Skip to navigation

Security Advisory perl security update

Advisory: RHSA-2005:069-08
Type: Security Advisory
Severity: Low
Issued on: 2005-02-01
Last updated on: 2005-02-01
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-0077

Details

An updated perl-DBI package that fixes a temporary file flaw in
DBI::ProxyServer is now available.

DBI is a database access Application Programming Interface (API) for
the Perl programming language.

The Debian Security Audit Project discovered that the DBI library creates a
temporary PID file in an insecure manner. A local user could overwrite or
create files as a different user who happens to run an application which
uses DBI::ProxyServer. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0077 to this issue.

Users should update to this erratum package which disables the temporary
PID file unless configured.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/i386/perl-DBI-1.32-9.i386.rpm
Missing file
    MD5: 6aea6d47ab2a26300af6ed577405e6b7
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/x86_64/perl-DBI-1.32-9.x86_64.rpm
Missing file
    MD5: 86936f627f02c8f96da5467c536997e6
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.18-3/i386/perl-DBI-1.18-3.i386.rpm
Missing file
    MD5: 22af0266ecb99d0997a2d9f245e3a048
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.18-3/ia64/perl-DBI-1.18-3.ia64.rpm
Missing file
    MD5: c77842c2d3164aaaccbdbc835b28834b
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/i386/perl-DBI-1.32-9.i386.rpm
Missing file
    MD5: 6aea6d47ab2a26300af6ed577405e6b7
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/ia64/perl-DBI-1.32-9.ia64.rpm
Missing file
    MD5: 9f9dbb9313e84f86908b00aeb737c424
 
PPC:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/ppc/perl-DBI-1.32-9.ppc.rpm
Missing file
    MD5: ff90be122c3636ba3b2b253428092633
 
s390:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/s390/perl-DBI-1.32-9.s390.rpm
Missing file
    MD5: fc8faf4640441c1b5cd77972a23ac4ec
 
s390x:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/s390x/perl-DBI-1.32-9.s390x.rpm
Missing file
    MD5: 371823a6fb25f64dd773073c814d513b
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/x86_64/perl-DBI-1.32-9.x86_64.rpm
Missing file
    MD5: 86936f627f02c8f96da5467c536997e6
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.18-3/i386/perl-DBI-1.18-3.i386.rpm
Missing file
    MD5: 22af0266ecb99d0997a2d9f245e3a048
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/i386/perl-DBI-1.32-9.i386.rpm
Missing file
    MD5: 6aea6d47ab2a26300af6ed577405e6b7
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/ia64/perl-DBI-1.32-9.ia64.rpm
Missing file
    MD5: 9f9dbb9313e84f86908b00aeb737c424
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/x86_64/perl-DBI-1.32-9.x86_64.rpm
Missing file
    MD5: 86936f627f02c8f96da5467c536997e6
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.18-3/i386/perl-DBI-1.18-3.i386.rpm
Missing file
    MD5: 22af0266ecb99d0997a2d9f245e3a048
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/i386/perl-DBI-1.32-9.i386.rpm
Missing file
    MD5: 6aea6d47ab2a26300af6ed577405e6b7
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/ia64/perl-DBI-1.32-9.ia64.rpm
Missing file
    MD5: 9f9dbb9313e84f86908b00aeb737c424
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.32-9/x86_64/perl-DBI-1.32-9.x86_64.rpm
Missing file
    MD5: 86936f627f02c8f96da5467c536997e6
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/perl-DBI/1.18-3/ia64/perl-DBI-1.18-3.ia64.rpm
Missing file
    MD5: c77842c2d3164aaaccbdbc835b28834b
 

Bugs fixed (see bugzilla for more information)

145577 - CAN-2005-0077 perl-DBI insecure temporary file usage


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/