develooper Front page | perl.perl5.porters | Postings from April 2008

Fwd: [SECURITY] [DSA 1556-1] New perl packages fix denial of service

Thread Next
Spiros Denaxas
April 24, 2008 12:54
Fwd: [SECURITY] [DSA 1556-1] New perl packages fix denial of service
Message ID:

is this a case of the Debian-people doing something on their own or is
it already known. I somehow think I have encountered this before, not
sure. Apologies if this has been addressed before.


---------- Forwarded message ----------
From: Florian Weimer <>
Date: Thu, Apr 24, 2008 at 8:44 PM
Subject: [SECURITY] [DSA 1556-1] New perl packages fix denial of service

 Hash: SHA1

 - ------------------------------------------------------------------------
 Debian Security Advisory DSA-1556-1                                   Florian Weimer
 April 24, 2008              
 - ------------------------------------------------------------------------

 Package        : perl
 Vulnerability  : heap buffer overflow
 Problem type   : local (remote)
 Debian-specific: no
 CVE Id         : CVE-2008-1927
 Debian Bug     : 454792

 It has been discovered that the Perl interpreter may encounter a buffer
 overflow condition when compiling certain regular expressions containing
 Unicode characters.  This also happens if the offending characters are
 contained in a variable reference protected by the \Q...\E quoting
 construct.  When encountering this condition, the Perl interpreter
 typically crashes, but arbitrary code execution cannot be ruled out.

 For the stable distribution (etch), this problem has been fixed in
 version 5.8.8-7etch2.

 The unstable distribution (sid) will be fixed soon.

 We recommend that you upgrade your perl packages.

 Upgrade instructions
 - --------------------

 wget url
        will fetch the file for you
 dpkg -i file.deb
        will install the referenced file.

 If you are using the apt-get package manager, use the line for
 sources.list as given below:

 apt-get update
        will update the internal database
 apt-get upgrade
        will install corrected packages

 You may use an automated update by adding the resources from the
 footer to the proper configuration.

 Debian GNU/Linux 4.0 alias etch
 - -------------------------------

 Source archives:
    Size/MD5 checksum:     1033 a76db5d6c1c52e969641f262971d671b
    Size/MD5 checksum:    96868 456e57f3e1d3c9ec432175496a646030
    Size/MD5 checksum: 12829188 b8c118d4360846829beb30b02a6b91a7

 Architecture independent packages:
    Size/MD5 checksum:  2313432 dbbb5c3c64e2384db97b4b487610bc5e
    Size/MD5 checksum:  7348546 ed4582d9dede3e6c429d7501c3111e72
    Size/MD5 checksum:    40980 b0ff6226ffb342f1e2c8c53c32caf5b3

 alpha architecture (DEC Alpha)
    Size/MD5 checksum:  2928386 41db11aedf1d642eb51480cc470a8224
    Size/MD5 checksum:     1010 b69362a76dd48c17fbaff2359ec70265
    Size/MD5 checksum:   821430 ea7cb927f31fa3af3126b59f6d4eaa6f
    Size/MD5 checksum:    36236 221645a1bfb73e770341721b33ba8b85
    Size/MD5 checksum:  4149744 1259a2a2bd2a85bfcf64479cc85e199b
    Size/MD5 checksum:   879670 defb0e74374d71b16b438b874ba13a8b

 amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:    32800 22480b2f4bded243ae1f621f0fe59fef
    Size/MD5 checksum:   808850 61e1d09c98fb1fb5f12483ae9f63ab79
    Size/MD5 checksum:   630448 81613abb6e184e1ff68f673b3b08f3bd
    Size/MD5 checksum:  4238138 f1ecc46e8ea9796aae6c7874c283c57d
    Size/MD5 checksum:  2734908 3ca5eb6e7cc032d82753d33ad83b4a01
    Size/MD5 checksum:     1010 25a444e727fd3a6d204bc6a536dfa30d

 arm architecture (ARM)
    Size/MD5 checksum:  2547782 215f4806d209971c26a9e2512ed167de
    Size/MD5 checksum:   759522 2ccda175882dbc65cde4daa434732548
    Size/MD5 checksum:   561950 a2acd57d7f18526aed26b050231154ba
    Size/MD5 checksum:    30340 beae7b26e01fd5b0a4d8b5db515649f0
    Size/MD5 checksum:     1010 d1e558624e4e24aee24890df02555be5
    Size/MD5 checksum:  3409080 a4b034d2ffc6a29beda68107b2080e01

 hppa architecture (HP PA RISC)
    Size/MD5 checksum:  2735266 e1af1045ebc3795f553d32add1d76d64
    Size/MD5 checksum:    33196 a7514f8ff72218d50b6c79762fdd52c0
    Size/MD5 checksum:   869350 f3436a83fc1201da8f603cb27f996b35
    Size/MD5 checksum:     1014 deef1f78fc7d8c7171ec154090c62ed5
    Size/MD5 checksum:   693972 1bbba786896bff50ceac5d58dcfc6c37
    Size/MD5 checksum:  4195310 04541825adc3460e914bd3079174959f

 i386 architecture (Intel ia32)
    Size/MD5 checksum:  2491262 c99e05f4ae2cc54041eb0c47b9d43d14
    Size/MD5 checksum:   526958 91c2e4ff10f98219b062bc930d800bb9
    Size/MD5 checksum:    32074 fa1e0caf1940a0ff8665b82a2d2f26e3
    Size/MD5 checksum:  3583758 2dbf25e51b8cf7a082f7afd04427ffdc
    Size/MD5 checksum:   585400 133aee0f403d7c31abb59c32600de5c9
    Size/MD5 checksum:   760350 5864e59b250a597ea524357e603decbc

 ia64 architecture (Intel ia64)
    Size/MD5 checksum:    51282 930868ee78bf728282c2c779ae0e439e
    Size/MD5 checksum:  1153370 04a4c670d2ba5470234cd60e16362c12
    Size/MD5 checksum:   977470 a572348ac95a6050529871738a09eb45
    Size/MD5 checksum:  3364140 078fce96136de4f893678630237be8fa
    Size/MD5 checksum:  4335648 a96e0ee84c4024a0b49b61b7c7fb0b4b
    Size/MD5 checksum:     1014 c7f68e8b50d41aade5a7a3cdf75d4373

 mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:  2781044 f5e48f307a9bbc84d68c7f474e5a2541
    Size/MD5 checksum:    32222 1b5f5a124882606ceb2b4f5801081e7f
    Size/MD5 checksum:     1010 7b177e038a86893333a0ef2951489cbb
    Size/MD5 checksum:   693726 64abc926643ec3fa1dc3189948491772
    Size/MD5 checksum:   785736 8a67775aaba9228bc9c1b100f2f5f3d1
    Size/MD5 checksum:  3678816 6b60afdd9010bac0d2a9f353ba5d249b

 mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   784398 fd31742e635dd9c0fe468c6bfa5a0d40
    Size/MD5 checksum:  2729530 c91ec6207992ff835d3f7eaf4e188a76
    Size/MD5 checksum:    32336 52f9c48eaf781eb3c1356705f7ae143f
    Size/MD5 checksum:  3413324 0fe5f12ac26b6dfb335d55db699a0cc6
    Size/MD5 checksum:   687108 54d8b8b5c7ab9ddd96cc1eb00174a5ba
    Size/MD5 checksum:     1016 72acf47685af2821bcd7120c3288d16f

 powerpc architecture (PowerPC)
    Size/MD5 checksum:    32908 377ca57ed879c2d325dfbd2ece75d3f3
    Size/MD5 checksum:  2709324 0f9215154a4caba359525de6b92a7a9c
    Size/MD5 checksum:   653286 7a9fdda2a07cbcf721f2200de30cbb12
    Size/MD5 checksum:  3824700 23d8303bbba2cb597fa250b4caa0a565
    Size/MD5 checksum:     1006 644993449bbeb42ae0f145d46d422431
    Size/MD5 checksum:   810628 3082d54b4866297abf981f5bd4b45521

 s390 architecture (IBM S/390)
    Size/MD5 checksum:     1012 f2ddd8fcaa8cc11d8472da9719ddf757
    Size/MD5 checksum:  2796222 45bb1fa51a3420a040373c3671fa0466
    Size/MD5 checksum:   823028 733c85331bb3327f4c8a1bec6e231091
    Size/MD5 checksum:  4099882 7e7c3d76475f2a488070d2e9538a9f3f
    Size/MD5 checksum:    33094 7740f1d01184c5931e943bdb0aa00185
    Size/MD5 checksum:   633506 3dd38df3fedd8f6a9d8bec505bc9f60b

  These files will probably be moved into the stable distribution on
  its next update.

 - ---------------------------------------------------------------------------------
 For apt-get: deb stable/updates main
 For dpkg-ftp:
 Mailing list:
 Package info: `apt-cache show <pkg>' and<pkg>
 Version: GnuPG v1.4.6 (GNU/Linux)


 To UNSUBSCRIBE, email to
 with a subject of "unsubscribe". Trouble? Contact

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About