Re: [SECURITY] [DSA 2265-1] perl security update

To: debian-security@lists.debian.org
Cc: Florian Weimer <fw@deneb.enyo.de>, debian-security-announce@lists.debian.org
Subject: Re: [SECURITY] [DSA 2265-1] perl security update
From: Junior Gamez Aguilera <junior.gamez@bucanero.com.cu>
Date: Wed, 22 Jun 2011 14:49:02 -0400
Message-id: <[🔎] 4E02391E.5080706@bucanero.com.cu>
In-reply-to: <87mxhc4bf1.fsf@mid.deneb.enyo.de>
References: <87mxhc4bf1.fsf@mid.deneb.enyo.de>

after applying this upgrade mailscanner stop working, it start to enter
in a continuous cicle of restart. please could you verify this?
I have to go back to previous version in order to put mailscanner to work.
greetings
Jr

El 20/06/2011 02:15 p.m., Florian Weimer escribió:
> -------------------------------------------------------------------------
> Debian Security Advisory DSA-2265-1                   security@debian.org
> http://www.debian.org/security/                            Florian Weimer
> June 20, 2011                          http://www.debian.org/security/faq
> -------------------------------------------------------------------------
>
> Package        : perl
> Vulnerability  : lack of tainted flag propagation
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2011-1487
> Debian Bug     : 622817
>
> Mark Martinec discovered that Perl incorrectly clears the tainted flag
> on values returned by case conversion functions such as "lc".  This
> may expose preexisting vulnerabilities in applications which use these
> functions while processing untrusted input.  No such applications are
> known at this stage.  Such applications will cease to work when this
> security update is applied because taint checks are designed to
> prevent such unsafe use of untrusted input data.
>
> For the oldstable distribution (lenny), this problem has been fixed in
> version 5.10.0-19lenny4.
>
> For the stable distribution (squeeze), this problem has been fixed in
> version 5.10.1-17squeeze1.
>
> For the testing distribution (wheezy), this problem has been fixed in
> version <missing>.
>
> For the testing distribution (wheezy) and the unstable distribution
> (sid), this problem has been fixed in version 5.10.1-20.
>
> We recommend that you upgrade your perl packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org


-- 
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2265-1] perl security update
  - From: Dominic Hargreaves <dom@earth.li>

Prev by Date: Re: [SECURITY] [DSA 2264-1] linux-2.6 security update
Next by Date: Re: [SECURITY] [DSA 2265-1] perl security update
Previous by thread: Re: [SECURITY] [DSA 2264-1] linux-2.6 security update
Next by thread: Re: [SECURITY] [DSA 2265-1] perl security update
Index(es):
- Date
- Thread