Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.0065
perl security update
12 January 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: perl
Publisher: Debian
Operating System: Debian GNU/Linux 7
Debian GNU/Linux 8
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2015-8607
Original Bulletin:
http://www.debian.org/security/2016/dsa-3441
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running perl check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3441-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 11, 2016 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : perl
CVE ID : CVE-2015-8607
Debian Bug : 810719
David Golden of MongoDB discovered that File::Spec::canonpath() in Perl
returned untainted strings even if passed tainted input. This defect
undermines taint propagation, which is sometimes used to ensure that
unvalidated user input does not reach sensitive code.
The oldstable distribution (wheezy) is not affected by this problem.
For the stable distribution (jessie), this problem has been fixed in
version 5.20.2-3+deb8u2.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your perl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWk8zeAAoJEAVMuPMTQ89Ebo0P/Ak7kASx5X+T9MUYsRFFLiRO
lrQb26F5kfIRB/Uqy/LJDphCvNIo+IzBiEshZXXMCAphFc8xOKetrzWqVDXyvY4L
IE2Q9Lna/u4s88MmnZsG6WoS/MnMAL9bJNASLGrTNJRz+/ROXSx9/GkCMQaj3LHU
6tjiMi5xDIFVwqvRRnvXVs+xDzw556QpakMixAuX18eADbTMFOeq1uybArN1iaoW
CU+b28vT6vqYYJnfWENAKPFK7eEBB5dWskSSdcQXQvFmN9LKSSQ+THTvnga/JERs
vUKkO+C6GnbPy0M/XD6pH4mppClcIeIpXdfHZq+ecvZCS1SGeX+qZ9FATn1rYwFI
qZMCs0EYW72VUmSDyqQTI2DDZMZbI8TnQDcImcjjCwv/KURdQzPydPgG6MHZXt5o
dJw6M/X2kwfWkWN0bzrH0jLfjqKG4fd5Bjq6pHPjL64QVsEyuimZRZrntS72hq45
yroSke0zPExEprZoVDH6BXgftB2W9ucf4B/6UoMzl9dAODF/ZZiK2BCxv+IZPK3C
/i9pSiBQVAVJZlKyCDdr0A85P1uNY2skSNDJYFoZ5Ny/I6QiOMulmo+nk3kcNXzi
kihiB2647SwTJTYfpuGpjiapqWhXxUu2bXvVOHcEoyVt9qiQmgIg6v1KiBcwzk+9
r8T3o1hI97FrZvrHOjlH
=XctV
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVpRHcX6ZAP0PgtI9AQIA3w//cchWyEvzl+2KNZt+ewEh/Xnc7v2DVRQi
0i6OXXXlnYbtY3nTmqebLUL16/HMuGFLmP0aCUkwqL9GBv3kFTe2lzdjPbYghHFA
Gwg1uV7Yd4DsjaZ+LNEz8qPgucHWr7pL+hYi3H00e9O35CX5JYxnFFzBZiYiEby1
f5I4GsKZ4j53ZTGakSRj6SlgZZJ803g2Uv55LvLqxy4QcH4P4WXqg69B2uMk2+Ys
B78vhvIbuI5u65hNh2OciRVHWJZr/0v/cFlVi2PaNZhrxxO/ow2Uk8VhnzHsmVxp
a3AMBhsobfjahm15k+lFLNTLOXyL1hooUGAXXOM51ZfBSXFUYi+Kx7P2XDwv5dSn
LsaiqJqs2+JQwVnd0CWg6346GLUY2rtIp1AGw5xT0JhVlbissOoxe8mxwvvMTk6C
if8+h1q9iZ4yEBYkvxEkR6pKq+4+CfmaiwM0LY3gSgAxfx+cgFCqRA3FjzIOVixT
4Pyt1Vv/Uoc18cZugZuGtLy+4Y08Y5YJtFsOsfalgvP3EQavryiCeq59n8EM2E03
YxOUfCtDMjyMoYLCzYg4yEsKY8Ov+nuaCSTcQTknWlF1zXMMmZMCbYfHPhmy3BNi
uynsLt+6wwjVt6Xp+hPvhwjpSVeALYbDWE0iGTn0PgxEqdObp6jMe+vuVa1fNoT9
te9NPtcFtPw=
=XWBO
-----END PGP SIGNATURE-----