copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2007.0866 -- [UNIX/Linux][RedHat] -- Important: perl security update

Date: 06 November 2007
References: ESB-2007.0873  ESB-2007.1026  ESB-2008.0178  ESB-2008.0203  ESB-2008.0268  ESB-2010.0692  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2007.0866 -- [UNIX/Linux][RedHat]
                      Important: perl security update
                              6 November 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              perl
Publisher:            Red Hat
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Red Hat Linux
Impact:               Execute Arbitrary Code/Commands
                      Increased Privileges
Access:               Existing Account
CVE Names:            CVE-2007-5116

Original Bulletin:    https://rhn.redhat.com/errata/RHSA-2007-0966.html
                      https://rhn.redhat.com/errata/RHSA-2007-1011.html

Comment: This ESB contains two Red Hat advisories.
         
         This advisory references vulnerabilities in products which run on
         platforms other than Red Hat. It is recommended that administrators
         running perl check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: perl security update
Advisory ID:       RHSA-2007:0966-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0966.html
Issue date:        2007-11-05
Updated on:        2007-11-05
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-5116 
- - ---------------------------------------------------------------------

1. Summary:

Updated Perl packages that fix a security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl. (CVE-2007-5116)

Users of Perl are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

323571 - CVE-2007-5116 perl regular expression UTF parsing errors

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb  perl-5.8.0-97.EL3.src.rpm

i386:
08110ae481534b78aca8583e466d0d11  perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d  perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c  perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1  perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4  perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf  perl-suidperl-5.8.0-97.EL3.i386.rpm

ia64:
8daacbf394685b47dcd68cb3a1c87bee  perl-5.8.0-97.EL3.ia64.rpm
46b2846b37ca14e8e4ebd960435a2e3a  perl-CGI-2.89-97.EL3.ia64.rpm
dc6f8cad4ca4779ff43fad3d99599d87  perl-CPAN-1.61-97.EL3.ia64.rpm
ba5572804a0300adcf821914806bfed1  perl-DB_File-1.806-97.EL3.ia64.rpm
1e9a1cccea333cd08b27c48793163ffb  perl-debuginfo-5.8.0-97.EL3.ia64.rpm
e0944c1db59ba589012b7dac36521de9  perl-suidperl-5.8.0-97.EL3.ia64.rpm

ppc:
e615fd2475ce99ca74d5a4956b042f77  perl-5.8.0-97.EL3.ppc.rpm
795d3acbb9c53adc03d794fc149b68ee  perl-CGI-2.89-97.EL3.ppc.rpm
6db24a415cbd5ec6d4cf010c8e438191  perl-CPAN-1.61-97.EL3.ppc.rpm
3c187eb1c14ba3abb3e995b98f3252c7  perl-DB_File-1.806-97.EL3.ppc.rpm
ae0a212933e8b2c1e3c0d77f1e64c39c  perl-debuginfo-5.8.0-97.EL3.ppc.rpm
c5f452f0c24cc1d8481eaaf01ac328e2  perl-suidperl-5.8.0-97.EL3.ppc.rpm

s390:
2a72259ab24620832ecb561959117eed  perl-5.8.0-97.EL3.s390.rpm
12183a27b2ff2de7d789e8aa5f1108b5  perl-CGI-2.89-97.EL3.s390.rpm
428a1688d05660f07bc492147d041bad  perl-CPAN-1.61-97.EL3.s390.rpm
3096dd9080963cfceeac8bf95261f01d  perl-DB_File-1.806-97.EL3.s390.rpm
39842e40fa258dd16f3b434df44eba4a  perl-debuginfo-5.8.0-97.EL3.s390.rpm
c3bd3d5726b222cd77e15cfecf5efda5  perl-suidperl-5.8.0-97.EL3.s390.rpm

s390x:
52f0e7173410f550c5c26bbe79f7f29d  perl-5.8.0-97.EL3.s390x.rpm
878d39ad48bac5bc724083d6fafc5bac  perl-CGI-2.89-97.EL3.s390x.rpm
3f3b35f013b39d6f736d832b4a877be2  perl-CPAN-1.61-97.EL3.s390x.rpm
3ce11d8210bd2a35484c4e66eae587e4  perl-DB_File-1.806-97.EL3.s390x.rpm
efee43aed37dbe6750cf9d2a96edb630  perl-debuginfo-5.8.0-97.EL3.s390x.rpm
96df21531273fa0e5ea61a2e94274535  perl-suidperl-5.8.0-97.EL3.s390x.rpm

x86_64:
019400b949f68db6ee1922ffb9dec9fa  perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8  perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227  perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570  perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3  perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d  perl-suidperl-5.8.0-97.EL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb  perl-5.8.0-97.EL3.src.rpm

i386:
08110ae481534b78aca8583e466d0d11  perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d  perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c  perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1  perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4  perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf  perl-suidperl-5.8.0-97.EL3.i386.rpm

x86_64:
019400b949f68db6ee1922ffb9dec9fa  perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8  perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227  perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570  perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3  perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d  perl-suidperl-5.8.0-97.EL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb  perl-5.8.0-97.EL3.src.rpm

i386:
08110ae481534b78aca8583e466d0d11  perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d  perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c  perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1  perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4  perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf  perl-suidperl-5.8.0-97.EL3.i386.rpm

ia64:
8daacbf394685b47dcd68cb3a1c87bee  perl-5.8.0-97.EL3.ia64.rpm
46b2846b37ca14e8e4ebd960435a2e3a  perl-CGI-2.89-97.EL3.ia64.rpm
dc6f8cad4ca4779ff43fad3d99599d87  perl-CPAN-1.61-97.EL3.ia64.rpm
ba5572804a0300adcf821914806bfed1  perl-DB_File-1.806-97.EL3.ia64.rpm
1e9a1cccea333cd08b27c48793163ffb  perl-debuginfo-5.8.0-97.EL3.ia64.rpm
e0944c1db59ba589012b7dac36521de9  perl-suidperl-5.8.0-97.EL3.ia64.rpm

x86_64:
019400b949f68db6ee1922ffb9dec9fa  perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8  perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227  perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570  perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3  perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d  perl-suidperl-5.8.0-97.EL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb  perl-5.8.0-97.EL3.src.rpm

i386:
08110ae481534b78aca8583e466d0d11  perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d  perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c  perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1  perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4  perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf  perl-suidperl-5.8.0-97.EL3.i386.rpm

ia64:
8daacbf394685b47dcd68cb3a1c87bee  perl-5.8.0-97.EL3.ia64.rpm
46b2846b37ca14e8e4ebd960435a2e3a  perl-CGI-2.89-97.EL3.ia64.rpm
dc6f8cad4ca4779ff43fad3d99599d87  perl-CPAN-1.61-97.EL3.ia64.rpm
ba5572804a0300adcf821914806bfed1  perl-DB_File-1.806-97.EL3.ia64.rpm
1e9a1cccea333cd08b27c48793163ffb  perl-debuginfo-5.8.0-97.EL3.ia64.rpm
e0944c1db59ba589012b7dac36521de9  perl-suidperl-5.8.0-97.EL3.ia64.rpm

x86_64:
019400b949f68db6ee1922ffb9dec9fa  perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8  perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227  perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570  perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3  perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d  perl-suidperl-5.8.0-97.EL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428  perl-5.8.5-36.el4_5.2.src.rpm

i386:
f1161acf28aa300ac3a56196e41bc0c0  perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960  perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1  perl-suidperl-5.8.5-36.el4_5.2.i386.rpm

ia64:
7d7126bde8dce636b1829855a3179925  perl-5.8.5-36.el4_5.2.ia64.rpm
6a32482132d4ecc5176a3251daac6d55  perl-debuginfo-5.8.5-36.el4_5.2.ia64.rpm
5facb1cdc620ed11ef59d3bc1743c731  perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm

ppc:
3ead10eac85b4511ba84c5caa2fcd4fe  perl-5.8.5-36.el4_5.2.ppc.rpm
90d3f87db8da1a5c64262a6789e21e72  perl-debuginfo-5.8.5-36.el4_5.2.ppc.rpm
f9e58d14af224e7e7a854af2b4c238a3  perl-suidperl-5.8.5-36.el4_5.2.ppc.rpm

s390:
083df771d205431a023ce3106b3abc62  perl-5.8.5-36.el4_5.2.s390.rpm
bb60f65df1e7ae736d85420fea4a5e5b  perl-debuginfo-5.8.5-36.el4_5.2.s390.rpm
15ff0e8a816551349bfcfdc0adb3cd52  perl-suidperl-5.8.5-36.el4_5.2.s390.rpm

s390x:
d337f71d48b8577bb6fb32497cf43799  perl-5.8.5-36.el4_5.2.s390x.rpm
db8498f048c019f311f85a8df10654af  perl-debuginfo-5.8.5-36.el4_5.2.s390x.rpm
195293ce097b26f3e219ba9697c66445  perl-suidperl-5.8.5-36.el4_5.2.s390x.rpm

x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806  perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a  perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610  perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428  perl-5.8.5-36.el4_5.2.src.rpm

i386:
f1161acf28aa300ac3a56196e41bc0c0  perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960  perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1  perl-suidperl-5.8.5-36.el4_5.2.i386.rpm

x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806  perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a  perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610  perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428  perl-5.8.5-36.el4_5.2.src.rpm

i386:
f1161acf28aa300ac3a56196e41bc0c0  perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960  perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1  perl-suidperl-5.8.5-36.el4_5.2.i386.rpm

ia64:
7d7126bde8dce636b1829855a3179925  perl-5.8.5-36.el4_5.2.ia64.rpm
6a32482132d4ecc5176a3251daac6d55  perl-debuginfo-5.8.5-36.el4_5.2.ia64.rpm
5facb1cdc620ed11ef59d3bc1743c731  perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm

x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806  perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a  perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610  perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428  perl-5.8.5-36.el4_5.2.src.rpm

i386:
f1161acf28aa300ac3a56196e41bc0c0  perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960  perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1  perl-suidperl-5.8.5-36.el4_5.2.i386.rpm

ia64:
7d7126bde8dce636b1829855a3179925  perl-5.8.5-36.el4_5.2.ia64.rpm
6a32482132d4ecc5176a3251daac6d55  perl-debuginfo-5.8.5-36.el4_5.2.ia64.rpm
5facb1cdc620ed11ef59d3bc1743c731  perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm

x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806  perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a  perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610  perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/perl-5.8.8-10.el5_0.2.src.rpm
80ae3681c13ce42f0ca7f7b0d3f65ad9  perl-5.8.8-10.el5_0.2.src.rpm

i386:
4c75d8927b2d9b48ea8eff28bd815f58  perl-5.8.8-10.el5_0.2.i386.rpm
fe7c4efeb215effd89f4b651dbd6ee29  perl-debuginfo-5.8.8-10.el5_0.2.i386.rpm
069f811d020867de13242a28c1050cfb  perl-suidperl-5.8.8-10.el5_0.2.i386.rpm

x86_64:
7fb4459c9e02e7b698b72a1cf885ddd1  perl-5.8.8-10.el5_0.2.x86_64.rpm
58269ad060a5dcdb8522ec496aa9784b  perl-debuginfo-5.8.8-10.el5_0.2.x86_64.rpm
8dbbca6942da4350cb3921ded784055f  perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/perl-5.8.8-10.el5_0.2.src.rpm
80ae3681c13ce42f0ca7f7b0d3f65ad9  perl-5.8.8-10.el5_0.2.src.rpm

i386:
4c75d8927b2d9b48ea8eff28bd815f58  perl-5.8.8-10.el5_0.2.i386.rpm
fe7c4efeb215effd89f4b651dbd6ee29  perl-debuginfo-5.8.8-10.el5_0.2.i386.rpm
069f811d020867de13242a28c1050cfb  perl-suidperl-5.8.8-10.el5_0.2.i386.rpm

ia64:
92ac4f52c137c7406da353b7d8463034  perl-5.8.8-10.el5_0.2.ia64.rpm
df83934e1aca8c50ac331822f054eb20  perl-debuginfo-5.8.8-10.el5_0.2.ia64.rpm
50749b5171123f123890bd9cc5dd07d6  perl-suidperl-5.8.8-10.el5_0.2.ia64.rpm

ppc:
8820cedc46e66a62e5fdd1ac949c4b8f  perl-5.8.8-10.el5_0.2.ppc.rpm
d0ed851ad533205fa5cca7099337af41  perl-debuginfo-5.8.8-10.el5_0.2.ppc.rpm
702ab8dfbb86555057782d04e6892ed5  perl-suidperl-5.8.8-10.el5_0.2.ppc.rpm

