漏洞信息详情
Perl Unicode "Q...E"正则表达式缓冲区错误漏洞
- CNNVD编号:CNNVD-200804-350
- 危害等级: 中危
- CVE编号: CVE-2008-1927
- 漏洞类型: 资源管理错误
- 发布时间: 2008-04-24
- 威胁类型: 远程
- 更新时间: 2009-02-20
- 厂 商: perl
- 漏洞来源: Don Armstrong
漏洞简介
Perl是一种免费且功能强大的编程语言。
Perl在处理畸形的正则表达式时存在漏洞,如果用户所提供的正则表达式字符包含在\"\Q...\E\"结构所保护的变量中的话,则Perl解释器在编译正则表达式时可能会出现缓冲区溢出,导致拒绝服务的情况。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu libarchive-tar-perl_1.31-1ubuntu0.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/liba/libarchive-tar-perl/l ibarchive-tar-perl_1.31-1ubuntu0.1_all.deb
Ubuntu libcgi-fast-perl_5.8.8-7ubuntu3.4_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-per l_5.8.8-7ubuntu3.4_all.deb
Ubuntu libperl-dev_5.8.8-7ubuntu3.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl-dev_5.8.8-7 ubuntu3.4_powerpc.deb
Ubuntu libperl5.8_5.8.8-7ubuntu3.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/libperl5.8_5.8.8-7u buntu3.4_powerpc.deb
Ubuntu perl-base_5.8.8-7ubuntu3.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-base_5.8.8-7ub untu3.4_powerpc.deb
Ubuntu perl-debug_5.8.8-7ubuntu3.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-debug_5.8.8-7u buntu3.4_powerpc.deb
Ubuntu perl-doc_5.8.8-7ubuntu3.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-7ubu ntu3.4_all.deb
Ubuntu perl-modules_5.8.8-7ubuntu3.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8- 7ubuntu3.4_all.deb
Ubuntu perl-suid_5.8.8-7ubuntu3.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-suid_5.8.8-7ub untu3.4_powerpc.deb
Ubuntu perl_5.8.8-7ubuntu3.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl_5.8.8-7ubuntu3 .4_powerpc.deb
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu libarchive-tar-perl_1.36-1ubuntu0.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/liba/libarchive-tar-perl/l ibarchive-tar-perl_1.36-1ubuntu0.1_all.deb
Ubuntu libcgi-fast-perl_5.8.8-12ubuntu0.3_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-per l_5.8.8-12ubuntu0.3_all.deb
Ubuntu libcgi-fast-perl_5.8.8-12ubuntu0.4_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/p/perl/libcgi-fast-per l_5.8.8-12ubuntu0.4_all.deb
Ubuntu libperl-dev_5.8.8-12ubuntu0.3_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.8.8-12ubuntu0.3 _lpia.deb
Ubuntu libperl-dev_5.8.8-12ubuntu0.4_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/libperl-dev_5.8.8-12ubuntu0.4 _lpia.deb
Ubuntu libperl5.8_5.8.8-12ubuntu0.3_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/libperl5.8_5.8.8-12ubuntu0.3_ lpia.deb
Ubuntu libperl5.8_5.8.8-12ubuntu0.4_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/libperl5.8_5.8.8-12ubuntu0.4_ lpia.deb
Ubuntu perl-base_5.8.8-12ubuntu0.3_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.8.8-12ubuntu0.3_l pia.deb
Ubuntu perl-base_5.8.8-12ubuntu0.4_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/perl-base_5.8.8-12ubuntu0.4_l pia.deb
Ubuntu perl-debug_5.8.8-12ubuntu0.3_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.8.8-12ubuntu0.3_ lpia.deb
Ubuntu perl-debug_5.8.8-12ubuntu0.4_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/perl-debug_5.8.8-12ubuntu0.4_ lpia.deb
Ubuntu perl-doc_5.8.8-12ubuntu0.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-12ub untu0.3_all.deb
Ubuntu perl-doc_5.8.8-12ubuntu0.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-doc_5.8.8-12ub untu0.4_all.deb
Ubuntu perl-modules_5.8.8-12ubuntu0.3_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8- 12ubuntu0.3_all.deb
Ubuntu perl-modules_5.8.8-12ubuntu0.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/p/perl/perl-modules_5.8.8- 12ubuntu0.4_all.deb
Ubuntu perl-suid_5.8.8-12ubuntu0.3_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.8.8-12ubuntu0.3_l pia.deb
Ubuntu perl-suid_5.8.8-12ubuntu0.4_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/perl-suid_5.8.8-12ubuntu0.4_l pia.deb
Ubuntu perl_5.8.8-12ubuntu0.3_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/perl_5.8.8-12ubuntu0.3_lpia.d eb
Ubuntu perl_5.8.8-12ubuntu0.4_lpia.deb
http://ports.ubuntu.com/pool/main/p/perl/perl_5.8.8-12ubuntu0.4_lpia.d eb
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu libarchive-tar-perl_1.26-2ubuntu0.
参考网址
来源: www.vmware.com
链接:http://www.vmware.com/security/advisories/VMSA-2008-0013.HTML
来源: UBUNTU
名称: USN-700-2
链接:http://www.ubuntu.com/usn/usn-700-2
来源: UBUNTU
名称: USN-700-1
链接:http://www.ubuntu.com/usn/usn-700-1
来源: SECTRACK
名称: 1020253
链接:http://www.securitytracker.com/id?1020253
来源: BUGTRAQ
名称: 20090120 rPSA-2009-0011-1 perl
链接:http://www.securityfocus.com/archive/1/archive/1/500210/100/0/threaded
来源: REDHAT
名称: RHSA-2008:0532
链接:http://www.redhat.com/support/errata/RHSA-2008-0532.HTML
来源: REDHAT
名称: RHSA-2008:0522
链接:http://www.redhat.com/support/errata/RHSA-2008-0522.HTML
来源: MANDRIVA
名称: MDVSA-2008:100
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:100
来源: www.ipcop.org
链接:http://www.ipcop.org/index.php?name=News&file=article&sid=41
来源: VUPEN
名称: ADV-2009-0422
链接:http://www.frsirt.com/english/advisories/2009/0422
来源: VUPEN
名称: ADV-2008-2424
链接:http://www.frsirt.com/english/advisories/2008/2424
来源: VUPEN
名称: ADV-2008-2361
链接:http://www.frsirt.com/english/advisories/2008/2361
来源: VUPEN
名称: ADV-2008-2265
链接:http://www.frsirt.com/english/advisories/2008/2265/references
来源: wiki.rpath.com
链接:http://wiki.rpath.com/Advisories:rPSA-2009-0011
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm
来源: support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3438
来源: SECUNIA
名称: 33937
链接:http://secunia.com/advisories/33937
来源: SECUNIA
名称: 33314
链接:http://secunia.com/advisories/33314
来源: SECUNIA
名称: 31687
链接:http://secunia.com/advisories/31687
来源: SECUNIA
名称: 31604
链接:http://secunia.com/advisories/31604
来源: SECUNIA
名称: 31467
链接:http://secunia.com/advisories/31467
来源: SECUNIA
名称: 31328
链接:http://secunia.com/advisories/31328
来源: SECUNIA
名称: 31208
链接:http://secunia.com/advisories/31208
来源: SECUNIA
名称: 30624
链接:http://secunia.com/advisories/30624
来源: MISC
链接:http://rt.perl.org/rt3/Public/Bug/Display.HTML?id=48156
来源: OSVDB
名称: 44588
链接:http://osvdb.org/44588
来源: SUSE
名称: SUSE-SR:2008:017
链接:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.HTML
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2009-02-12
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Feb/msg00000.HTML
来源: bugs.debian.org
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792
来源: FEDORA
名称: FEDORA-2008-3399
链接:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.HTML
来源: FEDORA
名称: FEDORA-2008-3392
链接:https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.HTML
来源: XF
名称: perl-utf8-dos(41996)
链接:http://xforce.iss.net/xforce/xfdb/41996
来源: BID
名称: 28928
链接:http://www.securityfocus.com/bid/28928
来源: GENTOO
名称: GLSA-200805-17
链接:http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml
来源: DEBIAN
名称: DSA-1556
链接:http://www.debian.org/security/2008/dsa-1556
来源: SECUNIA
名称: 30326
链接:http://secunia.com/advisories/30326
来源: SECUNIA
名称: 30025
链接:http://secunia.com/advisories/30025
来源: SECUNIA
名称: 29948
链接:http://secunia.com/advisories/29948
受影响实体
- Perl Perl:5.8.8
补丁
暂无
评论