AnNyung Official Homepage Home > Update [ 1.3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



perl 보안 업데이트 
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1278699050
업데이트 : 2010.07.10


상세내용

보안버그 fix:

  . CVE-2008-5302
  Race condition in the rmtree function in File::Path 1.08 and 2.07
  (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create
  arbitrary setuid binaries via a symlink attack, a different vulnerability
  than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a
  regression error related to CVE-2005-0448. It is different from CVE-2008-5303
  due to affected versions.

  . CVE-2010-1168
  he Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent
  attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access
  restrictions, and inject and execute arbitrary code, via vectors involving
  implicitly called methods and implicitly blessed objects, as demonstrated
  by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

  . CVE-2010-1447
  The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl,
  as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21,
  8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0
  Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval
  and (2) Safe::rdo access restrictions, and inject and execute arbitrary code,
  via vectors involving subroutine references and delayed execution.

  . CVE-2008-5302
  Race condition in the rmtree function in File::Path 1.08 and 2.07
  (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create
  arbitrary setuid binaries via a symlink attack, a different vulnerability
  than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a
  regression error related to CVE-2005-0448. It is different from CVE-2008-5303
  due to affected versions.


Autoupdates 지원 : 지원


update 패키지

  RPMS :

    . perl-5.8.8-32.el5.i686.rpm

  SRPMS :

    . perl-5.8.8-32.el5.src.rpm


참고 : 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5302


    

 Home > Update [ 1.3 ]
Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2018/04/10