perl 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1155649097
업데이트 : 2006.08.15
상세내용
. CVE-2006-3813
Kevin Finisterre discovered a flaw in sperl, the Perl setuid wrapper, which
can cause debugging information to be logged to arbitrary files. By setting
an environment variable, a local user could cause sperl to create, as root,
files with arbitrary filenames, or append the debugging information to
existing files. (CVE-2005-0155)
A fix for this issue was first included in the update RHSA-2005:103
released in February 2005. However the patch to correct this issue was
dropped from the update RHSA-2005:674 made in October 2005. This
regression has been assigned CVE-2006-3813.
Autoupdates 지원 : 지원
update 패키지
RPMS :
. perl-5.8.5-36.i686.rpm
SRPMS :
. perl-5.8.5-36.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3813
|