Red Hat 9036 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: perl security update
Advisory ID: RHSA-2007:0966-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0966.html
Issue date: 2007-11-05
Updated on: 2007-11-05
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-5116
- ---------------------------------------------------------------------

1. Summary:

Updated Perl packages that fix a security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

Perl is a high-level programming language commonly used for system
administration utilities and Web programming.

A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl. (CVE-2007-5116)

Users of Perl are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.

Red Hat would like to thank Tavis Ormandy and Will Drewry for properly
disclosing this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

323571 - CVE-2007-5116 perl regular expression UTF parsing errors

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb perl-5.8.0-97.EL3.src.rpm

i386:
08110ae481534b78aca8583e466d0d11 perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1 perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4 perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf perl-suidperl-5.8.0-97.EL3.i386.rpm

ia64:
8daacbf394685b47dcd68cb3a1c87bee perl-5.8.0-97.EL3.ia64.rpm
46b2846b37ca14e8e4ebd960435a2e3a perl-CGI-2.89-97.EL3.ia64.rpm
dc6f8cad4ca4779ff43fad3d99599d87 perl-CPAN-1.61-97.EL3.ia64.rpm
ba5572804a0300adcf821914806bfed1 perl-DB_File-1.806-97.EL3.ia64.rpm
1e9a1cccea333cd08b27c48793163ffb perl-debuginfo-5.8.0-97.EL3.ia64.rpm
e0944c1db59ba589012b7dac36521de9 perl-suidperl-5.8.0-97.EL3.ia64.rpm

ppc:
e615fd2475ce99ca74d5a4956b042f77 perl-5.8.0-97.EL3.ppc.rpm
795d3acbb9c53adc03d794fc149b68ee perl-CGI-2.89-97.EL3.ppc.rpm
6db24a415cbd5ec6d4cf010c8e438191 perl-CPAN-1.61-97.EL3.ppc.rpm
3c187eb1c14ba3abb3e995b98f3252c7 perl-DB_File-1.806-97.EL3.ppc.rpm
ae0a212933e8b2c1e3c0d77f1e64c39c perl-debuginfo-5.8.0-97.EL3.ppc.rpm
c5f452f0c24cc1d8481eaaf01ac328e2 perl-suidperl-5.8.0-97.EL3.ppc.rpm

s390:
2a72259ab24620832ecb561959117eed perl-5.8.0-97.EL3.s390.rpm
12183a27b2ff2de7d789e8aa5f1108b5 perl-CGI-2.89-97.EL3.s390.rpm
428a1688d05660f07bc492147d041bad perl-CPAN-1.61-97.EL3.s390.rpm
3096dd9080963cfceeac8bf95261f01d perl-DB_File-1.806-97.EL3.s390.rpm
39842e40fa258dd16f3b434df44eba4a perl-debuginfo-5.8.0-97.EL3.s390.rpm
c3bd3d5726b222cd77e15cfecf5efda5 perl-suidperl-5.8.0-97.EL3.s390.rpm

s390x:
52f0e7173410f550c5c26bbe79f7f29d perl-5.8.0-97.EL3.s390x.rpm
878d39ad48bac5bc724083d6fafc5bac perl-CGI-2.89-97.EL3.s390x.rpm
3f3b35f013b39d6f736d832b4a877be2 perl-CPAN-1.61-97.EL3.s390x.rpm
3ce11d8210bd2a35484c4e66eae587e4 perl-DB_File-1.806-97.EL3.s390x.rpm
efee43aed37dbe6750cf9d2a96edb630 perl-debuginfo-5.8.0-97.EL3.s390x.rpm
96df21531273fa0e5ea61a2e94274535 perl-suidperl-5.8.0-97.EL3.s390x.rpm

x86_64:
019400b949f68db6ee1922ffb9dec9fa perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8 perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227 perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570 perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3 perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d perl-suidperl-5.8.0-97.EL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb perl-5.8.0-97.EL3.src.rpm

i386:
08110ae481534b78aca8583e466d0d11 perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1 perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4 perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf perl-suidperl-5.8.0-97.EL3.i386.rpm

x86_64:
019400b949f68db6ee1922ffb9dec9fa perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8 perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227 perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570 perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3 perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d perl-suidperl-5.8.0-97.EL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb perl-5.8.0-97.EL3.src.rpm

i386:
08110ae481534b78aca8583e466d0d11 perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1 perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4 perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf perl-suidperl-5.8.0-97.EL3.i386.rpm

ia64:
8daacbf394685b47dcd68cb3a1c87bee perl-5.8.0-97.EL3.ia64.rpm
46b2846b37ca14e8e4ebd960435a2e3a perl-CGI-2.89-97.EL3.ia64.rpm
dc6f8cad4ca4779ff43fad3d99599d87 perl-CPAN-1.61-97.EL3.ia64.rpm
ba5572804a0300adcf821914806bfed1 perl-DB_File-1.806-97.EL3.ia64.rpm
1e9a1cccea333cd08b27c48793163ffb perl-debuginfo-5.8.0-97.EL3.ia64.rpm
e0944c1db59ba589012b7dac36521de9 perl-suidperl-5.8.0-97.EL3.ia64.rpm

x86_64:
019400b949f68db6ee1922ffb9dec9fa perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8 perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227 perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570 perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3 perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d perl-suidperl-5.8.0-97.EL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/perl-5.8.0-97.EL3.src.rpm
2e856bc3cc39e71d98848cfa162c6bfb perl-5.8.0-97.EL3.src.rpm

i386:
08110ae481534b78aca8583e466d0d11 perl-5.8.0-97.EL3.i386.rpm
84b160db5c07c87cb35a5b0911778b6d perl-CGI-2.89-97.EL3.i386.rpm
b8d85a465f3e1358d3f3646005f5247c perl-CPAN-1.61-97.EL3.i386.rpm
55383931393e8ccfae6d20f5988878a1 perl-DB_File-1.806-97.EL3.i386.rpm
740d8f97dc683b8ce7d81889ea2caaf4 perl-debuginfo-5.8.0-97.EL3.i386.rpm
b9b06f99e1078fefc178582b03a508bf perl-suidperl-5.8.0-97.EL3.i386.rpm

ia64:
8daacbf394685b47dcd68cb3a1c87bee perl-5.8.0-97.EL3.ia64.rpm
46b2846b37ca14e8e4ebd960435a2e3a perl-CGI-2.89-97.EL3.ia64.rpm
dc6f8cad4ca4779ff43fad3d99599d87 perl-CPAN-1.61-97.EL3.ia64.rpm
ba5572804a0300adcf821914806bfed1 perl-DB_File-1.806-97.EL3.ia64.rpm
1e9a1cccea333cd08b27c48793163ffb perl-debuginfo-5.8.0-97.EL3.ia64.rpm
e0944c1db59ba589012b7dac36521de9 perl-suidperl-5.8.0-97.EL3.ia64.rpm

x86_64:
019400b949f68db6ee1922ffb9dec9fa perl-5.8.0-97.EL3.x86_64.rpm
297b7c738c1eed805e55121c575153e8 perl-CGI-2.89-97.EL3.x86_64.rpm
9fe0bfb15b169b385af387b3a72a1227 perl-CPAN-1.61-97.EL3.x86_64.rpm
0ba63fa437a712587b758160ca6b3570 perl-DB_File-1.806-97.EL3.x86_64.rpm
e332067ed6df2e02478d11d218b9dec3 perl-debuginfo-5.8.0-97.EL3.x86_64.rpm
0179496930519b1954ec9f50f3aefb1d perl-suidperl-5.8.0-97.EL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428 perl-5.8.5-36.el4_5.2.src.rpm

i386:
f1161acf28aa300ac3a56196e41bc0c0 perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960 perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm

ia64:
7d7126bde8dce636b1829855a3179925 perl-5.8.5-36.el4_5.2.ia64.rpm
6a32482132d4ecc5176a3251daac6d55 perl-debuginfo-5.8.5-36.el4_5.2.ia64.rpm
5facb1cdc620ed11ef59d3bc1743c731 perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm

ppc:
3ead10eac85b4511ba84c5caa2fcd4fe perl-5.8.5-36.el4_5.2.ppc.rpm
90d3f87db8da1a5c64262a6789e21e72 perl-debuginfo-5.8.5-36.el4_5.2.ppc.rpm
f9e58d14af224e7e7a854af2b4c238a3 perl-suidperl-5.8.5-36.el4_5.2.ppc.rpm

s390:
083df771d205431a023ce3106b3abc62 perl-5.8.5-36.el4_5.2.s390.rpm
bb60f65df1e7ae736d85420fea4a5e5b perl-debuginfo-5.8.5-36.el4_5.2.s390.rpm
15ff0e8a816551349bfcfdc0adb3cd52 perl-suidperl-5.8.5-36.el4_5.2.s390.rpm

s390x:
d337f71d48b8577bb6fb32497cf43799 perl-5.8.5-36.el4_5.2.s390x.rpm
db8498f048c019f311f85a8df10654af perl-debuginfo-5.8.5-36.el4_5.2.s390x.rpm
195293ce097b26f3e219ba9697c66445 perl-suidperl-5.8.5-36.el4_5.2.s390x.rpm

x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806 perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428 perl-5.8.5-36.el4_5.2.src.rpm

i386:
f1161acf28aa300ac3a56196e41bc0c0 perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960 perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm

x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806 perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428 perl-5.8.5-36.el4_5.2.src.rpm

i386:
f1161acf28aa300ac3a56196e41bc0c0 perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960 perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm

ia64:
7d7126bde8dce636b1829855a3179925 perl-5.8.5-36.el4_5.2.ia64.rpm
6a32482132d4ecc5176a3251daac6d55 perl-debuginfo-5.8.5-36.el4_5.2.ia64.rpm
5facb1cdc620ed11ef59d3bc1743c731 perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm

x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806 perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/perl-5.8.5-36.el4_5.2.src.rpm
daab18b1dafbe8d3176bc8be5d39b428 perl-5.8.5-36.el4_5.2.src.rpm

i386:
f1161acf28aa300ac3a56196e41bc0c0 perl-5.8.5-36.el4_5.2.i386.rpm
71f9fe459a1f55c07e74395caea1c960 perl-debuginfo-5.8.5-36.el4_5.2.i386.rpm
efc4e73d1b8afcb409b7e237442ae0b1 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm

ia64:
7d7126bde8dce636b1829855a3179925 perl-5.8.5-36.el4_5.2.ia64.rpm
6a32482132d4ecc5176a3251daac6d55 perl-debuginfo-5.8.5-36.el4_5.2.ia64.rpm
5facb1cdc620ed11ef59d3bc1743c731 perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm

x86_64:
d3b72a8a2577ad7fc59b05ee2c31c806 perl-5.8.5-36.el4_5.2.x86_64.rpm
6152ce32ff44dc9f6266ec7b689a2a6a perl-debuginfo-5.8.5-36.el4_5.2.x86_64.rpm
de5d8bf1735c31e69aa74ce1921b7610 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/perl-5.8.8-10.el5_0.2.src.rpm
80ae3681c13ce42f0ca7f7b0d3f65ad9 perl-5.8.8-10.el5_0.2.src.rpm

i386:
4c75d8927b2d9b48ea8eff28bd815f58 perl-5.8.8-10.el5_0.2.i386.rpm
fe7c4efeb215effd89f4b651dbd6ee29 perl-debuginfo-5.8.8-10.el5_0.2.i386.rpm
069f811d020867de13242a28c1050cfb perl-suidperl-5.8.8-10.el5_0.2.i386.rpm

x86_64:
7fb4459c9e02e7b698b72a1cf885ddd1 perl-5.8.8-10.el5_0.2.x86_64.rpm
58269ad060a5dcdb8522ec496aa9784b perl-debuginfo-5.8.8-10.el5_0.2.x86_64.rpm
8dbbca6942da4350cb3921ded784055f perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/perl-5.8.8-10.el5_0.2.src.rpm
80ae3681c13ce42f0ca7f7b0d3f65ad9 perl-5.8.8-10.el5_0.2.src.rpm

i386:
4c75d8927b2d9b48ea8eff28bd815f58 perl-5.8.8-10.el5_0.2.i386.rpm
fe7c4efeb215effd89f4b651dbd6ee29 perl-debuginfo-5.8.8-10.el5_0.2.i386.rpm
069f811d020867de13242a28c1050cfb perl-suidperl-5.8.8-10.el5_0.2.i386.rpm

ia64:
92ac4f52c137c7406da353b7d8463034 perl-5.8.8-10.el5_0.2.ia64.rpm
df83934e1aca8c50ac331822f054eb20 perl-debuginfo-5.8.8-10.el5_0.2.ia64.rpm
50749b5171123f123890bd9cc5dd07d6 perl-suidperl-5.8.8-10.el5_0.2.ia64.rpm

ppc:
8820cedc46e66a62e5fdd1ac949c4b8f perl-5.8.8-10.el5_0.2.ppc.rpm
d0ed851ad533205fa5cca7099337af41 perl-debuginfo-5.8.8-10.el5_0.2.ppc.rpm
702ab8dfbb86555057782d04e6892ed5 perl-suidperl-5.8.8-10.el5_0.2.ppc.rpm

s390x:
05056e414bd207108f1a4b46f4186631 perl-5.8.8-10.el5_0.2.s390x.rpm
f9f28930496ed8dbaa84573a573c9279 perl-debuginfo-5.8.8-10.el5_0.2.s390x.rpm
1542ed29a717c3cb39cf521c7ff11caf perl-suidperl-5.8.8-10.el5_0.2.s390x.rpm

x86_64:
7fb4459c9e02e7b698b72a1cf885ddd1 perl-5.8.8-10.el5_0.2.x86_64.rpm
58269ad060a5dcdb8522ec496aa9784b perl-debuginfo-5.8.8-10.el5_0.2.x86_64.rpm
8dbbca6942da4350cb3921ded784055f perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHL0S0XlSAg2UNWIIRAtsOAJ4kMVBGRohsuJMB12k5McaG5J2xEQCfR736
AF9SXL0qcaLJG8IuR4VFHNk=
=C25p
-----END PGP SIGNATURE-----