USN-44-1: perl information leak
21 December 2004
perl information leak
Releases
Details
A race condition and possible information leak has been discovered in
Perl's File::Path::rmtree(). This function changes the permission of
files and directories before removing them to avoid problems with
wrong permissions. However, they were made readable and writable not
only for the owner, but for the entire world, which opened a race
condition and a possible information leak (if the actual removal of a
file/directory failed for some reason).
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 4.10
-
perl-modules
-
In general, a standard system update will make all the necessary changes.