GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Jan 29, 2014 8:26 am Post subject: [ GLSA 201401-33 ] Perl Digest-Base module: Arbitrary code e |
 |
|
Gentoo Linux Security Advisory
Title: Perl Digest-Base module: Arbitrary code execution (GLSA 201401-33)
Severity: high
Exploitable: remote
Date: January 29, 2014
Bug(s): #385487
ID: 201401-33
Synopsis
A vulnerability has been found in the Digest-Base Perl module,
allowing remote attackers to execute arbitrary code.
Background
Digest-Base is a set of Perl modules that calculate message digests
Affected Packages
Package: perl-core/digest-base
Vulnerable: < 1.170.0
Unaffected: >= 1.170.0
Architectures: All supported architectures
Description
The vulnerability is caused due to the “Digest->new()” function
not properly sanitising input before using it in an “eval()” call.
Impact
The vulnerability might allow an attacker to execute arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Digest-Base module users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=perl-core/digest-base-1.170.0"
|
References
CVE-2011-3597 |
|
News & Announcements
