Navigation
|
|
| Problem Description |
Peter Bieringer discovered a flaw in the perl Net::Server module where
the "log" function was not safe against format string exploits in
version 0.87 and earlier.
Updated packages have been patched to correct this issue.
| Updated Packages |
Corporate Server 3.0
33e4382b4ad9bf5a1894298a468895e8 corporate/3.0/RPMS/perl-Net-Server-0.85-3.1.C30mdk.noarch.rpm 9294cea422b1a149b5a13ad4f8824780 corporate/3.0/SRPMS/perl-Net-Server-0.85-3.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
891bb910d688342cf8a9fde373694b70 x86_64/corporate/3.0/RPMS/perl-Net-Server-0.85-3.1.C30mdk.noarch.rpm 9294cea422b1a149b5a13ad4f8824780 x86_64/corporate/3.0/SRPMS/perl-Net-Server-0.85-3.1.C30mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1127
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.