exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.207

Mandriva Linux Security Advisory 2007.207
Posted Nov 6, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, resulting in the possible execution of arbitrary code with the permissions of the user running Perl.

tags | advisory, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2007-5116
SHA-256 | 37ebdc3f13e1eb779e7cd63aa7636b79508f0ec1d89d2455e1f0a73175c8afe5

Mandriva Linux Security Advisory 2007.207

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:207
https://www.mandriva.com/security/
_______________________________________________________________________

Package : perl
Date : November 5, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular
expression engine. Specially crafted input to a regular expression can
cause Perl to improperly allocate memory, resulting in the possible
execution of arbitrary code with the permissions of the user running
Perl.

Updated packages have been patched to prevent these issues.
_______________________________________________________________________

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
7dee97092269465ccb5de0f35321ab13 2007.0/i586/perl-5.8.8-7.1mdv2007.0.i586.rpm
efd626e1f1efd248e6c6570e88a599c3 2007.0/i586/perl-base-5.8.8-7.1mdv2007.0.i586.rpm
62b10d28a5abc05d3b8cd35c7f68e8aa 2007.0/i586/perl-devel-5.8.8-7.1mdv2007.0.i586.rpm
3a9dc19143ab6a27713fdeb6665d8d76 2007.0/i586/perl-doc-5.8.8-7.1mdv2007.0.i586.rpm
60b511580ae4f514434dd111efa42872 2007.0/i586/perl-suid-5.8.8-7.1mdv2007.0.i586.rpm
08e44392992b4ab983bf85debb8be462 2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
be33f079454aec3b88f21716dfacf8d6 2007.0/x86_64/perl-5.8.8-7.1mdv2007.0.x86_64.rpm
5a82850218434119c3f55047b3068213 2007.0/x86_64/perl-base-5.8.8-7.1mdv2007.0.x86_64.rpm
4f995ed4fa46f2bf79a427d9341e895b 2007.0/x86_64/perl-devel-5.8.8-7.1mdv2007.0.x86_64.rpm
e949a7e20661c6c5f4c4511f25196ff6 2007.0/x86_64/perl-doc-5.8.8-7.1mdv2007.0.x86_64.rpm
a3df44cc0b957b02bfcab3eed98542dd 2007.0/x86_64/perl-suid-5.8.8-7.1mdv2007.0.x86_64.rpm
08e44392992b4ab983bf85debb8be462 2007.0/SRPMS/perl-5.8.8-7.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
efb800025ab3001b90af0e16e5a49886 2007.1/i586/perl-5.8.8-10.1mdv2007.1.i586.rpm
515beec177dd5a0418090016ae357274 2007.1/i586/perl-base-5.8.8-10.1mdv2007.1.i586.rpm
ae79195a6f27e44fd4ff7899497cf948 2007.1/i586/perl-devel-5.8.8-10.1mdv2007.1.i586.rpm
f721306e820d4c66db3466917cde67f9 2007.1/i586/perl-doc-5.8.8-10.1mdv2007.1.i586.rpm
85a219e5b2c3788841024be8d81b2cac 2007.1/i586/perl-suid-5.8.8-10.1mdv2007.1.i586.rpm
9b22a92ec4a3dc898a12bbb80ada4de2 2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
1a17302f843293a5dc0063fe3e4549c0 2007.1/x86_64/perl-5.8.8-10.1mdv2007.1.x86_64.rpm
c85ba481d517ec81c54eea5bc7064405 2007.1/x86_64/perl-base-5.8.8-10.1mdv2007.1.x86_64.rpm
5d3b84a1444339a83058bc3493506d22 2007.1/x86_64/perl-devel-5.8.8-10.1mdv2007.1.x86_64.rpm
005d395a8717bd5af248820eb01cc1d8 2007.1/x86_64/perl-doc-5.8.8-10.1mdv2007.1.x86_64.rpm
f6c966ea032f921f033934d1f894b96b 2007.1/x86_64/perl-suid-5.8.8-10.1mdv2007.1.x86_64.rpm
9b22a92ec4a3dc898a12bbb80ada4de2 2007.1/SRPMS/perl-5.8.8-10.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
6e84010549818c839e91034391b79f4f 2008.0/i586/perl-5.8.8-12.1mdv2008.0.i586.rpm
f09541f2caf348aee64161cecdf7276e 2008.0/i586/perl-base-5.8.8-12.1mdv2008.0.i586.rpm
dce7ae7aba1d356fd366075b67478493 2008.0/i586/perl-devel-5.8.8-12.1mdv2008.0.i586.rpm
b3169afea74fd707021d03410172b6c0 2008.0/i586/perl-doc-5.8.8-12.1mdv2008.0.i586.rpm
78585fde0ad5b02f3e7c0f01d31a1ccf 2008.0/i586/perl-suid-5.8.8-12.1mdv2008.0.i586.rpm
584ad050342c7136e161fc48d29398bf 2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
6ee9071cb1b0a6f38e731b1cd9a421e7 2008.0/x86_64/perl-5.8.8-12.1mdv2008.0.x86_64.rpm
d7bd85fb101d94bf1dc84bcf817533d7 2008.0/x86_64/perl-base-5.8.8-12.1mdv2008.0.x86_64.rpm
031487e27d7f2a12003efe8ab714a096 2008.0/x86_64/perl-devel-5.8.8-12.1mdv2008.0.x86_64.rpm
3c1846b134cbd1461ffd291a95f6e2d2 2008.0/x86_64/perl-doc-5.8.8-12.1mdv2008.0.x86_64.rpm
99f545fefe35f45b5d90d2f98fe14da5 2008.0/x86_64/perl-suid-5.8.8-12.1mdv2008.0.x86_64.rpm
584ad050342c7136e161fc48d29398bf 2008.0/SRPMS/perl-5.8.8-12.1mdv2008.0.src.rpm

Corporate 3.0:
9388a0766403e1accc6afc3d963960ba corporate/3.0/i586/perl-5.8.3-5.6.C30mdk.i586.rpm
a67623fb7d2e4e18ca8976c64e43a4ca corporate/3.0/i586/perl-base-5.8.3-5.6.C30mdk.i586.rpm
9068ad50c3e10c29940bb071651a8d4d corporate/3.0/i586/perl-devel-5.8.3-5.6.C30mdk.i586.rpm
a8a2e1b1963c212e4644c320f27c71d3 corporate/3.0/i586/perl-doc-5.8.3-5.6.C30mdk.i586.rpm
15b73b73ea6dd0de1100e1445690c034 corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
f2f7445b49d5d7afa7b3766d71bdf65f corporate/3.0/x86_64/perl-5.8.3-5.6.C30mdk.x86_64.rpm
ef5dabb99fdbe28068089eba1fd8bcc4 corporate/3.0/x86_64/perl-base-5.8.3-5.6.C30mdk.x86_64.rpm
4a5a04a330db20f460229aa69ded5e95 corporate/3.0/x86_64/perl-devel-5.8.3-5.6.C30mdk.x86_64.rpm
2bc06d931706f57fa946822f9396ffd6 corporate/3.0/x86_64/perl-doc-5.8.3-5.6.C30mdk.x86_64.rpm
15b73b73ea6dd0de1100e1445690c034 corporate/3.0/SRPMS/perl-5.8.3-5.6.C30mdk.src.rpm

Corporate 4.0:
e158109794ad5e71bc02f41adec150e1 corporate/4.0/i586/perl-5.8.7-3.3.20060mlcs4.i586.rpm
03c680726cf01c3d8f25cb7d61d7bb10 corporate/4.0/i586/perl-base-5.8.7-3.3.20060mlcs4.i586.rpm
51f55a3998dbcf2e9abcf821ffb3026f corporate/4.0/i586/perl-devel-5.8.7-3.3.20060mlcs4.i586.rpm
f936e8720be0d37223b8a97dc2ed2704 corporate/4.0/i586/perl-doc-5.8.7-3.3.20060mlcs4.i586.rpm
b4068ddb2d92f4845c29a6b3ca8feef5 corporate/4.0/i586/perl-suid-5.8.7-3.3.20060mlcs4.i586.rpm
3b23f4612d0a011d50c5eb6960ffa5c4 corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
c42250a8c42a0e349102ff977c6659cc corporate/4.0/x86_64/perl-5.8.7-3.3.20060mlcs4.x86_64.rpm
82d2bcbda0229415464c10471f881517 corporate/4.0/x86_64/perl-base-5.8.7-3.3.20060mlcs4.x86_64.rpm
7f07eddd92d4c49b3ee5c32c69d52996 corporate/4.0/x86_64/perl-devel-5.8.7-3.3.20060mlcs4.x86_64.rpm
140b57c79fc305a52e13ce5550e7d05c corporate/4.0/x86_64/perl-doc-5.8.7-3.3.20060mlcs4.x86_64.rpm
ec3007ca202716e0c3872c37141fc2cc corporate/4.0/x86_64/perl-suid-5.8.7-3.3.20060mlcs4.x86_64.rpm
3b23f4612d0a011d50c5eb6960ffa5c4 corporate/4.0/SRPMS/perl-5.8.7-3.3.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
8ea5d389e9ddd9ca2e1b78869ad14ca7 mnf/2.0/i586/perl-5.8.3-5.6.M20mdk.i586.rpm
f53bd974980010568e5153578d628323 mnf/2.0/i586/perl-base-5.8.3-5.6.M20mdk.i586.rpm
1335c295512b38ea524e201c66551132 mnf/2.0/i586/perl-devel-5.8.3-5.6.M20mdk.i586.rpm
8e306b59ecbb8583d5c1e4e74ef62e34 mnf/2.0/i586/perl-doc-5.8.3-5.6.M20mdk.i586.rpm
7576ea8ec817978b4602f5bf4c3436c5 mnf/2.0/SRPMS/perl-5.8.3-5.6.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

https://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHL9FBmqjQ0CJFipgRAhxaAJ44oWRrf/Q1Zj9q+HP4Y3pj9Y8XugCg398H
Rl9c0TwvCe/HjAyI42+NhlU=
=o1R+
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close