Ubuntu Security Notice USN-700-1
23rd December, 2008
libarchive-tar-perl, perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.10
- Ubuntu 8.04 LTS
- Ubuntu 7.10
- Ubuntu 6.06 LTS
Software description
- libarchive-tar-perl
- perl
Details
Jonathan Smith discovered that the Archive::Tar Perl module did not
correctly handle symlinks when extracting archives. If a user or
automated system were tricked into opening a specially crafted tar file,
a remote attacker could over-write arbitrary files. (CVE-2007-4829)
Tavis Ormandy and Will Drewry discovered that Perl did not correctly
handle certain utf8 characters in regular expressions. If a user or
automated system were tricked into using a specially crafted expression,
a remote attacker could crash the application, leading to a denial
of service. Ubuntu 8.10 was not affected by this issue. (CVE-2008-1927)
A race condition was discovered in the File::Path Perl module's rmtree
function. If a local attacker successfully raced another user's call
of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06
and 8.10 were not affected by this issue. (CVE-2008-5302)
A race condition was discovered in the File::Path Perl module's rmtree
function. If a local attacker successfully raced another user's call of
rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected
by this issue. (CVE-2008-5303)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.10:
- perl-modules 5.10.0-11.1ubuntu2.2
- Ubuntu 8.04 LTS:
- libarchive-tar-perl 1.36-1ubuntu0.1
- perl-modules 5.8.8-12ubuntu0.3
- libperl5.8 5.8.8-12ubuntu0.3
- Ubuntu 7.10:
- libarchive-tar-perl 1.31-1ubuntu0.1
- perl-modules 5.8.8-7ubuntu3.4
- libperl5.8 5.8.8-7ubuntu3.4
- Ubuntu 6.06 LTS:
- libarchive-tar-perl 1.26-2ubuntu0.1
- libperl5.8 5.8.7-10ubuntu1.2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.