Mageia alert MGASA-2013-0032 (perl-Locale-Maketext) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2013-0032: perl-5.14.2-8.1.mga2,
 perl-Locale-Maketext-1.220.0-2.mga2 (2/core) 
Date:
    	       Wed, 6 Feb 2013 23:13:03 +0100
Message-ID:
    	       <20130206221303.GA16764@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2013-0032
Date: 	February 6th, 2013
Affected releases: 	2
Media: 	Core


Description:
The _compile function in Maketext.pm in the Locale::Maketext implementation
in Perl before 5.17.7 does not properly handle backslashes and fully
qualified method names during compilation of bracket notation, which
allows context-dependent attackers to execute arbitrary commands via crafted
input to an application that accepts translation strings from users
(CVE-2012-6329).


Updated Packages:
i586:
perl-5.14.2-8.1.mga2.i586.rpm
perl-base-5.14.2-8.1.mga2.i586.rpm
perl-devel-5.14.2-8.1.mga2.i586.rpm
perl-doc-5.14.2-8.1.mga2.noarch.rpm
perl-debug-5.14.2-8.1.mga2.i586.rpm
perl-Locale-Maketext-1.220.0-2.mga2.noarch.rpm

x86_64:
perl-5.14.2-8.1.mga2.x86_64.rpm
perl-base-5.14.2-8.1.mga2.x86_64.rpm
perl-devel-5.14.2-8.1.mga2.x86_64.rpm
perl-doc-5.14.2-8.1.mga2.noarch.rpm
perl-debug-5.14.2-8.1.mga2.x86_64.rpm
perl-Locale-Maketext-1.220.0-2.mga2.noarch.rpm

SRPMS:
perl-5.14.2-8.1.mga2.src.rpm
perl-Locale-Maketext-1.220.0-2.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
http://lists.fedoraproject.org/pipermail/package-announce...
https://bugs.mageia.org/show_bug.cgi?id=8815
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)