LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

perl: code execution

Package(s):perl CVE #(s):CVE-2012-6329
Created:January 25, 2013 Updated:February 19, 2013
Description:

From the Red Hat bugzilla entry:

A commit to the upstream perl git repository indicated that perl's Locale::Maketext was vulnerable to a flaw that could lead to arbitrary code execution of this function was executed on user-supplied input. Quoting the commit message:

Case 61251: This commit fixes a misparse of maketext strings that could lead to arbitrary code execution. Basically, maketext was compiling bracket notation into functions, but neglected to escape backslashes inside the content or die on fully-qualified method names when generating the code. This change escapes all such backslashes and dies when a method name with a colon or apostrophe is specified.

Alerts:
Fedora FEDORA-2013-0633 2013-01-24
Fedora FEDORA-2013-0659 2013-01-30
Mageia MGASA-2013-0032 2013-02-06
Fedora FEDORA-2013-1836 2013-02-19
SUSE SUSE-SU-2013:0441-1 2013-03-13
SUSE SUSE-SU-2013:0442-1 2013-03-13
openSUSE openSUSE-SU-2013:0497-1 2013-03-20
openSUSE openSUSE-SU-2013:0502-1 2013-03-20
Red Hat RHSA-2013:0685-01 2013-03-26
CentOS CESA-2013:0685 2013-03-26
CentOS CESA-2013:0685 2013-03-26
Oracle ELSA-2013-0685 2013-03-26
Oracle ELSA-2013-0685 2013-03-27
Scientific Linux SL-perl-20130327 2013-03-27
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds