March 9, 2001

Update to Mandrake's ePerl

Author: JT Smith

At LWN.net: "Several potential buffer overflows in the ePerl package have been found
by Fumitoshi Ukai and Denis Barbier. When eperl is installed setuid
root, it can switch to the UID/GID of the script's owner. Although
Linux-Mandrake does not ship the program setuid root, this is a useful
feature which some users may have activated locally on their own.
There is also the potential for a remote vulnerability as well."

Category:

  • Linux
Click Here!