| |||||||||||||||||||
Pardus alert 2011-72 (perl)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-72 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-05-02 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnarability has been fixed in perl, which might allow context-dependent attackers to bypass the taint protection mechanism. Description =========== CVE-2011-1487: The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. Affected packages: Pardus 2009: perl, all before 5.10.1-31-13 Resolution ========== There are update(s) for perl. You can update them via Package Manager or with a single command from console: pisi up perl References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17819 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||