-









































































Debian Security Advisory DSA 696-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
March 22nd, 2005                        http://www.debian.org/security/faq



















































































































































-









































































Package        : perl
Vulnerability  : design flaw
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-0448
Debian Bug     : 286905 286922

Paul Szabo discovered another vulnerability in the File::Path::rmtree
function of perl, the popular scripting language.  When a process is
deleting a directory tree, a different user could exploit a race
condition to create setuid binaries in this directory tree, provided
that he already had write permissions in any subdirectory of that
tree.

For the stable distribution (woody) this problem has been fixed in
version 5.6.1-8.9.

For the unstable distribution (sid) this problem has been fixed in
version 5.8.4-8.

We recommend that you upgrade your perl packages.