[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2265-1] perl security update

after applying this upgrade mailscanner stop working, it start to enter
in a continuous cicle of restart. please could you verify this?
I have to go back to previous version in order to put mailscanner to work.

El 20/06/2011 02:15 p.m., Florian Weimer escribió:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-2265-1                   security@debian.org
> http://www.debian.org/security/                            Florian Weimer
> June 20, 2011                          http://www.debian.org/security/faq
> -------------------------------------------------------------------------
> Package        : perl
> Vulnerability  : lack of tainted flag propagation
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2011-1487
> Debian Bug     : 622817
> Mark Martinec discovered that Perl incorrectly clears the tainted flag
> on values returned by case conversion functions such as "lc".  This
> may expose preexisting vulnerabilities in applications which use these
> functions while processing untrusted input.  No such applications are
> known at this stage.  Such applications will cease to work when this
> security update is applied because taint checks are designed to
> prevent such unsafe use of untrusted input data.
> For the oldstable distribution (lenny), this problem has been fixed in
> version 5.10.0-19lenny4.
> For the stable distribution (squeeze), this problem has been fixed in
> version 5.10.1-17squeeze1.
> For the testing distribution (wheezy), this problem has been fixed in
> version <missing>.
> For the testing distribution (wheezy) and the unstable distribution
> (sid), this problem has been fixed in version 5.10.1-20.
> We recommend that you upgrade your perl packages.
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> Mailing list: debian-security-announce@lists.debian.org

Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.

Reply to: