Re: Flaw reported in DBI::ProxyServer - is it something we knew about?
- From: Tim.Bunce@xxxxxxxxx (Tim Bunce)
- Date: Thu, 2 Mar 2006 22:44:11 +0000
Isn't that the same as this?:
Changes in DBI 1.47 (svn rev 854), 2nd February 2005
Fixed DBI::ProxyServer to not create pid files by default.
References: Ubuntu Security Notice USN-70-1, CAN-2005-0077
Thanks to Javier Fernández-Sanguino Peña from the
Debian Security Audit Project, and Jonathan Leffler.
Tim.
On Thu, Mar 02, 2006 at 10:14:16AM -0800, Jonathan Leffler wrote:
----- Message from Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> on Wed,.
01 Mar 2006 20:22:16 -0500 -----
To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] [FLSA-2006:178989] Updated perl-DBI package
fixes security issue
---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated perl-DBI package fixes security issue
Advisory ID: FLSA:178989
Issue date: 2006-03-01
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-0077
---------------------------------------------------------------------
---------------------------------------------------------------------
1. Topic:
An updated perl-DBI package that fixes a temporary file flaw in
DBI::ProxyServer is now available.
DBI is a database access Application Programming Interface (API) for
the Perl programming language.
2. Relevant releases/architectures:
Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
3. Problem description:
The Debian Security Audit Project discovered that the DBI library
creates a temporary PID file in an insecure manner. A local user could
overwrite or create files as a different user who happens to run an
application which uses DBI::ProxyServer. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-0077 to
this issue.
Users should update to this erratum package which disables the temporary
PID file unless configured.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, [...]
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178989
[...]
--
Jonathan Leffler <jonathan.leffler@xxxxxxxxx> #include <disclaimer.h>
Guardian of DBD::Informix - v2005.02 - http://dbi.perl.org
"I don't suffer from insanity - I enjoy every minute of it."
- Follow-Ups:
- Re: Flaw reported in DBI::ProxyServer - is it something we knew about?
- From: Jonathan Leffler
- Re: Flaw reported in DBI::ProxyServer - is it something we knew about?
- References:
- Flaw reported in DBI::ProxyServer - is it something we knew about?
- From: Jonathan Leffler
- Flaw reported in DBI::ProxyServer - is it something we knew about?
- Prev by Date: RE: inserting XML Document into Oracle database using a stored procedure
- Next by Date: Re: inserting XML Document into Oracle database using a stored procedure
- Previous by thread: Flaw reported in DBI::ProxyServer - is it something we knew about?
- Next by thread: Re: Flaw reported in DBI::ProxyServer - is it something we knew about?
- Index(es):
