Detalji

Kod programskog paketa Perl, distribuiranog s operacijskim sustavom Fedora 14, uočena je nova sigurnosna ranjivost. Perl je prevodioc istoimenog skriptnog, objektno-orijentiranog programskog jezika. Pogreške se javljaju u radu "uc()", "lc()", "lcfirst()" i "ucfist()" funkcija. Udaljeni napadači mogu iskoristiti navedene propuste za obilaženje postavljenih sigurnosnih ograničenja. Svi se korisnici upućuju na detaljnije informiranje o propustu, a potom i na dostupnu nadogradnju kako bi se dodatno zaštitili. 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-4610
2011-04-02 22:20:33
--------------------------------------------------------------------------------

Name        : perl
Product     : Fedora 14
Version     : 5.12.3
Release     : 143.fc14
URL         : http://www.perl.org/
Summary     : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting.  Perl is good at handling processes and files,
and is especially good at handling text.  Perl's hallmarks are
practicality and efficiency.  While it is used to do a lot of
different things, Perl's most common applications are system
administration utilities and web programming.  A large proportion of
the CGI scripts on the web are written in Perl.  You need the perl
package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your
system to handle Perl scripts.

--------------------------------------------------------------------------------
Update Information:

Security bug: lc launder tainted data

http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr  1 2011 Marcela MaÅ¥lÃ¥Å?ovÃ¥ <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 4:5.12.3-143 
- 692900 - lc launders tainted flag, RT #87336
* Thu Mar 10 2011 Tom Callaway <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 4:5.12.3-142
- update ExtUtils::ParseXS to 2.2206 (current) to fix Wx build
* Mon Jan 24 2011 Marcela MaÅ¥lÃ¥Å?ovÃ¥ <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 4:5.12.3-141
- stable update 5.12.3
- add COMPAT
* Wed Dec  1 2010 Marcela MaÅ¥lÃ¥Å?ovÃ¥ <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 4:5.12.2-140
- create sub-package for CGI 3.49
- create sub-package for threads-shared
* Tue Nov  9 2010 Petr Pisar <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 4:5.12.2-139
- Sub-package perl-Class-ISA (bug #651317)
* Mon Nov  8 2010 Marcela MaÅ¥lÃ¥Å?ovÃ¥ <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 4:5.12.2-138
- 643447 fix redefinition of constant C in h2ph (visible in git send mail,
  XML::Twig test suite)
* Mon Nov  8 2010 Petr Pisar <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 4:5.12.2-137
- Make perl(ExtUtils::ParseXS) version 4 digits long (bug #650882)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #692900 - perl: lc(), uc() routines are laundering tainted data
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=692900
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh