| |||||||||||||||||||
Mageia alert MGASA-2013-0094 (perl)
MGASA-2013-0094 Date: March 15rd, 2013 Affected releases: 2 Media: Core Description: In order to prevent an algorithmic complexity attack against its hashing mechanism, perl will sometimes recalculate keys and redistribute the contents of a hash. This mechanism has made perl robust against attacks that have been demonstrated against other systems. Research by Yves Orton has recently uncovered a flaw in the rehashing code which can result in pathological behavior. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Because using user-provided strings as hash keys is a very common operation, we urge users of perl to update their perl executable as soon as possible. Updates to address this issue have bene pushed to main-5.8, maint-5.10, maint-5.12, maint-5.14, and maint-5.16 branches today. Vendors* were informed of this problem two weeks ago and are expected to be shipping updates today (or otherwise very soon). Updated Packages: i586: perl-devel-5.14.2-8.3.mga2.i586 perl-base-5.14.2-8.3.mga2.i586 perl-5.14.2-8.3.mga2.i586 perl-doc-5.14.2-8.3.mga2.noarch x86_64: perl-base-5.14.2-8.3.mga2.x86_64 perl-devel-5.14.2-8.3.mga2.x86_64 perl-doc-5.14.2-8.3.mga2.noarch perl-5.14.2-8.3.mga2.x86_64 SRPMS: perl-5.14.2-8.3.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667 http://www.nntp.perl.org/group/perl.perl5.porters/2013/03... https://bugs.mageia.org/show_bug.cgi?id=9331 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-... (Log in to post comments)
|
|||||||||||||||||||