LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

perl: multiple vulnerabilities

Package(s):perl CVE #(s):CVE-2011-3597 CVE-2011-2939
Created:November 3, 2011 Updated:January 18, 2012
Description:

From the Red Hat bugzilla entries [1, 2]:

CVE-2011-3597: A flaw was reported in perl Digest module's "Digest->new()" function, which did not properly sanitize input before using it in an eval() call, which could possibly be exploited to inject and execute arbitrary perl code.

CVE-2011-2939: Perl bundles 'Encode' module that contains 'Unicode.xs' file where a heap overflow bug has been fixed recently.

Alerts:
Oracle ELSA-2011-1797 2011-12-08
Oracle ELSA-2011-1797 2011-12-08
Scientific Linux SL-perl-20111208 2011-12-08
CentOS CESA-2011:1797 2011-12-09
CentOS CESA-2011:1797 2011-12-09
Red Hat RHSA-2011:1797-01 2011-12-08
openSUSE openSUSE-SU-2011:1278-1 2011-11-24
Oracle ELSA-2011-1424 2011-11-03
Scientific Linux SL-perl-20111103 2011-11-03
Red Hat RHSA-2011:1424-01 2011-11-03
Fedora FEDORA-2011-13874 2011-10-05
Mandriva MDVSA-2012:008 2012-01-18
Mandriva MDVSA-2012:009 2012-01-18
Ubuntu USN-1643-1 2012-11-29
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds