| From: |
| Mageia Updates <buildsystem-daemon@mageia.org> |
| To: |
| updates-announce@ml.mageia.org |
| Subject: |
| [updates-announce] MGASA-2013-0094: perl-5.14.2-8.3.mga2 (2/core) |
| Date: |
| Sat, 16 Mar 2013 02:47:34 +0100 |
| Message-ID: |
| <20130316014734.GA12782@valstar.mageia.org> |
| Archive-link: |
| Article, Thread
|
MGASA-2013-0094
Date: March 15rd, 2013
Affected releases: 2
Media: Core
Description:
In order to prevent an algorithmic complexity attack against its hashing
mechanism, perl will sometimes recalculate keys and redistribute the
contents of a hash. This mechanism has made perl robust against attacks
that have been demonstrated against other systems.
Research by Yves Orton has recently uncovered a flaw in the rehashing
code which can result in pathological behavior. This flaw could be
exploited to carry out a denial of service attack against code that
uses arbitrary user input as hash keys.
Because using user-provided strings as hash keys is a very common
operation, we urge users of perl to update their perl executable
as soon as possible. Updates to address this issue have bene pushed
to main-5.8, maint-5.10, maint-5.12, maint-5.14, and maint-5.16
branches today. Vendors* were informed of this problem two weeks
ago and are expected to be shipping updates today (or otherwise very
soon).
Updated Packages:
i586:
perl-devel-5.14.2-8.3.mga2.i586
perl-base-5.14.2-8.3.mga2.i586
perl-5.14.2-8.3.mga2.i586
perl-doc-5.14.2-8.3.mga2.noarch
x86_64:
perl-base-5.14.2-8.3.mga2.x86_64
perl-devel-5.14.2-8.3.mga2.x86_64
perl-doc-5.14.2-8.3.mga2.noarch
perl-5.14.2-8.3.mga2.x86_64
SRPMS:
perl-5.14.2-8.3.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
http://www.nntp.perl.org/group/perl.perl5.porters/2013/03...
https://bugs.mageia.org/show_bug.cgi?id=9331
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(
Log in to post comments)