French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes Perl Double Free Vulnerability

Title : Mandriva Security Update Fixes Perl Double Free Vulnerability
Advisory ID : FrSIRT/ADV-2008-1477
CVE ID : CVE-2008-1927
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-05-13

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in Mandriva, which could be exploited by attackers to cause a denial of service or potentially execute arbitrary code [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.1:
664ca790014a73481d8e0432652c9b0b 2007.1/i586/perl-5.8.8-10.2mdv2007.1.i586.rpm
ce416fc49eddf4f744be678fe7576e10 2007.1/i586/perl-base-5.8.8-10.2mdv2007.1.i586.rpm
a20d1e14e1aadd3f863d34888211ace1 2007.1/i586/perl-devel-5.8.8-10.2mdv2007.1.i586.rpm
a7f55a0ecd6be1878655b2266046a4d3 2007.1/i586/perl-doc-5.8.8-10.2mdv2007.1.i586.rpm
b79a30665df6cf6094bfa0aad344eed4 2007.1/i586/perl-suid-5.8.8-10.2mdv2007.1.i586.rpm
86ce0e141f4ab82250ae6e247f45d2fc 2007.1/SRPMS/perl-5.8.8-10.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
225cbadc92ce47b0843903a64a63d79d 2007.1/x86_64/perl-5.8.8-10.2mdv2007.1.x86_64.rpm
a77595f32f641e78794d2fcb72fe120a 2007.1/x86_64/perl-base-5.8.8-10.2mdv2007.1.x86_64.rpm
0266b1964b67c057be7393976c0d2f5e 2007.1/x86_64/perl-devel-5.8.8-10.2mdv2007.1.x86_64.rpm
0211288533d2ead15e2958b4703a9376 2007.1/x86_64/perl-doc-5.8.8-10.2mdv2007.1.x86_64.rpm
7df3c3084401b81c1733c6d83bc178b9 2007.1/x86_64/perl-suid-5.8.8-10.2mdv2007.1.x86_64.rpm
86ce0e141f4ab82250ae6e247f45d2fc 2007.1/SRPMS/perl-5.8.8-10.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
3f698bfd85b3b40498f6116513405310 2008.0/i586/perl-5.8.8-12.2mdv2008.0.i586.rpm
fd8ba80974608688d9722ad3a4f2ae76 2008.0/i586/perl-base-5.8.8-12.2mdv2008.0.i586.rpm
efbcf93b4378123a7d5b7f7e14a0dc25 2008.0/i586/perl-devel-5.8.8-12.2mdv2008.0.i586.rpm
5e4b82208d8b58deef43ebc40da1a216 2008.0/i586/perl-doc-5.8.8-12.2mdv2008.0.i586.rpm
a15614b2e52a0af5fdbac084b96c00cf 2008.0/i586/perl-suid-5.8.8-12.2mdv2008.0.i586.rpm
8558ac9e417118785e894e64ff07d04c 2008.0/SRPMS/perl-5.8.8-12.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
6710a7820500860d6e3034ac1402106c 2008.0/x86_64/perl-5.8.8-12.2mdv2008.0.x86_64.rpm
79d39d3ddbfbfc6b3b0547d5e927b1e8 2008.0/x86_64/perl-base-5.8.8-12.2mdv2008.0.x86_64.rpm
2aeb84fbea01b4ec1204614c860d254b 2008.0/x86_64/perl-devel-5.8.8-12.2mdv2008.0.x86_64.rpm
4fe90113442934652ebae0a7f0a3edca 2008.0/x86_64/perl-doc-5.8.8-12.2mdv2008.0.x86_64.rpm
a112b5b5156c390003b1efa335deecb5 2008.0/x86_64/perl-suid-5.8.8-12.2mdv2008.0.x86_64.rpm
8558ac9e417118785e894e64ff07d04c 2008.0/SRPMS/perl-5.8.8-12.2mdv2008.0.src.rpm

Corporate 3.0:
6541cd09e61b24557dc2a6da79a26e75 corporate/3.0/i586/perl-5.8.3-5.8.C30mdk.i586.rpm
3361f8b0bcc7264024d8e8b230ef4046 corporate/3.0/i586/perl-base-5.8.3-5.8.C30mdk.i586.rpm
8d3bdf4209f003efc7314c62313a1868 corporate/3.0/i586/perl-devel-5.8.3-5.8.C30mdk.i586.rpm
05b2077f7c2826a738495bb3b51493fb corporate/3.0/i586/perl-doc-5.8.3-5.8.C30mdk.i586.rpm
717f3c1eb7aea5ccbb7c34015a1d1a14 corporate/3.0/SRPMS/perl-5.8.3-5.8.C30mdk.src.rpm

Corporate 3.0/X86_64:
88004594708e21886759c473aa7438a9 corporate/3.0/x86_64/perl-5.8.3-5.8.C30mdk.x86_64.rpm
836fd16b824a68e5ae9ee38dcc6dda98 corporate/3.0/x86_64/perl-base-5.8.3-5.8.C30mdk.x86_64.rpm
633826ab46f461fbdb4e48deb662b50b corporate/3.0/x86_64/perl-devel-5.8.3-5.8.C30mdk.x86_64.rpm
9f8c8ea413e5558c236c29963555d89b corporate/3.0/x86_64/perl-doc-5.8.3-5.8.C30mdk.x86_64.rpm
717f3c1eb7aea5ccbb7c34015a1d1a14 corporate/3.0/SRPMS/perl-5.8.3-5.8.C30mdk.src.rpm

Corporate 4.0:
02c043c39340814bf586083b584dbbd9 corporate/4.0/i586/perl-5.8.7-3.5.20060mlcs4.i586.rpm
24e5aa7523525378c319350cb867b4b8 corporate/4.0/i586/perl-base-5.8.7-3.5.20060mlcs4.i586.rpm
1cad5220ac2bc693ba9fc60a6406b72b corporate/4.0/i586/perl-devel-5.8.7-3.5.20060mlcs4.i586.rpm
62dcd4a7f4c6075348a08dadc9454dfd corporate/4.0/i586/perl-doc-5.8.7-3.5.20060mlcs4.i586.rpm
6327e773b81b1f47f679ec0cae4ce2d2 corporate/4.0/i586/perl-suid-5.8.7-3.5.20060mlcs4.i586.rpm
f0b4a8566ad3a8a374e49b33694f6a72 corporate/4.0/SRPMS/perl-5.8.7-3.5.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6bf5bc56705827f3b4dbc01e8f963491 corporate/4.0/x86_64/perl-5.8.7-3.5.20060mlcs4.x86_64.rpm
efccb85f0e99076d8f7ebd9a63a22cd0 corporate/4.0/x86_64/perl-base-5.8.7-3.5.20060mlcs4.x86_64.rpm
32d3fa0d8c5e2cdce13420959f2352fd corporate/4.0/x86_64/perl-devel-5.8.7-3.5.20060mlcs4.x86_64.rpm
fb292ea2073219978d11234102949ecc corporate/4.0/x86_64/perl-doc-5.8.7-3.5.20060mlcs4.x86_64.rpm
182f5f98dfbbaf04d4c989b174541767 corporate/4.0/x86_64/perl-suid-5.8.7-3.5.20060mlcs4.x86_64.rpm
f0b4a8566ad3a8a374e49b33694f6a72 corporate/4.0/SRPMS/perl-5.8.7-3.5.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
c64dd4baae4ded5ce516561017c48782 mnf/2.0/i586/perl-5.8.3-5.8.M20mdk.i586.rpm
dba8966ad830867b6fe22b933353df32 mnf/2.0/i586/perl-base-5.8.3-5.8.M20mdk.i586.rpm
f2433e06a5fa097e31046f71190e29ce mnf/2.0/i586/perl-devel-5.8.3-5.8.M20mdk.i586.rpm
33d19b22f598e5c72dd5d1ef9ac3e4e0 mnf/2.0/i586/perl-doc-5.8.3-5.8.M20mdk.i586.rpm
90c1b9688da6da419fc85e947a279acc mnf/2.0/SRPMS/perl-5.8.3-5.8.M20mdk.src.rpm

ChangeLog

2008-05-13 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability

IBM WebSphere Application Server Cross Site Scripting Vulnerability

IBM DB2 CLR Stored Procedures Unspecified Vulnerability

IBM Lotus Quickr Multiple Cross Site Scripting Vulnerabilities

IBM WebSphere Portal Remote Authentication Bypass Vulnerability

IBM Rational ClearQuest Login Page Cross Site Scripting Vulnerability

IBM WebSphere Application Server Security Exposure Vulnerabilities

Apple Mac OS X Code Execution and Security Bypass Vulnerabilities

Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities

Apple Xcode Code Execution and Information Disclosure Vulnerabilities

Apple TV Data Processing Remote Code Execution Vulnerabilities

Apple Mac OS X Command Execution and Security Bypass Issues

Apple Safari for Mac OS X Remote Code Execution Vulnerability

Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

Sun Solaris Covert Channel Local Security Bypass Vulnerability

Sun Solaris NFS RPC Zone Denial of Service Vulnerability

Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability

Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability

Sun Java System Portal Server Cross Site Scripting Vulnerability

Sun rdesktop Code Execution and Denial of Service

Sun Java System Web Proxy Server Denial of Service Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy