Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.0065 perl security update 12 January 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: perl Publisher: Debian Operating System: Debian GNU/Linux 7 Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-8607 Original Bulletin: http://www.debian.org/security/2016/dsa-3441 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running perl check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3441-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 11, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : perl CVE ID : CVE-2015-8607 Debian Bug : 810719 David Golden of MongoDB discovered that File::Spec::canonpath() in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code. The oldstable distribution (wheezy) is not affected by this problem. For the stable distribution (jessie), this problem has been fixed in version 5.20.2-3+deb8u2. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your perl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWk8zeAAoJEAVMuPMTQ89Ebo0P/Ak7kASx5X+T9MUYsRFFLiRO lrQb26F5kfIRB/Uqy/LJDphCvNIo+IzBiEshZXXMCAphFc8xOKetrzWqVDXyvY4L IE2Q9Lna/u4s88MmnZsG6WoS/MnMAL9bJNASLGrTNJRz+/ROXSx9/GkCMQaj3LHU 6tjiMi5xDIFVwqvRRnvXVs+xDzw556QpakMixAuX18eADbTMFOeq1uybArN1iaoW CU+b28vT6vqYYJnfWENAKPFK7eEBB5dWskSSdcQXQvFmN9LKSSQ+THTvnga/JERs vUKkO+C6GnbPy0M/XD6pH4mppClcIeIpXdfHZq+ecvZCS1SGeX+qZ9FATn1rYwFI qZMCs0EYW72VUmSDyqQTI2DDZMZbI8TnQDcImcjjCwv/KURdQzPydPgG6MHZXt5o dJw6M/X2kwfWkWN0bzrH0jLfjqKG4fd5Bjq6pHPjL64QVsEyuimZRZrntS72hq45 yroSke0zPExEprZoVDH6BXgftB2W9ucf4B/6UoMzl9dAODF/ZZiK2BCxv+IZPK3C /i9pSiBQVAVJZlKyCDdr0A85P1uNY2skSNDJYFoZ5Ny/I6QiOMulmo+nk3kcNXzi kihiB2647SwTJTYfpuGpjiapqWhXxUu2bXvVOHcEoyVt9qiQmgIg6v1KiBcwzk+9 r8T3o1hI97FrZvrHOjlH =XctV - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVpRHcX6ZAP0PgtI9AQIA3w//cchWyEvzl+2KNZt+ewEh/Xnc7v2DVRQi 0i6OXXXlnYbtY3nTmqebLUL16/HMuGFLmP0aCUkwqL9GBv3kFTe2lzdjPbYghHFA Gwg1uV7Yd4DsjaZ+LNEz8qPgucHWr7pL+hYi3H00e9O35CX5JYxnFFzBZiYiEby1 f5I4GsKZ4j53ZTGakSRj6SlgZZJ803g2Uv55LvLqxy4QcH4P4WXqg69B2uMk2+Ys B78vhvIbuI5u65hNh2OciRVHWJZr/0v/cFlVi2PaNZhrxxO/ow2Uk8VhnzHsmVxp a3AMBhsobfjahm15k+lFLNTLOXyL1hooUGAXXOM51ZfBSXFUYi+Kx7P2XDwv5dSn LsaiqJqs2+JQwVnd0CWg6346GLUY2rtIp1AGw5xT0JhVlbissOoxe8mxwvvMTk6C if8+h1q9iZ4yEBYkvxEkR6pKq+4+CfmaiwM0LY3gSgAxfx+cgFCqRA3FjzIOVixT 4Pyt1Vv/Uoc18cZugZuGtLy+4Y08Y5YJtFsOsfalgvP3EQavryiCeq59n8EM2E03 YxOUfCtDMjyMoYLCzYg4yEsKY8Ov+nuaCSTcQTknWlF1zXMMmZMCbYfHPhmy3BNi uynsLt+6wwjVt6Xp+hPvhwjpSVeALYbDWE0iGTn0PgxEqdObp6jMe+vuVa1fNoT9 te9NPtcFtPw= =XWBO -----END PGP SIGNATURE-----