Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2010-0458

Опубликовано: 07 июн. 2010
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2010-0458: perl security update (MODERATE)

[4:5.8.8-32.el5.1]

  • third version of patch fix change of behaviour of rmtree for common user
  • Resolves: rhbz#597203

[4:5.8.8-32.el5]

  • rhbz#595416 change documentation of File::Path
  • Related: rhbz#591167

[4:5.8.8-31.el5]

  • remove previous fix
  • Related: rhbz#591167

[4:5.8.8-30.el5]

  • change config to file on Util.so
  • Related: rhbz#594406

[4:5.8.8-29.el5]

  • CVE-2008-5302 - use latest patch without Cwd module
  • 507378 because of our paths we need to overload old Util.so in case customer installed Scalar::Util from cpan. In this case we marked new Util.so as .rpmnew.
  • Related: rhbz#591167
  • Resolves: rhbz#594406

[4:5.8.8-28.el5]

  • CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
  • CVE-2010-1168 perl Safe: Intended restriction bypass via object references
  • CVE-2010-1447 Safe 2.26 and earlier: Intended restriction bypass via Perl object references in code executed outside safe compartment
  • Related: rhbz#591167

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

perl

5.8.8-32.el5_5.1

perl-suidperl

5.8.8-32.el5_5.1

Oracle Linux x86_64

perl

5.8.8-32.el5_5.1

perl-suidperl

5.8.8-32.el5_5.1

Oracle Linux i386

perl

5.8.8-32.el5_5.1

perl-suidperl

5.8.8-32.el5_5.1

Связанные CVE

CVE-2008-5302
CVE-2008-5303
CVE-2010-1168
CVE-2010-1447

Ссылки на источники

Связанные уязвимости

fstec логотип

BDU:2015-02556

fstec
больше 16 лет назад

Уязвимости операционной системы Debian GNU/Linux, позволяющие локальному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

ubuntu логотип

CVE-2008-5302

ubuntu
больше 16 лет назад

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.

redhat логотип

CVE-2008-5302

redhat
больше 16 лет назад

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.

nvd логотип

CVE-2008-5302

nvd
больше 16 лет назад

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.

debian логотип

CVE-2008-5302

debian
больше 16 лет назад

Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib ...