USN-44-1: perl information leak

Ubuntu Security Notice USN-44-1

21st December, 2004

perl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Details

A race condition and possible information leak has been discovered in
Perl's File::Path::rmtree(). This function changes the permission of
files and directories before removing them to avoid problems with
wrong permissions. However, they were made readable and writable not
only for the owner, but for the entire world, which opened a race
condition and a possible information leak (if the actual removal of a
file/directory failed for some reason).

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 4.10:
perl-modules

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

None

References

CVE-2004-0452