hostpc.com
Verified User
There's a new Perl version to fix a couple of vulnerabilities...
Package : perl
Vulnerability : insecure temporary files / directories
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0452 CAN-2004-0976
Several vulnerabilities have been discovered in Perl, the popular
scripting language. The Common Vulnerabilities and Exposures project
identifies the following problems:
CAN-2004-0452
Jeroen van Wolffelaar discovered that the rmtree() function in the
File:ath module removes directory trees in an insecure manner
which could lead to the removal of arbitrary files and directories
through a symlink attack.
CAN-2004-0976
Trustix developers discovered several insecure uses of temporary
files in many modules which allow a local attacker to overwrite
files via a symlink attack.
For the stable distribution (woody) these problems have been fixed in
version 5.6.1-8.8.
For the unstable distribution (sid) these problems have been fixed in
version 5.8.4-5.
Package : perl
Vulnerability : insecure temporary files / directories
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0452 CAN-2004-0976
Several vulnerabilities have been discovered in Perl, the popular
scripting language. The Common Vulnerabilities and Exposures project
identifies the following problems:
CAN-2004-0452
Jeroen van Wolffelaar discovered that the rmtree() function in the
File:ath module removes directory trees in an insecure manner
which could lead to the removal of arbitrary files and directories
through a symlink attack.
CAN-2004-0976
Trustix developers discovered several insecure uses of temporary
files in many modules which allow a local attacker to overwrite
files via a symlink attack.
For the stable distribution (woody) these problems have been fixed in
version 5.6.1-8.8.
For the unstable distribution (sid) these problems have been fixed in
version 5.8.4-5.