USN-44-1: perl information leak

21 December 2004

perl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

A race condition and possible information leak has been discovered in Perl’s File::Path::rmtree(). This function changes the permission of files and directories before removing them to avoid problems with wrong permissions. However, they were made readable and writable not only for the owner, but for the entire world, which opened a race condition and a possible information leak (if the actual removal of a file/directory failed for some reason).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
perl-modules

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References