Description: | Description:
The remote host is missing updates announced in advisory CLSA-2006:1056.
This announcement fixes the following four vulnerabilities in perl:
CVE-2005-0448 Race condition in the rmtree function in File::Path.pm in Perl allows local users to create arbitrary setuid binaries in the tree being deleted.
CVE-2005-0155 The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
CVE-2005-0156 Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
CVE-2005-3962 Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and Perl 5.8.6 allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap.
Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade'
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001056 http://www.perl.org/
Risk factor : Medium
CVSS Score: 4.6
|