ia64.rpm
5facb1cdc620ed11ef59d3bc1743c731 perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm
x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806 perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/perl-5.8.8-10.el5_0.2.src.rpm
80ae3681c13ce42f0ca7f7b0d3f65ad9 perl-5.8.8-10.el5_0.2.src.rpm
i386:
4c75d8927b2d9b48ea8eff28bd815f58 perl-5.8.8-10.el5_0.2.i386.rpm
fe7c4efeb215effd89f4b651dbd6ee29 perl-debuginfo-5.8.8-10.el5_0.2.i386.rpm
069f811d020867de13242a28c1050cfb perl-suidperl-5.8.8-10.el5_0.2.i386.rpm
x86_64:
7fb4459c9e02e7b698b72a1cf885ddd1 perl-5.8.8-10.el5_0.2.x86_64.rpm
58269ad060a5dcdb8522ec496aa9784b perl-debuginfo-5.8.8-10.el5_0.2.x86_64.rpm
8dbbca6942da4350cb3921ded784055f perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/perl-5.8.8-10.el5_0.2.src.rpm
80ae3681c13ce42f0ca7f7b0d3f65ad9 perl-5.8.8-10.el5_0.2.src.rpm
i386:
4c75d8927b2d9b48ea8eff28bd815f58 perl-5.8.8-10.el5_0.2.i386.rpm
fe7c4efeb215effd89f4b651dbd6ee29 perl-debuginfo-5.8.8-10.el5_0.2.i386.rpm
069f811d020867de13242a28c1050cfb perl-suidperl-5.8.8-10.el5_0.2.i386.rpm
ia64:
92ac4f52c137c7406da353b7d8463034 perl-5.8.8-10.el5_0.2.ia64.rpm
df83934e1aca8c50ac331822f054eb20 perl-debuginfo-5.8.8-10.el5_0.2.ia64.rpm
50749b5171123f123890bd9cc5dd07d6 perl-suidperl-5.8.8-10.el5_0.2.ia64.rpm
ppc:
8820cedc46e66a62e5fdd1ac949c4b8f perl-5.8.8-10.el5_0.2.ppc.rpm
d0ed851ad533205fa5cca7099337af41 perl-debuginfo-5.8.8-10.el5_0.2.ppc.rpm
702ab8dfbb86555057782d04e6892ed5 perl-suidperl-5.8.8-10.el5_0.2.ppc.rpm
s390x:
05056e414bd207108f1a4b46f4186631 perl-5.8.8-10.el5_0.2.s390x.rpm
f9f28930496ed8dbaa84573a573c9279 perl-debuginfo-5.8.8-10.el5_0.2.s390x.rpm
1542ed29a717c3cb39cf521c7ff11caf perl-suidperl-5.8.8-10.el5_0.2.s390x.rpm
x86_64:
7fb4459c9e02e7b698b72a1cf885ddd1 perl-5.8.8-10.el5_0.2.x86_64.rpm
58269ad060a5dcdb8522ec496aa9784b perl-debuginfo-5.8.8-10.el5_0.2.x86_64.rpm
8dbbca6942da4350cb3921ded784055f perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFHL0S0XlSAg2UNWIIRAtsOAJ4kMVBGRohsuJMB12k5McaG5J2xEQCfR736
AF9SXL0qcaLJG8IuR4VFHNk=
=C25p
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: perl security update
Advisory ID: RHSA-2007:1011-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-1011.html
Issue date: 2007-11-05
Updated on: 2007-11-05
Product: Red Hat Application Stack
CVE Names: CVE-2007-5116
- - ---------------------------------------------------------------------
1. Summary:
Updated Perl packages that fix security issues for Red Hat Application
Stack v1.2 are now available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64
3. Problem description:
Perl is a high-level programming language commonly used for system
administration utilities and Web programming.
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl. (CVE-2007-5116)
Users of Perl are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing this issue.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
323571 - CVE-2007-5116 perl regular expression UTF parsing errors
6. RPMs required:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4):
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/perl-5.8.8-5.el4s1_2.src.rpm
73b5b047e89da16e563da600fb1f27bb perl-5.8.8-5.el4s1_2.src.rpm
i386:
594456f0c0a07778426f2db35dc6d83c perl-5.8.8-5.el4s1_2.i386.rpm
cf0e2c42cc134c75c932d8bfae8b7ac0 perl-debuginfo-5.8.8-5.el4s1_2.i386.rpm
c412d4db3a2d6b963115b811e2a3fe7a perl-suidperl-5.8.8-5.el4s1_2.i386.rpm
x86_64:
24c17031ef19b328c25517a5e89e3766 perl-5.8.8-5.el4s1_2.x86_64.rpm
2038481ca705701df16082bc989e3279 perl-debuginfo-5.8.8-5.el4s1_2.x86_64.rpm
523b0a11d061ae2a51a13f09620e0c64 perl-suidperl-5.8.8-5.el4s1_2.x86_64.rpm
Red Hat Application Stack v1 for Enterprise Linux ES (v.4):
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/perl-5.8.8-5.el4s1_2.src.rpm
73b5b047e89da16e563da600fb1f27bb perl-5.8.8-5.el4s1_2.src.rpm
i386:
594456f0c0a07778426f2db35dc6d83c perl-5.8.8-5.el4s1_2.i386.rpm
cf0e2c42cc134c75c932d8bfae8b7ac0 perl-debuginfo-5.8.8-5.el4s1_2.i386.rpm
c412d4db3a2d6b963115b811e2a3fe7a perl-suidperl-5.8.8-5.el4s1_2.i386.rpm
x86_64:
24c17031ef19b328c25517a5e89e3766 perl-5.8.8-5.el4s1_2.x86_64.rpm
2038481ca705701df16082bc989e3279 perl-debuginfo-5.8.8-5.el4s1_2.x86_64.rpm
523b0a11d061ae2a51a13f09620e0c64 perl-suidperl-5.8.8-5.el4s1_2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFHL0TNXlSAg2UNWIIRAgQlAJ9Oyhp+oLUht3ruGkJN90/YIoszCwCgqyc1
CgUXBjPVbh9hJAvIZWxfxhY=
=OWEX
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRy+2LSh9+71yA2DNAQJ01wQAj0SpC7rSYWKwhsaN9mlHdYr7MsDkBZwO
PULQKvi4/mKfS/oer9Ocj8PgHtPg0kNtcn13C3rwj0Aj1mStksaROkxgU6oqRnle
P1TzvmjqHJ0eMPagSKU2HamRmBDPfsQEBSZyUzBFuf7hwmVZRiG9sVYRQvOUG8CA
6PPuAHuW7dI=
=nhjo
-----END PGP SIGNATURE-----