s390x:
05056e414bd207108f1a4b46f4186631  perl-5.8.8-10.el5_0.2.s390x.rpm
f9f28930496ed8dbaa84573a573c9279  perl-debuginfo-5.8.8-10.el5_0.2.s390x.rpm
1542ed29a717c3cb39cf521c7ff11caf  perl-suidperl-5.8.8-10.el5_0.2.s390x.rpm

x86_64:
7fb4459c9e02e7b698b72a1cf885ddd1  perl-5.8.8-10.el5_0.2.x86_64.rpm
58269ad060a5dcdb8522ec496aa9784b  perl-debuginfo-5.8.8-10.el5_0.2.x86_64.rpm
8dbbca6942da4350cb3921ded784055f  perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHL0S0XlSAg2UNWIIRAtsOAJ4kMVBGRohsuJMB12k5McaG5J2xEQCfR736
AF9SXL0qcaLJG8IuR4VFHNk=
=C25p
- -----END PGP SIGNATURE-----


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: perl security update
Advisory ID:       RHSA-2007:1011-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-1011.html
Issue date:        2007-11-05
Updated on:        2007-11-05
Product:           Red Hat Application Stack
CVE Names:         CVE-2007-5116 
- - ---------------------------------------------------------------------

1. Summary:

Updated Perl packages that fix security issues for Red Hat Application
Stack v1.2 are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64

3. Problem description:

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl. (CVE-2007-5116)

Users of Perl are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

323571 - CVE-2007-5116 perl regular expression UTF parsing errors

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/perl-5.8.8-5.el4s1_2.src.rpm
73b5b047e89da16e563da600fb1f27bb  perl-5.8.8-5.el4s1_2.src.rpm

i386:
594456f0c0a07778426f2db35dc6d83c  perl-5.8.8-5.el4s1_2.i386.rpm
cf0e2c42cc134c75c932d8bfae8b7ac0  perl-debuginfo-5.8.8-5.el4s1_2.i386.rpm
c412d4db3a2d6b963115b811e2a3fe7a  perl-suidperl-5.8.8-5.el4s1_2.i386.rpm

x86_64:
24c17031ef19b328c25517a5e89e3766  perl-5.8.8-5.el4s1_2.x86_64.rpm
2038481ca705701df16082bc989e3279  perl-debuginfo-5.8.8-5.el4s1_2.x86_64.rpm
523b0a11d061ae2a51a13f09620e0c64  perl-suidperl-5.8.8-5.el4s1_2.x86_64.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/perl-5.8.8-5.el4s1_2.src.rpm
73b5b047e89da16e563da600fb1f27bb  perl-5.8.8-5.el4s1_2.src.rpm

i386:
594456f0c0a07778426f2db35dc6d83c  perl-5.8.8-5.el4s1_2.i386.rpm
cf0e2c42cc134c75c932d8bfae8b7ac0  perl-debuginfo-5.8.8-5.el4s1_2.i386.rpm
c412d4db3a2d6b963115b811e2a3fe7a  perl-suidperl-5.8.8-5.el4s1_2.i386.rpm

x86_64:
24c17031ef19b328c25517a5e89e3766  perl-5.8.8-5.el4s1_2.x86_64.rpm
2038481ca705701df16082bc989e3279  perl-debuginfo-5.8.8-5.el4s1_2.x86_64.rpm
523b0a11d061ae2a51a13f09620e0c64  perl-suidperl-5.8.8-5.el4s1_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHL0TNXlSAg2UNWIIRAgQlAJ9Oyhp+oLUht3ruGkJN90/YIoszCwCgqyc1
CgUXBjPVbh9hJAvIZWxfxhY=
=OWEX
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRy+2LSh9+71yA2DNAQJ01wQAj0SpC7rSYWKwhsaN9mlHdYr7MsDkBZwO
PULQKvi4/mKfS/oer9Ocj8PgHtPg0kNtcn13C3rwj0Aj1mStksaROkxgU6oqRnle
P1TzvmjqHJ0eMPagSKU2HamRmBDPfsQEBSZyUzBFuf7hwmVZRiG9sVYRQvOUG8CA
6PPuAHuW7dI=
=nhjo
-----END PGP SIGNATURE-----