问题是由于在执行多个数据传递给perl复制操作时缺少正确的边界缓冲区检查,会导致发生基于整数的溢出,精心构建提交数据可能以调用应用程序进程在系统上执行任意指令。ActivePerl 5.8.4 build 810 for Windows官方下载:
Zip格式MSI格式ActivePerl 5.8.4 build 810 for Linux官方下载:
tar.gz格式DEB格式RPM格式ActivePerl 5.8.4 build 810 for Solaris官方下载:
AS package格式pkgadd格式PS:修正了多个Perl复制操作缺少正确边界检查 整数溢出漏洞
受影响系统:
Activestate ActivePerl 5.8.3
Activestate ActivePerl 5.8.1
Activestate ActivePerl 5.8
Activestate ActivePerl 5.7.3
Activestate ActivePerl 5.7.2
Activestate ActivePerl 5.7.1
Activestate ActivePerl 5.6.3
Activestate ActivePerl 5.6.2
Activestate ActivePerl 5.6.1.630
Activestate ActivePerl 5.6.1
Larry Wall Perl 5.8.3
Larry Wall Perl 5.8.1
Larry Wall Perl 5.8
Larry Wall Perl 5.6
Larry Wall Perl 5.005
Larry Wall Perl 5.004_05
Larry Wall Perl 5.004
Larry Wall Perl 5.003
Larry Wall Perl 5.6.1
- Debian Linux 3.0
- Mandrake Linux 8.2
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- RedHat Linux 7.3
- RedHat Linux 7.2
- RedHat Linux 7.1
感谢网友报道