[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:27292] [SECURITY] [DSA 034-1] New version of ePerl packages available (debian-security-announce@lists.debian.org)



debian-security-announce@lists.debian.orgに、ePerlパッケージの
最新版のアナウンスが出ました。修正済みバージョンは2.2.14-0.7potato2 
です。このバージョンへのアップデートをおすすめします。

ePerlにバッファオーバランに関する問題がみつかっています。
くわしい内容は原文をご覧ください。

以下、アナウンスの引用です。

From: Martin Schulze <joey@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: [SECURITY] [DSA 034-1] New version of ePerl packages available
Date: Wed, 7 Mar 2001 17:20:04 +0100
> - ----------------------------------------------------------------------------
> Debian Security Advisory DSA-034-1                       security@debian.org
> http://www.debian.org/security/                               Martin Schulze
> March 7, 2001
> - ----------------------------------------------------------------------------
> 
> Package        : ePerl
> Vulnerability  : buffer overflow
> Type           : local and remote root exploit
> Debian-specific: no
> 
> Fumitoshi Ukai and Denis Barbier have found several potential buffer
> overflow bugs in our version of ePerl as distributed in all of our
> distributions.  
> 
> When eperl is installed setuid root, it can switch to the UID/GID of
> the scripts owner.  Although Debian doesn't ship the program setuid
> root, this is a useful feature which people may have activated
> locally.  When the program is used as /usr/lib/cgi-bin/nph-eperl the
> bugs could lead into a remote vulnerability as well.
> 
> Version 2.2.14-0.7potato2 fixes this.
> 
> We recommend you upgrade your eperl package immediately.
> 
> wget url
> 	will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
> 
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
(中略)
> - ----------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
(以下省略)

以上です。
-- 
喜瀬“冬猫”浩@南国沖縄