debian-security-announce June 2011 archive
Main Archive Page > Month Archives  > debian-security-announce archives
debian-security-announce: Re: [SECURITY] [DSA 2265-1] perl secur

Re: [SECURITY] [DSA 2265-1] perl security update

From: Junior Gamez Aguilera <junior.gamez_at_nospam>
Date: Wed Jun 22 2011 - 18:49:02 GMT
To: debian-security@lists.debian.org

after applying this upgrade mailscanner stop working, it start to enter
in a continuous cicle of restart. please could you verify this?
I have to go back to previous version in order to put mailscanner to work.
greetings
Jr

El 20/06/2011 02:15 p.m., Florian Weimer escribió:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-2265-1 security@debian.org
> http://www.debian.org/security/ Florian Weimer
> June 20, 2011 http://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package : perl
> Vulnerability : lack of tainted flag propagation
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2011-1487
> Debian Bug : 622817
>
> Mark Martinec discovered that Perl incorrectly clears the tainted flag
> on values returned by case conversion functions such as "lc". This
> may expose preexisting vulnerabilities in applications which use these
> functions while processing untrusted input. No such applications are
> known at this stage. Such applications will cease to work when this
> security update is applied because taint checks are designed to
> prevent such unsafe use of untrusted input data.
>
> For the oldstable distribution (lenny), this problem has been fixed in
> version 5.10.0-19lenny4.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 5.10.1-17squeeze1.
>
> For the testing distribution (wheezy), this problem has been fixed in
> version <missing>.
>
> For the testing distribution (wheezy) and the unstable distribution
> (sid), this problem has been fixed in version 5.10.1-20.
>
> We recommend that you upgrade your perl packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org

-- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que está limpio. -- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/4E02391E.5080706@bucanero.com.cu