DOCUMENTATION

Views

Search

Toolbox

Advisories:rPSA-2009-0011

From rPath Wiki

Jump to: navigation, search

rPath Security Advisory 2009-0011-2

Published: 2009-01-20

Updated

2009-01-21 update to correct dependencies

Products

rPath Appliance Platform Linux Service 1
rPath Appliance Platform Linux Service 2
rPath Linux 1
rPath Linux 2

Rating

Minor

Exposure Level Classification

Local Root Non-Deterministic Weakness

Updated Versions

perl=conary.rpath.com@rpl:1/5.8.7-8.5-2
perl=conary.rpath.com@rpl:2/5.8.8-16-0.2

rPath Issue Tracking System

References

Description

Previous versions of Perl contained a race condition in the rmtree

function of the File::Path module that allowed local users to create

arbitrary setuid binaries via a symlink attack. This is a regression

related to CVE-2005-0448.

Additionally a double free vulnerability exists that allows

context-dependent attackers to cause a denial of service via a

crafted regular expression containing UTF8 characters.

21 Janurary 2009 Update: Rebuilt to correct perl dependencies.

Copyright 2009 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html

Retrieved from "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0011"

Categories: Support Issue | Advisories