Detalji

Uočena je i ispravljena ranjivost programskog paketa Perl, namijenjenog operacijskom sustavu Fedora 15. Riječ je o skriptnom jeziku koji se ponajviše koristi za praktičnu i učinkovitu obradu teksta. Propust je vezan uz funkcije lc, lcfirst, uc i ucfirst koje ne koriste "taint" atribut za vraćanje vrijednosti nakon obrade ulaznih podataka tipa "taint". To može omogućiti kontekstno ovisnom napadaču izbjegavanje "taint" zaštitnog mehanizma pomoću posebno oblikovanog znakovnog zapisa. Ako mu to uspije, može ostvariti pristup datotečnom sustavu ili dobiti mogućnost izvršavanja proizvoljnih naredbi. Svim korisnicima preporučuje se instalacija najnovije inačice.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-4631
2011-04-03 03:54:08
--------------------------------------------------------------------------------

Name        : perl
Product     : Fedora 15
Version     : 5.12.3
Release     : 156.fc15
URL         : http://www.perl.org/
Summary     : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk and shell
scripting.  Perl is good at handling processes and files, and is especially
good at handling text.  Perl's hallmarks are practicality and efficiency.
While it is used to do a lot of different things, Perl's most common
applications are system administration utilities and web programming.  A large
proportion of the CGI scripts on the web are written in Perl.  You need the
perl package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your system to
handle Perl scripts.

--------------------------------------------------------------------------------
Update Information:

Security bug: lc launder tainted data

http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336

Cwd.so should go the subpackage.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #692898 - CVE-2011-1487 perl: lc(), uc() routines are laundering
tainted data
        https://bugzilla.redhat.com/show_bug.cgi?id=692898
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh