(Fwd) Re: [linux-security] SECURITY: vulnerability in sperl

mattg mattg at cheerful.com
Sat Apr 19 21:51:34 EDT 1997 

FYI...

------- Forwarded Message Follows -------
Date:          Fri, 18 Apr 1997 21:09:01 -0700
To:            linux-security at redhat.com
From:          Webmaster <webmaster at perl.org>
Subject:       Re: [linux-security] SECURITY: vulnerability in sperl
Cc:            redhat-announce-list at redhat.com
Reply-to:      redhat-list at redhat.com

-----BEGIN PGP SIGNED MESSAGE-----

At 10:15 AM 4/18/97 -0400, Erik Troan wrote:
>
>Red Hat Software has been notified of a critical security problem (a buffer
>overrun) in /usr/bin/sperl*. As no official fix for this problem exists,
>we recommend turning off the setuid bit on /usr/bin/sperl*. As far as
>we know, this problem affects all platforms and all versions.
>
>As soon as a fix is available we will release a new version of the perl
>package and announce it here. If no fix seems forthcoming, we will issue
>a new package w/o the setuid bit enabled on /usr/sbin/sperl.

A patch for 5.003_97f has appeared on the Perl5-Porters list.  The entire
codebase is being examined line by line to find any other such conditions.

>You can disable the exploits for this bug with the following command:
>
>	chmod u-s /usr/bin/sperl*

Perl 5.003_97g was released tonight.  It should fix that bug.  Any other
overflow problems will be caught and killed before the 5.004 release.  


-----BEGIN PGP SIGNATURE-----
Version: 4.5

iQEVAwUBM1hFNyHKgQer03QZAQGeFwf+K6lAuHjqGjHH6wN/joXbnJnuusCZ3Usv
sjRjqiBQ0/yUriK88ghjQOImgY/P2pxu1kDzpB/gt1hbl+miVTZ9HAhWxO5Izou7
fZHPvLA0xOeaRmBXk3EszIbVtZKvwkhHPeJSMXiseOcaPF+r5zCGontiL2Vze2Hy
bqeuECMo3MtUa+be1/6KN2aDdHAvJ1nidOwMoPwcQG1QULlaig0C3dKRYq2dwWWP
OFgC7gLwUmWN3exV7p2qxG5rgEhNvsgkWBWOnnkCG5qZk+QgrFRvGxrh3Wlb7Dha
qiqsya58EDoTemoYTb7vvpNCoX+uynl2i+y7xcXxm/xZGe2wIFO4cw==
=TpSH
-----END PGP SIGNATURE-----

Alan Olsen             "Mi Tio es infermo, pero la carretera es verde!"
Webmaster               
The Perl Institute                   
webmaster at perl.org                    

--
To unsubscribe:
mail -s unsubscribe redhat-announce-list-request at redhat.com < /dev/null

More information about the Discuss mailing list