Security for Unix Webservers Webglimpse Search Results

RedHat: Important: perl security update - The Community's Center for Security, Jun 14 2008
RedHat: Important: perl security update - The Community's Center for Security
RedHat: Important: perl security update
Updated perl packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.
Synopsis: Important: perl security update Advisory ID: RHSA-2008:0522-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0522.html Issue date: 2008-06-11 CVE Names: CVE-2008-1927 =====================================================================
Updated perl packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5.
Perl is a high-level programming language commonly used for system administration utilities and Web programming.
A flaw was found in Perl's regular expression engine. A specially crafted regular expression with Unicode characters could trigger a buffer overflow, causing Perl to crash, or possibly execute arbitrary code with the privileges of the user running Perl. (CVE-2008-1927)
Users of perl are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
443928 - CVE-2008-1927 perl: heap corruption by regular expressions with utf8 characters
Source: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/perl-5.8.0-98.EL3.src.rpm
...limit of 10 lines reached, additional matching lines are not shown...

CERT Advisory CA-1997-17 Vulnerability in suidperl (sperl), Jun 14 2008
The CERT Coordination Center has received reports of a buffer overflow condition in suidperl built from Perl 4.n and Perl 5.n distributions on UNIX systems. By calling this program with appropriately crafted parameters, unauthorized local users can execute arbitrary commands as root. This vulnerability is being actively exploited.
The CERT/CC team recommends installing a vendor patch if one is available (see Section III.B). Until you can do so, we recommend disabling suidperl (Section III.A). Two other alternatives are to install suidperl or sperl from version 5.003 source code along with the patch provided in Appendix B of this advisory (see also Section III.C), or upgrade to Perl version 5.004 (Section III.D). Note that Perl4 is no longer supported.
On some systems, setuid and setgid scripts (scripts written in the C shell, Bourne shell, or Perl, for example, with the set user or group ID permissions enabled) are insecure due to a race condition in the kernel. For those systems, Perl versions 4 and 5 attempt to work around this vulnerability with a special program named suidperl, also known as sperl. This program attempts to emulate the set-user-ID and set-group-ID features of the kernel.
There is a buffer overflow condition in suidperl built from Perl 4.n and Perl 5.n distributions earlier than version 5.004. If this program is called with appropriately crafted parameters, an attacker can execute arbitrary commands as root. This vulnerability is being actively exploited.
Users executing Perl scripts with the setuid bit set can execute arbitrary commands with the effective uid of the owner of the Perl script. Attackers can execute commands as root.
Sites that installed suidperl and sperl programs themselves from the Perl source distribution should patch the distribution as described in Section C or upgrade to version 5.004 as described in Section D. Note that Perl4 is no longer supported.
If you would like to keep using setuid Perl scripts, fix Perl yourself by following these steps: 1. Go to your Perl 5.003 source directory, or else obtain a fresh Perl 5.003 distribution from
http://www.perl.com/CPAN/src/5.0/perl5.003.tar.gz
3. Build and install the patched Perl 5.003.
(If you have never built Perl before, be sure to read the "INSTALL" file first.)
...limit of 10 lines reached, additional matching lines are not shown...

CERT Advisory CA-1996-12 Vulnerability in suidperl, Jun 14 2008
Perl versions 4 and 5 can be compiled and installed in such a way that they will be vulnerable on some systems. If you have installed the suidperl or sperl programs on a system that supports saved set-user-ID and set-group-ID, you may be at risk.
The CERT Coordination Center recommends that you first disable the suidperl and sperl programs (Section III.A). If you need the functionality, we further recommend that you either apply a patch for this problem or install Perl version 5.003 (Section III.B). If neither a patch nor a new version are viable alternatives, we recommend installing the wrapper written by Larry Wall as a workaround for this problem (Section III.C).
On some systems, setuid and setgid scripts (scripts written in the C shell, Bourne shell, or Perl, for example, with the set user or group ID permissions enabled) are insecure due to a race condition in the kernel. For those systems, Perl versions 4 and 5 attempt to work around this vulnerability with a special program named suidperl, also known as sperl. Even on systems that do provide a secure mechanism for setuid and setgid scripts, suidperl may also be installed--although it is not needed.
suidperl attempts to emulate the set-user-ID and set-group-ID features of the kernel. Depending on whether the script is set-user-ID, set-group-ID, or both, suidperl achieves this emulation by first changing its effective user or group ID to that of the original Perl script. suidperl then reads and executes the script as that effective user or group. To do these user and group ID changes correctly, suidperl must be installed as set-user-ID root.
If you have installed Perl from source code, you should install source code patches. Patches are available from the CPAN (Comprehensive Perl Archive Network) archives.
Patch for Perl Version 4:
Patch for Perl Version 5:
In addition, Perl version 5.003 contains this patch, so installing it on your system also addresses this vulnerability. Perl 5.003 is available from the CPAN archives. Here are the specifics:
CPAN master site
ftp://ftp.funet.fi/pub/languages/perl/CPAN/
...limit of 10 lines reached, additional matching lines are not shown...

CGI/Perl Taint Mode FAQ, Jun 14 2008
CGI/Perl Taint Mode FAQ
CGI/Perl Taint Mode FAQ
How do I use taint mode in my CGI/Perl Script?
One very good way to lock out security bugs in Perl code is to turn on TAINT mode. TAINT mode puts a Perl script into "PARANOID" mode and treats ALL user supplied input as tainted and bad unless the programmer explicitly "OKs" the data.
How do I use taint mode in my CGI/Perl script?
If your site has Perl 5 on it, change the line at the top of your CGI script from
#!/usr/local/bin/perl
#!/usr/local/bin/perl -T
Note: your path to the Perl executable may vary depending on your server.
If your site has Perl 4 on it, change the line at the top of your CGI script from
...limit of 10 lines reached, additional matching lines are not shown...

Mandriva: Updated perl-Tk packages fix GIF processing - The Community's Center for Security, Jun 14 2008
Mandriva: Updated perl-Tk packages fix GIF processing - The Community's Center for Security
Mandriva: Updated perl-Tk packages fix GIF processing
A vulnerability in perl-Tk was found where specially crafted GIF images could crash perl-Tk (an identical issue to that found in php-gd, gd, and SDL_image).
......
...-7.1mdv2007.0.i586.rpm e9a52dbb6ae3c66329e8804db7...
Mandriva Linux 2007.0/X86_64: 1c90b8668b367864a7a745e7c5fe7a3e 2007.0/x86_64/perl-Tk-804.027-7.1mdv2007.0.x86_64.rpm 94e06f5c06bdaaca2387d78f883bd42b 2007.0/x86_64/perl-Tk-devel-804.027-7.1mdv2007.0.x86_64.rpm c716b24bd69c972f60d8a77a297571fb 2007.0/x86_64/perl-Tk-doc-804.027-7.1mdv2007.0.x86_64.rpm 35c904dd5d8fdfcb1289cff6f5683ffd 2007.0/SRPMS/perl-Tk-804.027-7.1mdv2007.0.src.rpm
Mandriva Linux 2007.1: ccd8c93b6638f18f44956e3a7976843f 2007.1/i586/perl-Tk-804.027-7.1mdv2007.1.i586.rpm 6f36c284047f89d996039a4890ef24a5 2007.1/i586/perl-Tk-devel-804.027-7.1mdv2007.1.i586.rpm ea68a42b822f65622c08401438e18f3a 2007.1/i586/perl-Tk-doc-804.027-7.1mdv2007.1.i586.rpm ba77b6b3ba20990bb584112edd8a8a11 2007.1/SRPMS/perl-Tk-804.027-7.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 64c30b9a6521ee330c3ab503c7af4a81 2007.1/x86_64/perl-Tk-804.027-7.1mdv2007.1.x86_64.rpm 3af0d32f148366759bc38b6ebe9d0ed2 2007.1/x86_64/perl-Tk-devel-804.027-7.1mdv2007.1.x86_64.rpm a7deec6b34f5ae1b4a2415f184fce3f6 2007.1/x86_64/perl-Tk-doc-804.027-7.1mdv2007.1.x86_64.rpm ba77b6b3ba20990bb584112edd8a8a11 2007.1/SRPMS/perl-Tk-804.027-7.1mdv2007.1.src.rpm
Mandriva Linux 2008.0: c0640864a0032ccb32e154b1eeb31e46 2008.0/i586/perl-Tk-804.027-7.1mdv2008.0.i586.rpm cc4587989566c6cc9834aa766a97de70 2008.0/i586/perl-Tk-devel-804.027-7.1mdv2008.0.i586.rpm bbff9b65728eb4be47ffd4fdde627364 2008.0/i586/perl-Tk-doc-804.027-7.1mdv2008.0.i586.rpm 08a52245b151a07de2f1ff578f5b94d4 2008.0/SRPMS/perl-Tk-804.027-7.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 4784cc19583484e691657d027557e273 2008.0/x86_64/perl-Tk-804.027-7.1mdv2008.0.x86_64.rpm e2cb98338952dbcf381ac41755c5bbcf 2008.0/x86_64/perl-Tk-devel-804.027-7.1mdv2008.0.x86_64.rpm 8f5e35f7f7ddffe3a0bc557fc7124f97 2008.0/x86_64/perl-Tk-doc-804.027-7.1mdv2008.0.x86_64.rpm 08a52245b151a07de2f1ff578f5b94d4 2008.0/SRPMS/perl-Tk-804.027-7.1mdv2008.0.src.rpm
...limit of 10 lines reached, additional matching lines are not shown...

Ubuntu: libnet-dns-perl vulnerability - The Community's Center for Security, Jun 14 2008
Ubuntu: libnet-dns-perl vulnerability - The Community's Center for Security
Ubuntu: libnet-dns-perl vulnerability
=========================================================== Ubuntu Security Notice USN-594-1 March 26, 2008 libnet-dns-perl vulnerability CVE-2007-6341 ===========================================================
Ubuntu 6.06 LTS: libnet-dns-perl 0.53-2ubuntu1.1
Ubuntu 6.10: libnet-dns-perl 0.57-1ubuntu1.1
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1.diff.gz Size/MD5: 7499 fe4560bfbbb777dbbbee424434cc9c6d http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1.dsc Size/MD5: 631 0ca3de3311a0b58937007bbd368af1e8 http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53.orig.tar.gz Size/MD5: 119705 404797359373d4df1a025458ab1415f7
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_amd64.deb Size/MD5: 232824 8f4dcf603986c1e8da2e783b303b038c
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_i386.deb Size/MD5: 232530 b9224ad2f4adfb556f2543897c12993e
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_powerpc.deb Size/MD5: 234400 c25cb13ab7e4d5ac37fa41c5f54888c0
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_sparc.deb Size/MD5: 232654 30ceef5c3308959dee0b235426a3003d
...limit of 10 lines reached, additional matching lines are not shown...

