USN-70-1: Perl DBI module vulnerability
26 January 2005
Perl DBI module vulnerability
Javier Fernández-Sanguino Peña from the Debian Security Audit Project
discovered that the module DBI::ProxyServer in Perl's DBI library
created a PID file in an insecure manner. This could allow a symbolic
link attack to create or overwrite arbitrary files with the privileges
of the user invoking a program using this module (like 'dbiproxy').
Now the module does not create a such a PID file by default.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.