Disponibili per il download i primi aggiornamenti di Perl che riguardano la sicurezza per Ubuntu 11.04 Natty Narwhal.

Creato il 07 maggio 2011 da Nelregnodiubuntu
Disponibili per il download i primi aggiornamenti che riguardano la sicurezza per Ubuntu 11.04 Natty Narwhal.
Como sappiamo da Ubuntu 9.04 Jaunty Jackalope in poi questi aggiornamenti con buon criterio sono rilasciati con una cadenza settimanale da Canonical.
Specificamente gli aggiornamenti riguardano le librerie Perl, il server VNC per Gnome e la utility di masterizzazione installata di default.
In dettaglio:
Shared Perl Library:
Cambiamenti per le versioni:
5.10.1-17ubuntu4
5.10.1-17ubuntu4.1
Versione 5.10.1-17ubuntu4.1:
  * SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
   - debian/patches/fixes/CVE-2010-1447.diff: update Safe.pm to version
   2.29 to fix multiple issues.
   - debian/patches/series: disable superseded fixes/safe-upgrade.diff.
   - CVE-2010-1447
  * SECURITY UPDATE: taint protection bypass via missing taint attributes
   - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
   of pp_* functions.
   - CVE-2011-1487
This package is required by programs which embed a Perl interpreter to ensure that the correct version of `perl-base' is installed.
It additionally contains the shared Perl library on architectures where the perl binary is linked to libperl.a (currently only i386, for performance reasons).
In other cases the actual library is in the `perl-base' package.
Larry Wall's Practical Extraction and Report Language.
Cambiamenti per le versioni:
5.10.1-17ubuntu4
5.10.1-17ubuntu4.1
Versione 5.10.1-17ubuntu4.1:
  * SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
   - debian/patches/fixes/CVE-2010-1447.diff: update Safe.pm to version
   2.29 to fix multiple issues.
   - debian/patches/series: disable superseded fixes/safe-upgrade.diff.
   - CVE-2010-1447
  * SECURITY UPDATE: taint protection bypass via missing taint attributes
   - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
   of pp_* functions.
   - CVE-2011-1487
An interpreted scripting language, known among some as "Unix's Swiss Army Chainsaw".
Perl is optimised for scanning arbitrary text files and system administration.
It has built-in extended regular expression matching and replacement, a data-flow mechanism to improve security with setuid scripts and is extensible via modules that can interface to C libraries.
Minimal Perl System.
Cambiamenti per le versioni:
5.10.1-17ubuntu4
5.10.1-17ubuntu4.1
Versione 5.10.1-17ubuntu4.1:
  * SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
   - debian/patches/fixes/CVE-2010-1447.diff: update Safe.pm to version
   2.29 to fix multiple issues.
   - debian/patches/series: disable supersed
Perl is a scripting language used in many system scripts and utilities.
This package provides a Perl interpreter and the small subset of the standard run-time library required to perform basic tasks. For a full Perl installation, install "perl" (and its dependencies, "perl-modules" and "perl-doc").

Core Perl Modules.

Cambiamenti per le versioni:
5.10.1-17ubuntu4
5.10.1-17ubuntu4.1
Versione 5.10.1-17ubuntu4.1:
  * SECURITY UPDATE: multiple intended restriction bypasses in Safe.pm
   - debian/patches/fixes/CVE-2010-1447.diff: update Safe.pm to version
   2.29 to fix multiple issues.
   - debian/patches/series: disable superseded fixes/safe-upgrade.diff.
   - CVE-2010-1447
  * SECURITY UPDATE: taint protection bypass via missing taint attributes
   - debian/patches/fixes/CVE-2011-1487.diff: put taint logic at the end
   of pp_* functions.
   - CVE-2011-1487
Architecture independent Perl modules.
These modules are part of Perl and required if the `perl' package is installed.
Note that this package only exists to save archive space and should be considered an internal implementation detail of the `perl' package. Other packages should not depend on `perl-modules' directly, they should use `perl' (which depends on `perl-modules') instead.

Create a startup disk using a Cd or disk image (common files).

Cambiamenti per le versioni:
0.2.28
0.2.28.3
Versione 0.2.28.3:
  [ Marc Deslauriers ]
  * SECURITY UPDATE: unprivileged disk operations (LP: #771553)
   - CVE-2011-1828
  * setup.cfg: Specify policykit policy file as xml_file so it gets
   translated properly instead of being malformed.
  [ Evan Dandrea
Startup Disk Creator converts a USB key or SD card into a volume from which you can start up and run Ubuntu. You can also store files and settings in any space left over.
The program also works for Debian, or any other Debian-based OS for which you have a CD or .iso image.
This package contains backend engine and common data files used by frontends.
Create a startup disk using a Cd or disk image (for Gnome).
Cambiamenti per le versioni:
0.2.28
0.2.28.3
Versione 0.2.28.3:
  [ Marc Deslauriers ]
  * SECURITY UPDATE: unprivileged disk operations (LP: #771553)
   - CVE-2011-1828
  * setup.cfg: Specify policykit policy file as xml_file so it gets
   translated properly instead of being malformed.
  [ Evan Dandrea ]
  * Guard UnmountFile with PolicyKit (LP: #771553).
Startup Disk Creator converts a USB key or SD card into a volume from which you can start up and run Ubuntu. You can also store files and settings in any space left over.
The program also works for Debian, or any other Debian-based OS for which you have a CD or .iso image.
This package contains the GTK+ client frontend.
VNC server for Gnome.
Cambiamenti per le versioni:
2.32.1-0ubuntu2
2.32.1-0ubuntu2.1
Versione 2.32.1-0ubuntu2.1:
  * SECURITY UPDATE: denial of service or possible code execution via
   crafted framebuffer update request
   - debian/patches/13_CVE-2011-090x.patch: validate update rectangle in
   server/libvncserver/rfbserver.c.
   - CVE-2011-0904
   - CVE-2011-0905
VNC is a protocol that allows remote display of a user's desktop. This package provides a VNC server that integrates with GNOME, allowing you to export your running desktop to another computer for remote use or diagnosis.

Se ti è piaciuto l'articolo, iscriviti al feed per tenerti sempre aggiornato sui nuovi contenuti del blog:


Potrebbero interessarti anche :

Possono interessarti anche questi articoli :