Ubuntu Security Notice USN-700-1 - Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue.
4cd9f58b06577565cb8d0f6645a1ecaf732d9f924f3c0b72bfd28ab955c3a7a4VMware Security Advisory - Updated ESX packages for OpenSSL, net-snmp, and perl have been released to address multiple vulnerabilities.
b9fc79fc6d73c8635a227013728cb6e8490b89d0d62d24c585fa37fd7cbfa221Gentoo Linux Security Advisory GLSA 200805-17 - Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters. Versions less than 5.8.8-r5 are affected.
d88e369b9e48822ff46b850329243a153947387b3f1c99e2f7086e62266430edMandriva Linux Security Advisory - A double free vulnerability in Perl 5.8.8 and earlier versions, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.
502ecf53b12222000cfa04fb5b8c79641ef6b7b1704eeb5dbe00c30b94b5f0a9Debian Security Advisory 1556-2 - An editorial mistake resulted in DSA-1556-1 not correctly applying the required change, making it ineffective. This DSA has been reissued as DSA-1556-2. It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
9f8cd3907ab133e5951c8aea4aeeee4cb3b632247703458119918c8db48b9331Debian Security Advisory 1556-1 - It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
1799df7be8f51f594bdabae4c05cd39abaec64f61706fc8f035aaafe951cdbb4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed