Ubuntu Security Notice USN-70-1
25th January, 2005
libdbi-perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 4.10
Details
Javier Fern�ez-Sanguino Pe�rom the Debian Security Audit Project
discovered that the module DBI::ProxyServer in Perl's DBI library
created a PID file in an insecure manner. This could allow a symbolic
link attack to create or overwrite arbitrary files with the privileges
of the user invoking a program using this module (like 'dbiproxy').
Now the module does not create a such a PID file by default.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 4.10:
- libdbi-perl
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None