Your submission was sent successfully! Close

USN-44-1: perl information leak

21 December 2004

perl information leak



A race condition and possible information leak has been discovered in
Perl's File::Path::rmtree(). This function changes the permission of
files and directories before removing them to avoid problems with
wrong permissions. However, they were made readable and writable not
only for the owner, but for the entire world, which opened a race
condition and a possible information leak (if the actual removal of a
file/directory failed for some reason).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
  • perl-modules -

In general, a standard system update will make all the necessary changes.