Perl格式串处理整数溢出漏洞

2006-11-30T00:00:00
ID SSV:630
Type seebug
Reporter Root
Modified 2006-11-30T00:00:00

Description

BUGTRAQ ID: 15629 CVE(CAN) ID: CVE-2005-3962,CVE-2005-3912

Perl是一种免费且功能强大的编程语言。

由于Perl没有正确的处理格式化打印函数中的格式指示符导致了格式串溢出漏洞,远程攻击者可能利用此漏洞在主机上执行任意指令。

参数格式串(%I$n)中的INT_MAX值可能导致Perl_sv_vcatpvfn函数中的efix出现整数溢出。攻击者可以利用这个漏洞远程执行任意指令或导致拒绝服务。

Larry Wall Perl <= 5.9.2 Webmin Webmin <= 1.240 Webmin Usermin <= 1.170 Debian


Debian已经为此发布了一个安全公告(DSA-943-1)以及相应补丁: DSA-943-1:New Perl packages fix arbitrary code execution 链接:<a href="http://www.debian.org/security/2005/dsa-943" target="_blank">http://www.debian.org/security/2005/dsa-943</a>

补丁下载: Source archives:

<a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.dsc" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.dsc</a> Size/MD5 checksum: 738 88756767017d421351e02a5226457d2b <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.diff.gz" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.diff.gz</a> Size/MD5 checksum: 87851 05a72533cd5bde5fce6987cf39041236 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4.orig.tar.gz" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4.orig.tar.gz</a> Size/MD5 checksum: 12094233 912050a9cb6b0f415b76ba56052fb4cf

Architecture independent components:

<a href="http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.4-8sarge3_all.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.4-8sarge3_all.deb</a> Size/MD5 checksum: 38332 7d47e456c2bd7c83312bb1ad17738284 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.4-8sarge3_all.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.4-8sarge3_all.deb</a> Size/MD5 checksum: 7053372 47e14a8f071c506916e40713e8cc81f7 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.4-8sarge3_all.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.4-8sarge3_all.deb</a> Size/MD5 checksum: 2178216 4823e4985f8cf1b4af78ec26afbc0102

Alpha architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 805438 0e3cb34c8c093515c7b33fa60a493899 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 1040 f82603c65e3f3def2356962111e411c2 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 3901974 f744b7b871a8071cb403a74d665b7778 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 874714 26e450d8f0375e5a3545c2988205cee4 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 4133098 cf772af3fa70e0cf320b43964aeab61e <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 37080 d3863820eaebcbbbe59775a1874da2eb

AMD64 architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 605284 c6e097980b5dec33bb340e8f4c76de19 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 1030 08b7c6bb0bb58a02a254826cfee27e33 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 3834144 e7f33d48427be694e994c18f7321d9e0 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 791678 bdbedf5f0e3efb20181a0665d791c6de <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 3934814 ed946cdd2984a538b60acbd034264947 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 32852 ae96f1f115505ab983ed389dee240a83

ARM architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 613158 30cd5528198d49208274e50e60611b0a <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 1026 fc64aa8b67f46fcccb6d85db7cb242ad <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 3132808 226a69d4fa30d1e0a40f4d761826c230 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 737524 b4aaf84bd60fef147d1131c5ffbc6a0a <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 3719460 8e8d12058f9f7fb9e153d4c3ff79d0f4 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 29880 faa9dc0401eb667e202e12f2d2cf9643

Intel IA-32 architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 567048 8488e40844019795a1179a2b9a74f172 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 508818 66f7900d63a2efb0a787e83186613a98 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 3237948 5841d065408022fb2fe0e75febc02d9d <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 751956 b77e882ed9558a09398c2fba334e5b4a <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 3735798 bb034b2e756aa35cd5fa9e01a0485b13 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 31696 d2c9b1fbc10e89e7868e16fb4c97700d

Intel IA-64 architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 866818 3419fdaff605b7ddd485a205c1dd1661 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 1030 c41835cc5573c0e53610e79766b88d11 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 4027834 28436948c3dd298ad38b3c46f69f2cb4 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 1046750 1a70c30abb13449d00a2b34c17c79f17 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 4534216 49cdfeada4c40365e2392a768739d706 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 50104 770378e5ac290729b2943d956cad9c57

HP Precision architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 654878 5f8ad153b0a27e9190e5b754e8174ee7 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 1032 4de6d72cf1f61d6754475a0dd1fe4561 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 3918544 0f83d76853299d10f98842b15b8e7db1 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 867566 cb3a0eb20c71bd8017853de9ea838f7f <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 3911882 fd55c787eb9f30f2e143fac490ea4198 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 34484 e3df6ab97d5e68cbb6346240e4532efc

Motorola 680x0 architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 457778 f25f1ebbbb4a5ce7b7a4a79c6256987e <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 1040 9882ea5db94e569a35209a66c74bb390 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 3815032 321dd2b80abad424b678f260d18f323a <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 692196 733bfa10857d842bd907f408b03a8b3d <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 3008672 81a0d0613ebe7b9affcd56174e1f955c <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 27934 68de12bace4cf3de7a339b25119b1611

Big endian MIPS architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 657066 7e2c9980c630b3aa1e60348a4998665a <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 1032 3da5c1e82b6194beac8fe7020a38d7a3 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 3384320 edfa53822abb7626b2bfd6ac4d5923df <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 781078 f4a7b2e1bbd95c9381503b382d35ba58 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 4017490 ddca3a084b7c9f1b841bd3f93e39a1d0 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 32314 51f707f1c1d3df1c3ad05dc545512c10

Little endian MIPS architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 653526 e7a527c0ed8475df75b3803690081445 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 1038 e7b83c957a6c6822ee5614574653d80e <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 3125384 4446da60977e961ca64ec93a331b0803 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 781672 14e3d605298699dc99e2e5e20310c6b2 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 3967890 3ab0c5407e2b5816ad55e47d7c256869 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 32434 4f171621c453755b731ce34bad930a62

PowerPC architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 625118 41b2364e5073cd1e177fd6c3e5f455c5 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 1038 2d18de4839ef016646127f4a104f17a1 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 3509324 77fe7a0288d42bbe7abc9357682cdc1b <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 790116 9e189589ef99e78d0f0ddef4fb06440e <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 3701264 886260a4033209be2431ff908cc032e5 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 33582 ec48dc685b7ac64fb722458e0954edc8

IBM S/390 architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 604116 a2e6f8ee63267dfcf3df2e05f92ce958 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 1032 4d6c1ce7b2f9789fc31cc2440f39a832 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 3819738 c9523a97cd0716e67821dd6e7508615f <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 800132 ebfc849dbaf0be2afa771a3d5b632467 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 4234804 30fcc4ea55599b8365a0f96153755466 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 33244 a55373a563d2546d1286f7fb4de11710

Sun Sparc architecture:

<a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 582422 8ec81b47b82fdb3602c42c6fa0559793 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 1038 ebbf066210ca33b4282cf347cc771cca <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 3547312 a609080c2c788fd382f970c21b22d9e7 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 775666 0e0a56ce4bb224e7bc96ea68ac741d8b <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 3840718 e9ded2d7974b51fbf7933b455b45b604 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 31034 8cf1966a2428838c58f0fab423b8e16a

补丁安装方法:

  1. 手工安装补丁包:

首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址)

然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)

  1. 使用apt-get自动安装补丁包:

首先,使用下面的命令更新内部数据库: # apt-get update

然后,使用下面的命令安装更新软件包: # apt-get upgrade

HP

HP已经为此发布了一个安全公告(HPSBTU02125)以及相应补丁: HPSBTU02125:SSRT061105 rev.1 - HP Tru64 UNIX Running Perl 5.8.2 and earlier, Local Unauthorized Code Execution 链接:<a href="http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00686865&hpweb_printable=true" target="_blank">http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00686865&hpweb_printable=true</a>

RedHat

RedHat已经为此发布了安全公告(RHSA-2005:880-01,RHSA-2005:881-01)以及相应补丁: RHSA-2005:880-01:Moderate: perl security update 链接:<a href="http://lwn.net/Alerts/165025/?format=printable" target="_blank">http://lwn.net/Alerts/165025/?format=printable</a>

RHSA-2005:881-01:Moderate: perl security update 链接:<a href="http://lwn.net/Alerts/165026/?format=printable" target="_blank">http://lwn.net/Alerts/165026/?format=printable</a>

SGI

SGI已经为此发布了一个安全公告(20060101-01-U)以及相应补丁: 20060101-01-U:SGI Advanced Linux Environment 3 Security Update #53 链接:<a href="ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc" target="_blank">ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc</a>

Sun

Sun已经为此发布了一个安全公告(Sun-Alert-102192)以及相应补丁: Sun-Alert-102192:Integer Overflow Vulnerability in Perl May Lead to Application Crash or Code Execution 链接:<a href="http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102192-1" target="_blank">http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102192-1</a>

Webmin

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

  • Webmin Upgrade webmin-1.250.tar.gz <a href="http://prdownloads.sourceforge.net/webadmin/webmin-1.250.tar.gz" target="_blank">http://prdownloads.sourceforge.net/webadmin/webmin-1.250.tar.gz</a>

  • Webmin Upgrade usermin-1.180.tar.gz <a href="http://prdownloads.sourceforge.net/webadmin/usermin-1.180.tar.gz" target="_blank">http://prdownloads.sourceforge.net/webadmin/usermin-1.180.tar.gz</a>

Gentoo

Gentoo已经为此发布了一个安全公告(GLSA-200512-01)以及相应补丁: GLSA-200512-01:Perl: Format string errors can lead to code execution 链接:<a href="http://security.gentoo.org/glsa/glsa-200512-01.xml" target="_blank">http://security.gentoo.org/glsa/glsa-200512-01.xml</a>

所有Perl用户都应升级到最新版本:

# emerge --sync
# emerge --ask --oneshot --verbose dev-lang/perl