Re: [SECURITY] [DSA 2265-1] perl security update
after applying this upgrade mailscanner stop working, it start to enter
in a continuous cicle of restart. please could you verify this?
I have to go back to previous version in order to put mailscanner to work.
greetings
Jr
El 20/06/2011 02:15 p.m., Florian Weimer escribió:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-2265-1 security@debian.org
> http://www.debian.org/security/ Florian Weimer
> June 20, 2011 http://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package : perl
> Vulnerability : lack of tainted flag propagation
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2011-1487
> Debian Bug : 622817
>
> Mark Martinec discovered that Perl incorrectly clears the tainted flag
> on values returned by case conversion functions such as "lc". This
> may expose preexisting vulnerabilities in applications which use these
> functions while processing untrusted input. No such applications are
> known at this stage. Such applications will cease to work when this
> security update is applied because taint checks are designed to
> prevent such unsafe use of untrusted input data.
>
> For the oldstable distribution (lenny), this problem has been fixed in
> version 5.10.0-19lenny4.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 5.10.1-17squeeze1.
>
> For the testing distribution (wheezy), this problem has been fixed in
> version <missing>.
>
> For the testing distribution (wheezy) and the unstable distribution
> (sid), this problem has been fixed in version 5.10.1-20.
>
> We recommend that you upgrade your perl packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
--
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
Reply to: