perl 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1135132464
업데이트 : 2005.12.21
상세내용
- fix to fix for CVE-2004-0976 / bz136325: perl5db.pl typo '/tmp' -> '"/tmp"'!
- Further enhancements to sprintf integer overflow patch
(Upstream patches 26322 26331 and 26333 for CVE-2005-3962 / bz174717 )
- Fix CVE-2004-0976 / bz136325: fix issues with solardesigner's patch
to perldbtty.pl and c2ph.PL, pointed out by Pekka Savola and David Eisenstein
- Apply upstream patches 26283 and 26284 : complete, revised fixes
for bug 174683 / CVE-2005-3962 and CVE-2005-3912 and
"Sys::Syslog security vulnerabilities" issues.
- Fix bug 136009 / MakeMaker LD_RUN_PATH issue:
restore previous default Red Hat behavior of removing the MakeMaker
generated LD_RUN_PATH setting from the link command .
Document this removal, as it contravenes upstream default behavior, and
provide a USE_MM_LD_RUN_PATH MakeMaker member to enable use of the
MakeMaker generated LD_RUN_PATH .
- fix bug 174683 / CVE-2005-3962: sprintf integer overflow vulnerability
backport upstream patch #26240
- fix bug 136009: restore MakeMaker support for LD_RUN_PATH,
while removing empty LD_RUN_PATH
- fix CAN-2004-0976: insecure use of temporary files
- fix bug 164772: panic (crash) on invalid UTF-8 in Encode.xs
- fix bug 172327 / upstream bug 37056: backport upstream patch 25084:
prevent realloc recursion on nss get* ERANGE errno
- fix bug 170088: broken h2ph fixed with h2ph from 5.8.7
- fix bug 171111 / upstream bug 37535: IOCPARM_LEN should be _IOC_SIZE
- fix bug 172236: make h2ph pick up gcc built-in include directory
Autoupdates 지원 : 지원
update 패키지
RPMS :
. perl-5.8.5-14.i686.rpm
SRPMS :
. perl-5.8.5-14.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962
|