Security Advisory perl security update

Advisory: RHSA-2006:0605-6
Type: Security Advisory
Severity: Important
Issued on: 2006-08-10
Last updated on: 2006-08-10
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2006-3813

Details

Updated Perl packages that fix security a security issue are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

Kevin Finisterre discovered a flaw in sperl, the Perl setuid wrapper, which
can cause debugging information to be logged to arbitrary files. By setting
an environment variable, a local user could cause sperl to create, as root,
files with arbitrary filenames, or append the debugging information to
existing files. (CVE-2005-0155)

A fix for this issue was first included in the update RHSA-2005:103
released in February 2005. However the patch to correct this issue was
dropped from the update RHSA-2005:674 made in October 2005. This
regression has been assigned CVE-2006-3813.

Users of Perl are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
perl-5.8.5-36.RHEL4.src.rpm     1a1cb67f57489eeec48c476419abe21b
 
IA-32:
perl-5.8.5-36.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0961		     4060aca3f76d65d59d7c7d00bd53b70e
perl-suidperl-5.8.5-36.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0961		     edb22fcfe455c21bfd272c74e9ce6837
 
x86_64:
perl-5.8.5-36.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0961		     a2bb0ab0ff5319f5253a84b6d57147de
perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0961		     ef416fbb8cce60759907f36625f22bd7
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
perl-5.8.5-36.RHEL4.src.rpm     1a1cb67f57489eeec48c476419abe21b
 
IA-32:
perl-5.8.5-36.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0961		     4060aca3f76d65d59d7c7d00bd53b70e
perl-suidperl-5.8.5-36.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0961		     edb22fcfe455c21bfd272c74e9ce6837
 
IA-64:
perl-5.8.5-36.RHEL4.ia64.rpm
File outdated by:  RHBA-2009:0961		     cd08f7b4cb850213d2757bfada9dd956
perl-suidperl-5.8.5-36.RHEL4.ia64.rpm
File outdated by:  RHBA-2009:0961		     35b7ff4152135396feb0b0083831247b
 
PPC:
perl-5.8.5-36.RHEL4.ppc.rpm
File outdated by:  RHBA-2009:0961		     a77b3207552f5e625f329b61e09577b5
perl-suidperl-5.8.5-36.RHEL4.ppc.rpm
File outdated by:  RHBA-2009:0961		     458cf86bb3db0da22ae6378485deffac
 
s390:
perl-5.8.5-36.RHEL4.s390.rpm
File outdated by:  RHBA-2009:0961		     519fc6b7fd84a91a472a670727c55de3
perl-suidperl-5.8.5-36.RHEL4.s390.rpm
File outdated by:  RHBA-2009:0961		     b5dc4f4882b412b6260f24ab2b85fdda
 
s390x:
perl-5.8.5-36.RHEL4.s390x.rpm
File outdated by:  RHBA-2009:0961		     95fefe02a5cea938b95be2b995ae8833
perl-suidperl-5.8.5-36.RHEL4.s390x.rpm
File outdated by:  RHBA-2009:0961		     b146373683877b421333b4edd3e2c1ff
 
x86_64:
perl-5.8.5-36.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0961		     a2bb0ab0ff5319f5253a84b6d57147de
perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0961		     ef416fbb8cce60759907f36625f22bd7
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
perl-5.8.5-36.RHEL4.src.rpm     1a1cb67f57489eeec48c476419abe21b
 
IA-32:
perl-5.8.5-36.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0961		     4060aca3f76d65d59d7c7d00bd53b70e
perl-suidperl-5.8.5-36.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0961		     edb22fcfe455c21bfd272c74e9ce6837
 
IA-64:
perl-5.8.5-36.RHEL4.ia64.rpm
File outdated by:  RHBA-2009:0961		     cd08f7b4cb850213d2757bfada9dd956
perl-suidperl-5.8.5-36.RHEL4.ia64.rpm
File outdated by:  RHBA-2009:0961		     35b7ff4152135396feb0b0083831247b
 
x86_64:
perl-5.8.5-36.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0961		     a2bb0ab0ff5319f5253a84b6d57147de
perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0961		     ef416fbb8cce60759907f36625f22bd7
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
perl-5.8.5-36.RHEL4.src.rpm     1a1cb67f57489eeec48c476419abe21b
 
IA-32:
perl-5.8.5-36.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0961		     4060aca3f76d65d59d7c7d00bd53b70e
perl-suidperl-5.8.5-36.RHEL4.i386.rpm
File outdated by:  RHBA-2009:0961		     edb22fcfe455c21bfd272c74e9ce6837
 
IA-64:
perl-5.8.5-36.RHEL4.ia64.rpm
File outdated by:  RHBA-2009:0961		     cd08f7b4cb850213d2757bfada9dd956
perl-suidperl-5.8.5-36.RHEL4.ia64.rpm
File outdated by:  RHBA-2009:0961		     35b7ff4152135396feb0b0083831247b
 
x86_64:
perl-5.8.5-36.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0961		     a2bb0ab0ff5319f5253a84b6d57147de
perl-suidperl-5.8.5-36.RHEL4.x86_64.rpm
File outdated by:  RHBA-2009:0961		     ef416fbb8cce60759907f36625f22bd7
 
(The unlinked packages above are only available from the Red Hat Network)

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3813
http://rhn.redhat.com/errata/RHSA-2005-105.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0155
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/