Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201410-02 ] Perl, Perl Locale-Maketext module: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663

PostPosted: Sun Oct 12, 2014 9:26 am    Post subject: [ GLSA 201410-02 ] Perl, Perl Locale-Maketext module: Multip Reply with quote

Gentoo Linux Security Advisory

Title: Perl, Perl Locale-Maketext module: Multiple vulnerabilities (GLSA 201410-02)
Severity: normal
Exploitable: remote
Date: October 12, 2014
Updated: December 29, 2014
Bug(s): #446376
ID: 201410-02

Synopsis

Multiple vulnerabilities have been found in the Perl
Locale-Maketext module, allowing remote attackers to inject and execute
arbitrary Perl code.


Background

Locale-Maketext - Perl framework for localization

Affected Packages

Package: perl-core/Locale-Maketext
Vulnerable: < 1.230.0
Unaffected: >= 1.230.0
Architectures: All supported architectures

Package: dev-lang/perl
Vulnerable: < 5.17.7
Unaffected: >= 5.17.7
Architectures: All supported architectures


Description

Two vulnerabilities have been reported in the Locale-Maketext module for
Perl, which can be exploited by malicious users to compromise an
application using the module.
The vulnerabilities are caused due to the “_compile()” function not
properly sanitising input, which can be exploited to inject and execute
arbitrary Perl code.


Impact

A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.


Workaround

There is no known workaround at this time.

Resolution

All users of the Locale-Maketext module should upgrade to the latest
version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose
      ">=perl-core/Locale-Maketext-1.230.0"
   


References

CVE-2012-6329


Last edited by GLSA on Tue Dec 30, 2014 4:33 am; edited 1 time in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum