tinysofa		 imagine a world full of tiny sofas...
Home
About
Communicate
Documentation
Support
Development
Download

Errata

tinysofa enterprise server 1.0

May 3rd, 2004 (#2004-002)

- --------------------------------------------------------------------------
tinysofa Security Advisory #2004-002

Package name:      perl
Summary:           Major security hole
Advisory ID:       TSSA-2004-002
Date:              2004-05-03
Affected versions: tinysofa enterprise server 1.0

- --------------------------------------------------------------------------
Package description:

  perl:
  Perl is a high-level programming language with roots in C, sed, awk
  and shell scripting.


Problem description:

  perl:
  Due to changes in the perl installation process, starting from version
  5.8.4, the suidperl binary is a hard link to the perl5.8.4 binary, instead
  of the sperl5.8.4 binary. As a result of this change, and due to the
  package specifying that suidperl is a setuid binary, the perl5.8.4 binary
  was also setuid. This is a critical security hole that allows local users
  to access the system as root. This update fixes Bug #4:
  <URI:http://www.tinysofa.org/bugs/show_bug.cgi?id=4>


Action:
  We recommend that all systems with these packages installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All tinysofa updates are available from
  <URI:http://http.tinysofa.org/pub/tinysofa/updates/>
  <URI:ftp://ftp.tinysofa.org/pub/tinysofa/updates/>


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.tinysofa.org/support/>

Verification:
  This advisory is signed with the tinysofa security sign key.
  This key is available from:
  <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xAEDCBB4B>

  All tinysofa packages are signed with the tinysofa stable sign key.
  This key is available from:
  <URI:http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0F1240A2>

  The advisory is available from the tinysofa errata database at
  <URI:http://www.tinysofa.org/support/errata/>

  or directly at
  <URI:http://www.tinysofa.org/support/errata/2004/002.html>


MD5sums of the packages:
- --------------------------------------------------------------------------
76da1c41f914145475e37853cefda339  perl-5.8.4-2ts.i586.rpm
2e5b746c870a13f5cbcf7bdcf062427c  perl-devel-5.8.4-2ts.i586.rpm
749468986c3e5e39a0a06a14d34142f6  perl-doc-5.8.4-2ts.i586.rpm
- --------------------------------------------------------------------------


tinysofa Security Team

Copyright © 2004 Omar Kilani
"tinysofa" and the "sofa with 3 pillows" design are trademarks of Omar Kilani
Website designed by Emily Boyd
Trademarks are the property of their respective owners.