RedHat: Moderate: net-snmp security update - The Community's Center for Security, Jun 14 2008
Updated net-snmp packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. A buffer overflow was found in the Perl bindings for Net-SNMP. This could be exploited if an attacker could convince an application using the Net-SNMP Perl module to connect to a malicious SNMP agent. (CVE-2008-2292) ===================================================================== Red Hat Security Advisory
A buffer overflow was found in the Perl bindings for Net-SNMP. This could be exploited if an attacker could convince an application using the Net-SNMP Perl module to connect to a malicious SNMP agent. (CVE-2008-2292)
447262 - CVE-2008-2292 net-snmp: buffer overflow in perl module's Perl Module __snprint_value() 447974 - CVE-2008-0960 net-snmp SNMPv3 authentication bypass (VU#877044)
i386: net-snmp-5.0.9-2.30E.24.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.24.i386.rpm net-snmp-devel-5.0.9-2.30E.24.i386.rpm net-snmp-libs-5.0.9-2.30E.24.i386.rpm net-snmp-perl-5.0.9-2.30E.24.i386.rpm net-snmp-utils-5.0.9-2.30E.24.i386.rpm
ia64: net-snmp-5.0.9-2.30E.24.ia64.rpm net-snmp-debuginfo-5.0.9-2.30E.24.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.24.ia64.rpm net-snmp-devel-5.0.9-2.30E.24.ia64.rpm net-snmp-libs-5.0.9-2.30E.24.i386.rpm net-snmp-libs-5.0.9-2.30E.24.ia64.rpm net-snmp-perl-5.0.9-2.30E.24.ia64.rpm net-snmp-utils-5.0.9-2.30E.24.ia64.rpm
ppc: net-snmp-5.0.9-2.30E.24.ppc.rpm net-snmp-debuginfo-5.0.9-2.30E.24.ppc.rpm net-snmp-debuginfo-5.0.9-2.30E.24.ppc64.rpm net-snmp-devel-5.0.9-2.30E.24.ppc.rpm net-snmp-libs-5.0.9-2.30E.24.ppc.rpm net-snmp-libs-5.0.9-2.30E.24.ppc64.rpm net-snmp-perl-5.0.9-2.30E.24.ppc.rpm net-snmp-utils-5.0.9-2.30E.24.ppc.rpm
s390: net-snmp-5.0.9-2.30E.24.s390.rpm net-snmp-debuginfo-5.0.9-2.30E.24.s390.rpm net-snmp-devel-5.0.9-2.30E.24.s390.rpm net-snmp-libs-5.0.9-2.30E.24.s390.rpm net-snmp-perl-5.0.9-2.30E.24.s390.rpm net-snmp-utils-5.0.9-2.30E.24.s390.rpm
s390x: net-snmp-5.0.9-2.30E.24.s390x.rpm net-snmp-debuginfo-5.0.9-2.30E.24.s390.rpm net-snmp-debuginfo-5.0.9-2.30E.24.s390x.rpm net-snmp-devel-5.0.9-2.30E.24.s390x.rpm net-snmp-libs-5.0.9-2.30E.24.s390.rpm net-snmp-libs-5.0.9-2.30E.24.s390x.rpm net-snmp-perl-5.0.9-2.30E.24.s390x.rpm net-snmp-utils-5.0.9-2.30E.24.s390x.rpm
x86_64: net-snmp-5.0.9-2.30E.24.x86_64.rpm net-snmp-debuginfo-5.0.9-2.30E.24.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.24.x86_64.rpm net-snmp-devel-5.0.9-2.30E.24.x86_64.rpm net-snmp-libs-5.0.9-2.30E.24.i386.rpm net-snmp-libs-5.0.9-2.30E.24.x86_64.rpm net-snmp-perl-5.0.9-2.30E.24.x86_64.rpm net-snmp-utils-5.0.9-2.30E.24.x86_64.rpm
i386: net-snmp-5.0.9-2.30E.24.i386.rpm net-snmp-debuginfo-5.0.9-2.30E.24.i386.rpm net-snmp-devel-5.0.9-2.30E.24.i386.rpm net-snmp-libs-5.0.9-2.30E.24.i386.rpm net-snmp-perl-5.0.9-2.30E.24.i386.rpm net-snmp-utils-5.0.9-2.30E.24.i386.rpm
...limit of 10 lines reached, additional matching lines are not shown...

Mandriva: Updated perl-Net-DNS packages fix DoS - The Community's Center for Security, Jun 14 2008
Mandriva: Updated perl-Net-DNS packages fix DoS - The Community's Center for Security
Mandriva: Updated perl-Net-DNS packages fix DoS
A vulnerability in the Net::DNS perl module was found that could allow remote attackers to cause a denial of service via a crafted DNS response.
... _______________________________________________________________________ Package : perl-Net-DNS Date : March 20, 2008 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 ______________...
References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6341 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 1cf2397dcfe207d625bd24d1d7fc744a 2007.0/i586/perl-Net-DNS-0.58-1.2mdv2007.0.i586.rpm 434fdd9456118124117a26509c6d1674 2007.0/SRPMS/perl-Net-DNS-0.58-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64: 374101d8c50675d8032c5695dfb0866f 2007.0/x86_64/perl-Net-DNS-0.58-1.2mdv2007.0.x86_64.rpm 434fdd9456118124117a26509c6d1674 2007.0/SRPMS/perl-Net-DNS-0.58-1.2mdv2007.0.src.rpm
Mandriva Linux 2007.1: 8ff35127ae1c20c0b4e4cf3734b41d78 2007.1/i586/perl-Net-DNS-0.59-1.2mdv2007.1.i586.rpm 0630c817a581736750b3aa3a36330442 2007.1/SRPMS/perl-Net-DNS-0.59-1.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64: 2db71882e00490ed228d3544e73d5dfa 2007.1/x86_64/perl-Net-DNS-0.59-1.2mdv2007.1.x86_64.rpm 0630c817a581736750b3aa3a36330442 2007.1/SRPMS/perl-Net-DNS-0.59-1.2mdv2007.1.src.rpm
Mandriva Linux 2008.0: 46454d0d2ffbccc32875d38428f5dbb7 2008.0/i586/perl-Net-DNS-0.61-1.1mdv2008.0.i586.rpm 0dd436fba91470dbd4cc4a5371cfa909 2008.0/SRPMS/perl-Net-DNS-0.61-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 3724958b2631242743be3d24ed463e5f 2008.0/x86_64/perl-Net-DNS-0.61-1.1mdv2008.0.x86_64.rpm 0dd436fba91470dbd4cc4a5371cfa909 2008.0/SRPMS/perl-Net-DNS-0.61-1.1mdv2008.0.src.rpm
...limit of 10 lines reached, additional matching lines are not shown...

Debian: New perl packages fix denial of service - The Community's Center for Security, Jun 14 2008
Debian: New perl packages fix denial of service - The Community's Center for Security
Debian: New perl packages fix denial of service
... condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out. - ------------------------------------------------------------------------ Debian Security Advisory DSA-1556-2 security@debian.org http://www....
Package : perl Vulnerability : heap buffer overflow Problem type : local (remote) Debian-specific: no CVE Id : CVE-2008-1927 Debian Bug : 454792
It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
We recommend that you upgrade your perl packages.
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3.dsc Size/MD5 checksum: 1033 a64a02ca01379537d6b203f10b4057b0 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch3.diff.gz Size/MD5 checksum: 99389 ac6b2e452c2062c5e98148f55220b9f3
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch3_all.deb Size/MD5 checksum: 2313550 6150633786b45319e72c73ab60a20d5a http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch3_all.deb Size/MD5 checksum: 7348642 36d0578f3232446b96d10f3488c23949 http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch3_all.deb Size/MD5 checksum: 41038 dfc3818aa0723f40b5ef8d5ca73d06e6
......
......
...limit of 10 lines reached, additional matching lines are not shown...

Debian: New perl packages fix denial of service - The Community's Center for Security, Jun 14 2008
Debian: New perl packages fix denial of service - The Community's Center for Security
Debian: New perl packages fix denial of service
... condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out. - ------------------------------------------------------------------------ Debian Security Advisory DSA-1556-1 security@debian.org http://www....
Package : perl Vulnerability : heap buffer overflow Problem type : local (remote) Debian-specific: no CVE Id : CVE-2008-1927 Debian Bug : 454792
It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
We recommend that you upgrade your perl packages.
http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2.dsc Size/MD5 checksum: 1033 a76db5d6c1c52e969641f262971d671b http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8-7etch2.diff.gz Size/MD5 checksum: 96868 456e57f3e1d3c9ec432175496a646030 http://security.debian.org/pool/updates/main/p/perl/perl_5.8.8.orig.tar.gz Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7
http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.8-7etch2_all.deb Size/MD5 checksum: 2313432 dbbb5c3c64e2384db97b4b487610bc5e http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.8-7etch2_all.deb Size/MD5 checksum: 7348546 ed4582d9dede3e6c429d7501c3111e72 http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.8-7etch2_all.deb Size/MD5 checksum: 40980 b0ff6226ffb342f1e2c8c53c32caf5b3
......
......
...limit of 10 lines reached, additional matching lines are not shown...

Mandriva: Updated perl packages fix denial of service - The Community's Center for Security, Jun 14 2008
Mandriva: Updated perl packages fix denial of service - The Community's Center for Security
Mandriva: Updated perl packages fix denial of service
A double free vulnerability in Perl 5.8.8 and earlier versions, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.
... perl Date : May 11, 2008 Affected: 2007.1, 2008.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 ___________...
......
....2mdv2007.1.x86_64.rpm 02...
...-devel-5.8.8-12.2mdv2008.0.i586.rpm 5e4b82208d8b58deef43ebc40d...
....2mdv2008.0.x86_64.rpm 4f...
Corporate 3.0: 6541cd09e61b24557dc2a6da79a26e75 corporate/3.0/i586/perl-5.8.3-5.8.C30mdk.i586.rpm 3361f8b0bcc7264024d8e8b230ef4046 corporate/3.0/i586/perl-base-5.8.3-5.8.C30mdk.i586.rpm 8d3bdf4209f003efc7314c62313a1868 corporate/3.0/i586/perl-devel-5.8.3-5.8.C30mdk.i586.rpm 05b2077f7c2826a738495bb3b51493fb corporate/3.0/i586/perl-doc-5.8.3-5.8.C30mdk.i586.rpm 717f3c1eb7aea5ccbb7c34015a1d1a14 corporate/3.0/SRPMS/perl-5.8.3-5.8.C30mdk.src.rpm
Corporate 3.0/X86_64: 88004594708e21886759c473aa7438a9 corporate/3.0/x86_64/perl-5.8.3-5.8.C30mdk.x86_64.rpm 836fd16b824a68e5ae9ee38dcc6dda98 corporate/3.0/x86_64/perl-base-5.8.3-5.8.C30mdk.x86_64.rpm 633826ab46f461fbdb4e48deb662b50b corporate/3.0/x86_64/perl-devel-5.8.3-5.8.C30mdk.x86_64.rpm 9f8c8ea413e5558c236c29963555d89b corporate/3.0/x86_64/perl-doc-5.8.3-5.8.C30mdk.x86_64.rpm 717f3c1eb7aea5ccbb7c34015a1d1a14 corporate/3.0/SRPMS/perl-5.8.3-5.8.C30mdk.src.rpm
...limit of 10 lines reached, additional matching lines are not shown...

Gentoo: Perl Execution of arbitrary code - The Community's Center for Security, Jun 14 2008
Gentoo: Perl Execution of arbitrary code - The Community's Center for Security
Gentoo: Perl Execution of arbitrary code
...... =3D=3D=3D=3D=3D=3D=3D=3D A double free vulnerability was discovered in Perl, possibly resulting in the execution of arbitrary code and a Denial of Service. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - -...
Severity: Normal Title: Perl: Execution of arbitrary code Date: May 20, 2008 Bugs: #219203 ID: 200805-17
A double free vulnerability was discovered in Perl, possibly resulting in the execution of arbitrary code and a Denial of Service.
Perl is a stable, cross platform programming language.
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/perl < 5.8.8-r5 >=3D 5.8.8-r5 2 sys-devel/libperl < 5.8.8-r2 >=3D 5.8.8-r2 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.
All Perl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=3Ddev-lang/perl-5.8.8-r5"

RedHat: Important: perl security update - The Community's Center for Security, Jun 14 2008
RedHat: Important: perl security update - The Community's Center for Security

Linux Advisory Watch: March 28th, 2008 - The Community's Center for Security, Jun 14 2008
This week, advisories were released for policyd, firebird, cupsys, serendipity, debian-goodies, xwine, asterisk, kerberos, ssl-cert, openssl, perl-Tk, wml, bzip2, audacity, perl-Net-DNS, Ruby, Dovecot, libicu, unzip, and mysql. The distributors include Debian, Gentoo, Mandriva, and Ubuntu.
Mandriva: Updated perl-Tk packages fix GIF processing (Mar 26)
A vulnerability in perl-Tk was found where specially crafted GIF images could crash perl-Tk (an identical issue to that found in php-gd, gd, and SDL_image). The updated packages have been patched to correct this issue.
Mandriva: Updated perl-Net-DNS packages fix DoS (Mar 20)
A vulnerability in the Net::DNS perl module was found that could allow remote attackers to cause a denial of service via a crafted DNS response. The updated packages have been patched to correct this issue.
Ubuntu: libnet-dns-perl vulnerability (Mar 26)

Linux Advisory Watch: May 2nd, 2008 - The Community's Center for Security, Jun 14 2008
This week security advisories were issued for JRockit, KDE, SILC, dbmail, gstreamer-plugins-good, iceape, java-1.4.2-bea, java-1.5.0-bea, java-1.6.0-bea, kronolith2, ldm, libpng, perl, phpgedview, phpmyadmin, speex, thunderbird, tomcat, vorbis-tools, wireshark, wml, wordpress, and xulrunner. The distributors included Debian, Fedora, Gentoo, Mandriva, Red Hat, and Slackware.
Debian: New perl packages fix denial of service (Apr 27)
It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.
Debian: New perl packages fix denial of service (Apr 24)
It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When encountering this condition, the Perl interpreter typically crashes, but arbitrary code execution cannot be ruled out.

Linux Advisory Watch - The Community's Center for Security, Jun 14 2008
This week advisories were released for type3, mt-daapd, xorg-server, imlib2, tomcat, kernel, gnome-panel, nautilus, evolution, perl, xfree, ucd-snmp, openssl-blacklist, and OpenVPN. The distributors include Debian, Gentoo, Mandriva, Red Hat, and Ubuntu.
This week, advisories were released for xine-lib, speex, libfissound, gnome-peercast, gnutls13, phpgedview, netpbm-free, php4, GnuTLS, ClamAV, Mozilla, Perl, kernel, libid3tag, libvorbis, rdisktop, bind, mysql, nss_ldap, compiz, vsftpd, dovecot, settroubleshoot, libxslt, gnutls, java, openssl-blacklist. The distributors include Debian, Gentoo, Mandriva, Red Hat, and Ubuntu.
This week, advisories were released for gforge, openssh, openssl, icedove, sipp, openoffic, libid3tag, InspIRCd, firebird, perl, drakxtools, hal-info, ImageMagick, libvorbis, xen, gpdf, php, mozilla-thunderbird, OpenVPN, and Speex. The distributors include Debian, Gentoo, Mandriva, Red Hat, Slackware, and Ubuntu.
This week security advisories were issued for JRockit, KDE, SILC, dbmail, gstreamer-plugins-good, iceape, java-1.4.2-bea, java-1.5.0-bea, java-1.6.0-bea, kronolith2, ldm, libpng, perl, phpgedview, phpmyadmin, speex, thunderbird, tomcat, vorbis-tools, wireshark, wml, wordpress, and xulrunner. The distributors included Debian, Fedora, Gentoo, Mandriva, Red Hat, and Slackware.
This week security advisories were issued for Adobe Flash Player, Firefox,Gnumeric, JRockit, KOffice, OpenOffice.org, Openfire, PHP Toolkit, Poppler, PowerDNS, SILC, Speex, Sun JDK/JRE, VLC, clamav, iceape, iceweasel, kdegraphics, perl, phpmyadmin, roundup, rsync, suphp, wireshark, xine-lib, xpdf, and xulrunner. The distributors included Debian, Gentoo, Mandriva, Red Hat, Slackware, SuSE, and Ubuntu.
This week, advisories were released for policyd, firebird, cupsys, serendipity, debian-goodies, xwine, asterisk, kerberos, ssl-cert, openssl, perl-Tk, wml, bzip2, audacity, perl-Net-DNS, Ruby, Dovecot, libicu, unzip, and mysql. The distributors include Debian, Gentoo, Mandriva, and Ubuntu.

Security for Unix Webservers Search Results: