Disponibili per il download i primi aggiornamenti di Perl cheriguardano la sicurezza per Ubuntu 11.04 Natty Narwhal.

Stampa / Print
Disponibili per il download i primi aggiornamenti che riguardano la sicurezza per Ubuntu 11.04 Natty Narwhal.

Como sappiamo da Ubuntu 9.04 Jaunty Jackalope in poi questi aggiornamenti con buon criterio sono rilasciati con una cadenza settimanale da Canonical.

Specificamente gli aggiornamenti riguardano le librerie Perl, il server VNC per Gnome e la utility di masterizzazione installata di default.

In dettaglio:
Shared Perl Library:

Cambiamenti per le versioni:
5.10.1-17ubuntu4
5.10.1-17ubuntu4.1

Versione 5.10.1-17ubuntu4.1:

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
– debian/patches/fixes/CVE-2010-1447.diff: update Safe.pm to version
2.29 to fix multiple issues.
– debian/patches/series: disable superseded fixes/safe-upgrade.diff.
– CVE-2010-1447
* SECURITY UPDATE: taint protection bypass via missing taint attributes
– debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
of pp_* functions.
– CVE-2011-1487

This package is required by programs which embed a Perl interpreter to ensure that the correct version of `perl-base’ is installed.
It additionally contains the shared Perl library on architectures where the perl binary is linked to libperl.a (currently only i386, for performance reasons).

In other cases the actual library is in the `perl-base’ package.

Larry Wall’s Practical Extraction and Report Language.

Cambiamenti per le versioni:
5.10.1-17ubuntu4
5.10.1-17ubuntu4.1

Versione 5.10.1-17ubuntu4.1:

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
– debian/patches/fixes/CVE-2010-1447.diff: update Safe.pm to version
2.29 to fix multiple issues.
– debian/patches/series: disable superseded fixes/safe-upgrade.diff.
– CVE-2010-1447
* SECURITY UPDATE: taint protection bypass via missing taint attributes
– debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
of pp_* functions.
– CVE-2011-1487

An interpreted scripting language, known among some as “Unix’s Swiss Army Chainsaw”.
Perl is optimised for scanning arbitrary text files and system administration.
It has built-in extended regular expression matching and replacement, a data-flow mechanism to improve security with setuid scripts and is extensible via modules that can interface to C libraries.

Minimal Perl System.

Cambiamenti per le versioni:
5.10.1-17ubuntu4
5.10.1-17ubuntu4.1

Versione 5.10.1-17ubuntu4.1:

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
– debian/patches/fixes/CVE-2010-1447.diff: update Safe.pm to version
2.29 to fix multiple issues.
– debian/patches/series: disable supersed

Perl is a scripting language used in many system scripts and utilities.
This package provides a Perl interpreter and the small subset of the standard run-time library required to perform basic tasks. For a full Perl installation, install “perl” (and its dependencies, “perl-modules” and “perl-doc”).

Core Perl Modules.

Cambiamenti per le versioni:
5.10.1-17ubuntu4
5.10.1-17ubuntu4.1

Versione 5.10.1-17ubuntu4.1:

* SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
– debian/patches/fixes/CVE-2010-1447.diff: update Safe.pm to version
2.29 to fix multiple issues.
– debian/patches/series: disable superseded fixes/safe-upgrade.diff.
– CVE-2010-1447
* SECURITY UPDATE: taint protection bypass via missing taint attributes
– debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
of pp_* functions.
– CVE-2011-1487

Architecture independent Perl modules.
These modules are part of Perl and required if the `perl’ package is installed.
Note that this package only exists to save archive space and should be considered an internal implementation detail of the `perl’ package. Other packages should not depend on `perl-modules’ directly, they should use `perl’ (which depends on `perl-modules’) instead.

Create a startup disk using a Cd or disk image (common files).

Cambiamenti per le versioni:
0.2.28
0.2.28.3

Versione 0.2.28.3:

[ Marc Deslauriers ]
* SECURITY UPDATE: unprivileged disk operations (LP: #771553)
– CVE-2011-1828
* setup.cfg: Specify policykit policy file as xml_file so it gets
translated properly instead of being malformed.

[ Evan Dandrea

Startup Disk Creator converts a USB key or SD card into a volume from which you can start up and run Ubuntu. You can also store files and settings in any space left over.
The program also works for Debian, or any other Debian-based OS for which you have a CD or .iso image.
This package contains backend engine and common data files used by frontends.

Create a startup disk using a Cd or disk image (for Gnome).

Cambiamenti per le versioni:
0.2.28
0.2.28.3

Versione 0.2.28.3:

[ Marc Deslauriers ]
* SECURITY UPDATE: unprivileged disk operations (LP: #771553)
– CVE-2011-1828
* setup.cfg: Specify policykit policy file as xml_file so it gets
translated properly instead of being malformed.

[ Evan Dandrea ]
* Guard UnmountFile with PolicyKit (LP: #771553).

Startup Disk Creator converts a USB key or SD card into a volume from which you can start up and run Ubuntu. You can also store files and settings in any space left over.
The program also works for Debian, or any other Debian-based OS for which you have a CD or .iso image.
This package contains the GTK+ client frontend.

VNC server for Gnome.

Cambiamenti per le versioni:
2.32.1-0ubuntu2
2.32.1-0ubuntu2.1

Versione 2.32.1-0ubuntu2.1:

* SECURITY UPDATE: denial of service or possible code execution via
crafted framebuffer update request
– debian/patches/13_CVE-2011-090x.patch: validate update rectangle in
server/libvncserver/rfbserver.c.
– CVE-2011-0904
– CVE-2011-0905

VNC is a protocol that allows remote display of a user’s desktop. This package provides a VNC server that integrates with GNOME, allowing you to export your running desktop to another computer for remote use or diagnosis.


Se ti è piaciuto l’articolo, iscriviti al feed per tenerti sempre aggiornato sui nuovi contenuti del blog:

Fonte

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *