|
|
Subscribe / Log in / New account

perl: ambiguous environment

Package(s):perl CVE #(s):CVE-2016-2381
Created:March 1, 2016 Updated:March 14, 2016
Description: From the Debian advisory:

Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint security mechanism would be applied to the value in %ENV, but not to the other rest of the environment. This could result in an ambiguous environment causing environment variables to be propagated to subprocesses, despite the protections supposedly offered by taint checking.

Alerts:
openSUSE openSUSE-SU-2016:2313-1 perl 2016-09-15
Gentoo 201701-75 perl 2017-01-30
openSUSE openSUSE-SU-2016:0881-1 perl 2016-03-24
Fedora FEDORA-2016-1fb63e3bf3 perl 2016-03-13
Arch Linux ASA-201603-9 perl 2016-03-10
Mageia MGASA-2016-0099 perl 2016-03-07
Fedora FEDORA-2016-5d4fc5ecc9 perl 2016-03-03
Ubuntu USN-2916-1 perl 2016-03-02
Debian DSA-3501-1 perl 2016-03-01
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds