SUID-Root exploit fix! Perl 5.003.07-10 (i386 source) uploaded to master
-----BEGIN PGP SIGNED MESSAGE-----
I've uploaded perl 5.003.07-10 to Master's Incoming. This fixes the
suidperl exploit where you can gain a suid root shell.
Guy, please move this into frozen and unstable as soon as you can.
This version of suid perl fixes the current buffer overrun problem.
We (the perl5-porters team) are hunting down and exterminating all
possible buffer overruns before 5.004 is released.
This is also available at ftp://ftp.daft.com/pub/debian/perl*
Changes:
Format: 1.5
Date: Mon, 21 Apr 1997 20:50:21 -0700
Source: perl
Binary: perl-suid perl-debug perl
Architecture: source i386
Version: 5.003.07-10
Distribution: unstable frozen
Urgency: high
Maintainer: Darren Stalder <torin@daft.com>
Description:
perl - Larry Wall's Practical Extracting and Report Language.
perl-debug - Allow debugging perl scripts (and perl).
perl-suid - Runs setuid perl scripts.
Changes:
perl (5.003.07-10) unstable frozen; urgency=HIGH
.
* SUID perl patch to fix buffer overrun that allows any user to get a
suid-root shell.
Files:
c5b539a4f7a5841ae43c1bac006191c2 625 interpreters - perl_5.003.07-10.dsc
eacceea57ef563ad8bcff3cfb4d6db56 29226 interpreters - perl_5.003.07-10.diff.gz
8e414231c73ed7737839f2cbe1df78fc 2296752 interpreters Important perl_5.003.07-10_i386.deb
bc150c49a7370d3c2d716ba09ffc67d5 214520 interpreters Standard perl-suid_5.003.07-10_i386.deb
5013d00fb1c98027934ea889f8ff3ceb 1208658 interpreters Optional perl-debug_5.003.07-10_i386.deb
- --
<torin@daft.com> <http://www.daft.com/~torin> <torin@debian.org> <torin@io.com>
Darren Stalder/2608 Second Ave, @282/Seattle, WA 98121-1212/USA/+1-800-921-4996
@ Do you have your clothes on? I probably don't. Take yours off. Feel better. @
@ Sysadmin, webweaver, postmaster for hire. C/Perl/CGI programmer and tutor. @
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQCVAwUBM1xe3Y4wrq++1Ls5AQH3qAP+IbJ/XYhMYV61mn/2lpnLEhr9l0ERlKem
8rNrCMt7WPF1D6xAbH2KTi3DWCmLWI0/qvADs1r08NZlllxtMgKkO2cleUwfVigG
j+fiaVC7fiSOXnDWQ39g0DydYxKMZUd+eFtgezeL74YGzIEx4W0gaQSp5ieP+3VE
jJXXVgrqInA=
=6INi
-----END PGP SIGNATURE-----
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-changes-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: