Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201401-11 ] Perl, Locale Maketext Perl module: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1681

PostPosted: Mon Jan 20, 2014 3:57 am    Post subject: [ GLSA 201401-11 ] Perl, Locale Maketext Perl module: Multip Reply with quote

Gentoo Linux Security Advisory

Title: Perl, Locale Maketext Perl module: Multiple vulnerabilities (GLSA 201401-11)
Severity: normal
Exploitable: local, remote
Date: January 19, 2014
Bug(s): #384887, #448632, #460444, #483448
ID: 201401-11

Synopsis

Multiple vulnerabilities have been found in Perl and
Locale::Maketext Perl module, the worst of which could allow a
context-dependent attacker to execute arbitrary code.


Background

Perl is Larry Wall’s Practical Extraction and Report Language.
Locale::Maketext is a Perl module - framework for localization.


Affected Packages

Package: dev-lang/perl
Vulnerable: < 5.16.3
Unaffected: >= 5.16.3
Architectures: All supported architectures

Package: perl-core/locale-maketext
Vulnerable: < 1.230.0
Unaffected: >= 1.230.0
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in Perl and
Locale::Maketext Perl module. Please review the CVE identifiers
referenced below for details.


Impact

A context-dependent attacker could possibly execute arbitrary code with
the privileges of the process or cause a Denial of Service condition.


Workaround

There is no known workaround at this time.

Resolution

All Perl users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.16.3"
   
All Locale::Maketext users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=perl-core/locale-maketext-1.230.0"
   


References

CVE-2011-2728
CVE-2011-2939
CVE-2012-5195

CVE-2013-1667
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum