LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

openSUSE alert openSUSE-SU-2010:0519-1 (perl)



From:
    	      opensuse-security@opensuse.org 


To:
    	      opensuse-updates@opensuse.org 


Subject:
    	      openSUSE-SU-2010:0519-1 (moderate): perl: Fixed two Safe.pm security issues and some bugs 


Date:
    	      Wed, 18 Aug 2010 20:08:14 +0200 (CEST)


Message-ID:
    	      <20100818180814.DBFC1BE29@oldboy.suse.de>


Archive-link:
    	      Article, Thread
              


   openSUSE Security Update: perl: Fixed two Safe.pm security issues and some bugs
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2010:0519-1
Rating:             moderate
References:         #446098 #515948 #528423 #557636 #588338 #596167 
                    #601242 #603840 #605918 #605928 
Affected Products:
                    openSUSE 11.1
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   perl Safe.pm module was affected by two problems where
   attackers could break out of such a safed execution.
   (CVE-2010-1447 , CVE-2010-1168)

   This update fixes this problem. Also the following bugs
   were fixed:
   - fix tell cornercase [bnc#596167]
   - fix regex memory leak [bnc#557636]
   - also run h2ph on /usr/include/linux [bnc#603840]
   - backport h2ph include fix from 5.12.0 [bnc#601242]
   - fix segfault when using regexpes in threaded apps
   [bnc#588338]
   - backport upstream fixes for POSIX module to avoid clashes
   with Fcntl [bnc#446098], [bnc#515948]
   - backport upstream fix for ISA assertion failure
   [bnc#528423]
   - move unicode files from perl-doc to perl, otherwise some
   perl modules will not work


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.1:

      zypper in -t patch perl-2829

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.1 (i586 ppc src x86_64):

      perl-5.10.0-62.19.1

   - openSUSE 11.1 (i586 ppc x86_64):

      perl-base-5.10.0-62.19.1
      perl-doc-5.10.0-62.19.1

   - openSUSE 11.1 (x86_64):

      perl-32bit-5.10.0-62.19.1
      perl-base-32bit-5.10.0-62.19.1

   - openSUSE 11.1 (ppc):

      perl-64bit-5.10.0-62.19.1
      perl-base-64bit-5.10.0-62.19.1


References:

   https://bugzilla.novell.com/446098
   https://bugzilla.novell.com/515948
   https://bugzilla.novell.com/528423
   https://bugzilla.novell.com/557636
   https://bugzilla.novell.com/588338
   https://bugzilla.novell.com/596167
   https://bugzilla.novell.com/601242
   https://bugzilla.novell.com/603840
   https://bugzilla.novell.com/605918
   https://bugzilla.novell.com/605928
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds