-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:115 http://www.mandriva.com/security/ _______________________________________________________________________ Package : perl Date : June 11, 2010 Affected: 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been discovered and corrected in Safe.pm which could lead to escalated privilegies (CVE-2010-1168, CVE-2010-1447). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1168 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1447 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 00d3098831f3c94fd3e301a2e9b3d3d2 2009.0/i586/perl-5.10.0-25.2mdv2009.0.i586.rpm 5eb7a1bda35c58f0bf353cfa845ef65e 2009.0/i586/perl-base-5.10.0-25.2mdv2009.0.i586.rpm e465d32e8e21049d63ebc6c44730b691 2009.0/i586/perl-devel-5.10.0-25.2mdv2009.0.i586.rpm 479cdd1789b4ddb41e9309ebf24ba418 2009.0/i586/perl-doc-5.10.0-25.2mdv2009.0.i586.rpm 7c0936a984a432ed2e1bfc44c0d09fc9 2009.0/i586/perl-suid-5.10.0-25.2mdv2009.0.i586.rpm 82a2602a2f8ae6cf3a675a6918e24d3e 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: d3f41fadc8bd3688a8b0189eb1968c77 2009.0/x86_64/perl-5.10.0-25.2mdv2009.0.x86_64.rpm e5655094bbf5d1925db468ff707b8e18 2009.0/x86_64/perl-base-5.10.0-25.2mdv2009.0.x86_64.rpm 3c7aa589dfc884a80e4e70b269140d44 2009.0/x86_64/perl-devel-5.10.0-25.2mdv2009.0.x86_64.rpm 96691039825e0d138ecfb4f4731736ea 2009.0/x86_64/perl-doc-5.10.0-25.2mdv2009.0.x86_64.rpm 6854569c6281b018af7afbb2f3bc04ad 2009.0/x86_64/perl-suid-5.10.0-25.2mdv2009.0.x86_64.rpm 82a2602a2f8ae6cf3a675a6918e24d3e 2009.0/SRPMS/perl-5.10.0-25.2mdv2009.0.src.rpm Mandriva Linux 2009.1: 32ac91fdee352364f14770ec855e0375 2009.1/i586/perl-5.10.0-25.1mdv2009.1.i586.rpm a6d92fad394404c4f6e4ecdedf0ef3d0 2009.1/i586/perl-base-5.10.0-25.1mdv2009.1.i586.rpm 6ec44b6cd15d787afa051aa2f7a079a0 2009.1/i586/perl-devel-5.10.0-25.1mdv2009.1.i586.rpm 56cc85abe12ffc13e91c7d606c3f5a2f 2009.1/i586/perl-doc-5.10.0-25.1mdv2009.1.i586.rpm 6e5389395602f29f3678c9e8a5f1aa15 2009.1/i586/perl-suid-5.10.0-25.1mdv2009.1.i586.rpm d67bc28faa49cd0656ac8256c7cff801 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 5e955d0a68966fa5e8a408381e7046dd 2009.1/x86_64/perl-5.10.0-25.1mdv2009.1.x86_64.rpm 9de85776e7e93665721dce1731474229 2009.1/x86_64/perl-base-5.10.0-25.1mdv2009.1.x86_64.rpm 2dcc1876750306565ca77cfa69e83e2b 2009.1/x86_64/perl-devel-5.10.0-25.1mdv2009.1.x86_64.rpm 2a24a59f7557ecd5f9f231677b50fa00 2009.1/x86_64/perl-doc-5.10.0-25.1mdv2009.1.x86_64.rpm bb2d6a661623d31317822aeb7308b9dd 2009.1/x86_64/perl-suid-5.10.0-25.1mdv2009.1.x86_64.rpm d67bc28faa49cd0656ac8256c7cff801 2009.1/SRPMS/perl-5.10.0-25.1mdv2009.1.src.rpm Corporate 4.0: b326fe2db35f1dd9ac9169f9af6b5fc1 corporate/4.0/i586/perl-5.8.7-3.6.20060mlcs4.i586.rpm 3283f2531e5d33008b61575d7c90cedd corporate/4.0/i586/perl-base-5.8.7-3.6.20060mlcs4.i586.rpm 2dea5e372272c9990fb79d5e0b3d4c16 corporate/4.0/i586/perl-devel-5.8.7-3.6.20060mlcs4.i586.rpm 245ea4f820b232d147045b1e02e1bbb5 corporate/4.0/i586/perl-doc-5.8.7-3.6.20060mlcs4.i586.rpm 3e2bad0ffc7ed43c865c6ae1b76f05ef corporate/4.0/i586/perl-suid-5.8.7-3.6.20060mlcs4.i586.rpm 65dfaa9de6379b4d1f7a7b996b6af8be corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 2bb0dc22bd0bae5dd123d95f7f304934 corporate/4.0/x86_64/perl-5.8.7-3.6.20060mlcs4.x86_64.rpm 54dd2c26efb5f0b83f8f82cc6da12e46 corporate/4.0/x86_64/perl-base-5.8.7-3.6.20060mlcs4.x86_64.rpm 15f9345bd763e98aff10ffc36811f699 corporate/4.0/x86_64/perl-devel-5.8.7-3.6.20060mlcs4.x86_64.rpm 297218e6bf27da8dd414078b36218757 corporate/4.0/x86_64/perl-doc-5.8.7-3.6.20060mlcs4.x86_64.rpm 526f48beb05b4175e867bc1ec852fa77 corporate/4.0/x86_64/perl-suid-5.8.7-3.6.20060mlcs4.x86_64.rpm 65dfaa9de6379b4d1f7a7b996b6af8be corporate/4.0/SRPMS/perl-5.8.7-3.6.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 95bfe8ce07733fe7ec7890bacf1770f5 mes5/i586/perl-5.10.0-25.2mdvmes5.1.i586.rpm 04d8c9d3262848cae5211d136c83b995 mes5/i586/perl-base-5.10.0-25.2mdvmes5.1.i586.rpm 8186d5d14d1aec46e27b12540c98673a mes5/i586/perl-devel-5.10.0-25.2mdvmes5.1.i586.rpm 0f13e7c3e3ed27b539e1f1cb8a881be2 mes5/i586/perl-doc-5.10.0-25.2mdvmes5.1.i586.rpm 4e9f1aae20148662c3dee770a792f55c mes5/i586/perl-suid-5.10.0-25.2mdvmes5.1.i586.rpm d9e5230e96aa99ef5c5a5c52e3061c4a mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 869dfeea157fc17cedf1e9e66ddb3bb9 mes5/x86_64/perl-5.10.0-25.2mdvmes5.1.x86_64.rpm b20b2f46b7a74f8e98e19c8b917e6292 mes5/x86_64/perl-base-5.10.0-25.2mdvmes5.1.x86_64.rpm 116dc346f811a5cd6bfaec340b79aac1 mes5/x86_64/perl-devel-5.10.0-25.2mdvmes5.1.x86_64.rpm 75d5d76d48f16ea5af6e5a903e553d43 mes5/x86_64/perl-doc-5.10.0-25.2mdvmes5.1.x86_64.rpm c0067e1c7f55bfffc7f7527a4268b6c8 mes5/x86_64/perl-suid-5.10.0-25.2mdvmes5.1.x86_64.rpm d9e5230e96aa99ef5c5a5c52e3061c4a mes5/SRPMS/perl-5.10.0-25.2mdvmes5.1.src.rpm Multi Network Firewall 2.0: 116523d57e391e8200aa088228b97c6a mnf/2.0/i586/perl-5.8.3-5.9.M20mdk.i586.rpm c618fe9ae03b5631f77b601e1cc3261c mnf/2.0/i586/perl-base-5.8.3-5.9.M20mdk.i586.rpm 3ecda619d7cc1afe47b1bbfafa0b9672 mnf/2.0/i586/perl-devel-5.8.3-5.9.M20mdk.i586.rpm 04bfa6b5384b173164912fc4adad9459 mnf/2.0/i586/perl-doc-5.8.3-5.9.M20mdk.i586.rpm 72247c85df7d57f488f9792eb88d2b3d mnf/2.0/SRPMS/perl-5.8.3-5.9.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMEnfBmqjQ0CJFipgRAjqEAJsErSC9PCwvbWa5h7royEJCuAjytgCgm3a2 NFcHdnhcspKfkVASVXYME3A= =3PM8 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/