Pardus alert 2010-88 (perl)

From:
    	       Eren Turkay <eren@pardus.org.tr> 
To:
    	       pardus-security@pardus.org.tr 
Subject:
    	       [Pardus-security] [PLSA 2010-88] perl: Multiple Vulnerabilities 
Date:
    	       Thu, 24 Jun 2010 15:02:36 +0300 (EEST)
Message-ID:
    	       <20100624120236.4CCD8A7ABCD@lider.pardus.org.tr>

------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-88            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-06-24
  Severity: 3
      Type: Local
------------------------------------------------------------------------

Summary
=======

Multiple vulnerabilities in Safe.pm module in perl have been fixed. 

Description
===========

CVE-2010-1168: 

The  Safe (aka  Safe.pm)  module   before   2.25   for   Perl   allows  
context-dependent attackers to bypass intended (1) Safe::reval and  (2) 
Safe::rdo access restrictions, and inject and execute  arbitrary  code, 
via vectors involving implicitly called methods and implicitly  blessed 
objects, as demonstrated by the (a) DESTROY and (b)  AUTOLOAD  methods, 
related to "automagic methods." 

Affected packages:

  Pardus 2009:
    perl, all before 5.10.1-29-11

Resolution
==========

There are update(s) for perl. You can update them via Package Manager or
with a single command from console: 

    pisi up perl

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=13080

------------------------------------------------------------------------

_______________________________________________
Pardus-security mailing list
Pardus-security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security

From:		Eren Turkay <eren@pardus.org.tr>
To:		pardus-security@pardus.org.tr
Subject:		[Pardus-security] [PLSA 2010-88] perl: Multiple Vulnerabilities
Date:		Thu, 24 Jun 2010 15:02:36 +0300 (EEST)
Message-ID:		<20100624120236.4CCD8A7ABCD@lider.pardus.org.tr>