perl 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1278699050
업데이트 : 2010.07.10
상세내용
보안버그 fix:
. CVE-2008-5302
Race condition in the rmtree function in File::Path 1.08 and 2.07
(lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create
arbitrary setuid binaries via a symlink attack, a different vulnerability
than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a
regression error related to CVE-2005-0448. It is different from CVE-2008-5303
due to affected versions.
. CVE-2010-1168
he Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent
attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access
restrictions, and inject and execute arbitrary code, via vectors involving
implicitly called methods and implicitly blessed objects, as demonstrated
by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."
. CVE-2010-1447
The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl,
as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21,
8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0
Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval
and (2) Safe::rdo access restrictions, and inject and execute arbitrary code,
via vectors involving subroutine references and delayed execution.
. CVE-2008-5302
Race condition in the rmtree function in File::Path 1.08 and 2.07
(lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create
arbitrary setuid binaries via a symlink attack, a different vulnerability
than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a
regression error related to CVE-2005-0448. It is different from CVE-2008-5303
due to affected versions.
Autoupdates 지원 : 지원
update 패키지
RPMS :
. perl-5.8.8-32.el5.i686.rpm
SRPMS :
. perl-5.8.8-32.el5.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5302
|