__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Perl Security Update [Red Hat RHSA-2007:0966-5] November 7, 2007 15:00 GMT Number S-038 [REVISED 09 Nov 2007] ______________________________________________________________________________ PROBLEM: A flaw was found in Perl's regular expression engine. PLATFORM: Red Hat Desktop (v. 3, v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 3, v. 4, v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) Debian GNU/Linux 3.1 (sarge) and 4.0 (etch) DAMAGE: Arbitrary code running with the permissions of the user running Perl. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. Specially crafted input to a regular ASSESSMENT: expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-038.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0966.html ADDITONAL LINK: http://www.debian.org/security/2007-dsa-1400 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-5116 ______________________________________________________________________________ REVISION HISTORY: 11/09/2007 - revised S-038 to add a link to Debian Security Advisory DSA-1400-1 for Debian GNU/Linux 3.1 (sarge) and 4.0 (etch). [***** Start Red Hat RHSA-2007:0966-5 *****] Important: perl security update Advisory: RHSA-2007:0966-5 Type: Security Advisory Severity: Important Issued on: 2007-11-05 Last updated on: 2007-11-05 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) OVAL: com.redhat.rhsa-20070966.xml CVEs (cve.mitre.org): CVE-2007-5116 Details Updated Perl packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl. (CVE-2007-5116) Users of Perl are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing this issue. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: perl-5.8.0-97.EL3.src.rpm 2e856bc3cc39e71d98848cfa162c6bfb IA-32: perl-5.8.0-97.EL3.i386.rpm 08110ae481534b78aca8583e466d0d11 perl-CGI-2.89-97.EL3.i386.rpm 84b160db5c07c87cb35a5b0911778b6d perl-CPAN-1.61-97.EL3.i386.rpm b8d85a465f3e1358d3f3646005f5247c perl-DB_File-1.806-97.EL3.i386.rpm 55383931393e8ccfae6d20f5988878a1 perl-suidperl-5.8.0-97.EL3.i386.rpm b9b06f99e1078fefc178582b03a508bf x86_64: perl-5.8.0-97.EL3.x86_64.rpm 019400b949f68db6ee1922ffb9dec9fa perl-CGI-2.89-97.EL3.x86_64.rpm 297b7c738c1eed805e55121c575153e8 perl-CPAN-1.61-97.EL3.x86_64.rpm 9fe0bfb15b169b385af387b3a72a1227 perl-DB_File-1.806-97.EL3.x86_64.rpm 0ba63fa437a712587b758160ca6b3570 perl-suidperl-5.8.0-97.EL3.x86_64.rpm 0179496930519b1954ec9f50f3aefb1d Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: perl-5.8.5-36.el4_5.2.src.rpm daab18b1dafbe8d3176bc8be5d39b428 IA-32: perl-5.8.5-36.el4_5.2.i386.rpm f1161acf28aa300ac3a56196e41bc0c0 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm efc4e73d1b8afcb409b7e237442ae0b1 x86_64: perl-5.8.5-36.el4_5.2.x86_64.rpm d3b72a8a2577ad7fc59b05ee2c31c806 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm de5d8bf1735c31e69aa74ce1921b7610 Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: perl-5.8.8-10.el5_0.2.src.rpm 80ae3681c13ce42f0ca7f7b0d3f65ad9 IA-32: perl-5.8.8-10.el5_0.2.i386.rpm 4c75d8927b2d9b48ea8eff28bd815f58 perl-suidperl-5.8.8-10.el5_0.2.i386.rpm 069f811d020867de13242a28c1050cfb IA-64: perl-5.8.8-10.el5_0.2.ia64.rpm 92ac4f52c137c7406da353b7d8463034 perl-suidperl-5.8.8-10.el5_0.2.ia64.rpm 50749b5171123f123890bd9cc5dd07d6 PPC: perl-5.8.8-10.el5_0.2.ppc.rpm 8820cedc46e66a62e5fdd1ac949c4b8f perl-suidperl-5.8.8-10.el5_0.2.ppc.rpm 702ab8dfbb86555057782d04e6892ed5 s390x: perl-5.8.8-10.el5_0.2.s390x.rpm 05056e414bd207108f1a4b46f4186631 perl-suidperl-5.8.8-10.el5_0.2.s390x.rpm 1542ed29a717c3cb39cf521c7ff11caf x86_64: perl-5.8.8-10.el5_0.2.x86_64.rpm 7fb4459c9e02e7b698b72a1cf885ddd1 perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm 8dbbca6942da4350cb3921ded784055f Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: perl-5.8.0-97.EL3.src.rpm 2e856bc3cc39e71d98848cfa162c6bfb IA-32: perl-5.8.0-97.EL3.i386.rpm 08110ae481534b78aca8583e466d0d11 perl-CGI-2.89-97.EL3.i386.rpm 84b160db5c07c87cb35a5b0911778b6d perl-CPAN-1.61-97.EL3.i386.rpm b8d85a465f3e1358d3f3646005f5247c perl-DB_File-1.806-97.EL3.i386.rpm 55383931393e8ccfae6d20f5988878a1 perl-suidperl-5.8.0-97.EL3.i386.rpm b9b06f99e1078fefc178582b03a508bf IA-64: perl-5.8.0-97.EL3.ia64.rpm 8daacbf394685b47dcd68cb3a1c87bee perl-CGI-2.89-97.EL3.ia64.rpm 46b2846b37ca14e8e4ebd960435a2e3a perl-CPAN-1.61-97.EL3.ia64.rpm dc6f8cad4ca4779ff43fad3d99599d87 perl-DB_File-1.806-97.EL3.ia64.rpm ba5572804a0300adcf821914806bfed1 perl-suidperl-5.8.0-97.EL3.ia64.rpm e0944c1db59ba589012b7dac36521de9 PPC: perl-5.8.0-97.EL3.ppc.rpm e615fd2475ce99ca74d5a4956b042f77 perl-CGI-2.89-97.EL3.ppc.rpm 795d3acbb9c53adc03d794fc149b68ee perl-CPAN-1.61-97.EL3.ppc.rpm 6db24a415cbd5ec6d4cf010c8e438191 perl-DB_File-1.806-97.EL3.ppc.rpm 3c187eb1c14ba3abb3e995b98f3252c7 perl-suidperl-5.8.0-97.EL3.ppc.rpm c5f452f0c24cc1d8481eaaf01ac328e2 s390: perl-5.8.0-97.EL3.s390.rpm 2a72259ab24620832ecb561959117eed perl-CGI-2.89-97.EL3.s390.rpm 12183a27b2ff2de7d789e8aa5f1108b5 perl-CPAN-1.61-97.EL3.s390.rpm 428a1688d05660f07bc492147d041bad perl-DB_File-1.806-97.EL3.s390.rpm 3096dd9080963cfceeac8bf95261f01d perl-suidperl-5.8.0-97.EL3.s390.rpm c3bd3d5726b222cd77e15cfecf5efda5 s390x: perl-5.8.0-97.EL3.s390x.rpm 52f0e7173410f550c5c26bbe79f7f29d perl-CGI-2.89-97.EL3.s390x.rpm 878d39ad48bac5bc724083d6fafc5bac perl-CPAN-1.61-97.EL3.s390x.rpm 3f3b35f013b39d6f736d832b4a877be2 perl-DB_File-1.806-97.EL3.s390x.rpm 3ce11d8210bd2a35484c4e66eae587e4 perl-suidperl-5.8.0-97.EL3.s390x.rpm 96df21531273fa0e5ea61a2e94274535 x86_64: perl-5.8.0-97.EL3.x86_64.rpm 019400b949f68db6ee1922ffb9dec9fa perl-CGI-2.89-97.EL3.x86_64.rpm 297b7c738c1eed805e55121c575153e8 perl-CPAN-1.61-97.EL3.x86_64.rpm 9fe0bfb15b169b385af387b3a72a1227 perl-DB_File-1.806-97.EL3.x86_64.rpm 0ba63fa437a712587b758160ca6b3570 perl-suidperl-5.8.0-97.EL3.x86_64.rpm 0179496930519b1954ec9f50f3aefb1d Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: perl-5.8.5-36.el4_5.2.src.rpm daab18b1dafbe8d3176bc8be5d39b428 IA-32: perl-5.8.5-36.el4_5.2.i386.rpm f1161acf28aa300ac3a56196e41bc0c0 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm efc4e73d1b8afcb409b7e237442ae0b1 IA-64: perl-5.8.5-36.el4_5.2.ia64.rpm 7d7126bde8dce636b1829855a3179925 perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm 5facb1cdc620ed11ef59d3bc1743c731 PPC: perl-5.8.5-36.el4_5.2.ppc.rpm 3ead10eac85b4511ba84c5caa2fcd4fe perl-suidperl-5.8.5-36.el4_5.2.ppc.rpm f9e58d14af224e7e7a854af2b4c238a3 s390: perl-5.8.5-36.el4_5.2.s390.rpm 083df771d205431a023ce3106b3abc62 perl-suidperl-5.8.5-36.el4_5.2.s390.rpm 15ff0e8a816551349bfcfdc0adb3cd52 s390x: perl-5.8.5-36.el4_5.2.s390x.rpm d337f71d48b8577bb6fb32497cf43799 perl-suidperl-5.8.5-36.el4_5.2.s390x.rpm 195293ce097b26f3e219ba9697c66445 x86_64: perl-5.8.5-36.el4_5.2.x86_64.rpm d3b72a8a2577ad7fc59b05ee2c31c806 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm de5d8bf1735c31e69aa74ce1921b7610 Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: perl-5.8.8-10.el5_0.2.src.rpm 80ae3681c13ce42f0ca7f7b0d3f65ad9 IA-32: perl-5.8.8-10.el5_0.2.i386.rpm 4c75d8927b2d9b48ea8eff28bd815f58 perl-suidperl-5.8.8-10.el5_0.2.i386.rpm 069f811d020867de13242a28c1050cfb x86_64: perl-5.8.8-10.el5_0.2.x86_64.rpm 7fb4459c9e02e7b698b72a1cf885ddd1 perl-suidperl-5.8.8-10.el5_0.2.x86_64.rpm 8dbbca6942da4350cb3921ded784055f Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: perl-5.8.0-97.EL3.src.rpm 2e856bc3cc39e71d98848cfa162c6bfb IA-32: perl-5.8.0-97.EL3.i386.rpm 08110ae481534b78aca8583e466d0d11 perl-CGI-2.89-97.EL3.i386.rpm 84b160db5c07c87cb35a5b0911778b6d perl-CPAN-1.61-97.EL3.i386.rpm b8d85a465f3e1358d3f3646005f5247c perl-DB_File-1.806-97.EL3.i386.rpm 55383931393e8ccfae6d20f5988878a1 perl-suidperl-5.8.0-97.EL3.i386.rpm b9b06f99e1078fefc178582b03a508bf IA-64: perl-5.8.0-97.EL3.ia64.rpm 8daacbf394685b47dcd68cb3a1c87bee perl-CGI-2.89-97.EL3.ia64.rpm 46b2846b37ca14e8e4ebd960435a2e3a perl-CPAN-1.61-97.EL3.ia64.rpm dc6f8cad4ca4779ff43fad3d99599d87 perl-DB_File-1.806-97.EL3.ia64.rpm ba5572804a0300adcf821914806bfed1 perl-suidperl-5.8.0-97.EL3.ia64.rpm e0944c1db59ba589012b7dac36521de9 x86_64: perl-5.8.0-97.EL3.x86_64.rpm 019400b949f68db6ee1922ffb9dec9fa perl-CGI-2.89-97.EL3.x86_64.rpm 297b7c738c1eed805e55121c575153e8 perl-CPAN-1.61-97.EL3.x86_64.rpm 9fe0bfb15b169b385af387b3a72a1227 perl-DB_File-1.806-97.EL3.x86_64.rpm 0ba63fa437a712587b758160ca6b3570 perl-suidperl-5.8.0-97.EL3.x86_64.rpm 0179496930519b1954ec9f50f3aefb1d Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: perl-5.8.5-36.el4_5.2.src.rpm daab18b1dafbe8d3176bc8be5d39b428 IA-32: perl-5.8.5-36.el4_5.2.i386.rpm f1161acf28aa300ac3a56196e41bc0c0 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm efc4e73d1b8afcb409b7e237442ae0b1 IA-64: perl-5.8.5-36.el4_5.2.ia64.rpm 7d7126bde8dce636b1829855a3179925 perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm 5facb1cdc620ed11ef59d3bc1743c731 x86_64: perl-5.8.5-36.el4_5.2.x86_64.rpm d3b72a8a2577ad7fc59b05ee2c31c806 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm de5d8bf1735c31e69aa74ce1921b7610 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: perl-5.8.0-97.EL3.src.rpm 2e856bc3cc39e71d98848cfa162c6bfb IA-32: perl-5.8.0-97.EL3.i386.rpm 08110ae481534b78aca8583e466d0d11 perl-CGI-2.89-97.EL3.i386.rpm 84b160db5c07c87cb35a5b0911778b6d perl-CPAN-1.61-97.EL3.i386.rpm b8d85a465f3e1358d3f3646005f5247c perl-DB_File-1.806-97.EL3.i386.rpm 55383931393e8ccfae6d20f5988878a1 perl-suidperl-5.8.0-97.EL3.i386.rpm b9b06f99e1078fefc178582b03a508bf IA-64: perl-5.8.0-97.EL3.ia64.rpm 8daacbf394685b47dcd68cb3a1c87bee perl-CGI-2.89-97.EL3.ia64.rpm 46b2846b37ca14e8e4ebd960435a2e3a perl-CPAN-1.61-97.EL3.ia64.rpm dc6f8cad4ca4779ff43fad3d99599d87 perl-DB_File-1.806-97.EL3.ia64.rpm ba5572804a0300adcf821914806bfed1 perl-suidperl-5.8.0-97.EL3.ia64.rpm e0944c1db59ba589012b7dac36521de9 x86_64: perl-5.8.0-97.EL3.x86_64.rpm 019400b949f68db6ee1922ffb9dec9fa perl-CGI-2.89-97.EL3.x86_64.rpm 297b7c738c1eed805e55121c575153e8 perl-CPAN-1.61-97.EL3.x86_64.rpm 9fe0bfb15b169b385af387b3a72a1227 perl-DB_File-1.806-97.EL3.x86_64.rpm 0ba63fa437a712587b758160ca6b3570 perl-suidperl-5.8.0-97.EL3.x86_64.rpm 0179496930519b1954ec9f50f3aefb1d Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: perl-5.8.5-36.el4_5.2.src.rpm daab18b1dafbe8d3176bc8be5d39b428 IA-32: perl-5.8.5-36.el4_5.2.i386.rpm f1161acf28aa300ac3a56196e41bc0c0 perl-suidperl-5.8.5-36.el4_5.2.i386.rpm efc4e73d1b8afcb409b7e237442ae0b1 IA-64: perl-5.8.5-36.el4_5.2.ia64.rpm 7d7126bde8dce636b1829855a3179925 perl-suidperl-5.8.5-36.el4_5.2.ia64.rpm 5facb1cdc620ed11ef59d3bc1743c731 x86_64: perl-5.8.5-36.el4_5.2.x86_64.rpm d3b72a8a2577ad7fc59b05ee2c31c806 perl-suidperl-5.8.5-36.el4_5.2.x86_64.rpm de5d8bf1735c31e69aa74ce1921b7610 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 323571 - CVE-2007-5116 perl regular expression UTF parsing errors References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116 http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:0966-5 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) S-028: Vulnerability in Java Runtime Environment Virtual Machine S-029: IBM Lotus Notes Vulnerabilities S-030: Adobe Security Update S-031: RSA Keon Vulnerability S-032: CUPS Security Update and Bug Fix Update S-033: AIX lqueryvg Buffer Overflow Vulnerability S-034: SonicWall NetExtender NELaunchCtrl ActiveX Vulnerability S-035: Perdition Format String Error S-036: Mono Vulnerability S-037: Perl-Compatible Regular Expression (PCRE) Vulnerabilities