GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Oct 12, 2014 9:26 am Post subject: [ GLSA 201410-02 ] Perl, Perl Locale-Maketext module: Multip |
|
|
Gentoo Linux Security Advisory
Title: Perl, Perl Locale-Maketext module: Multiple vulnerabilities (GLSA 201410-02)
Severity: normal
Exploitable: remote
Date: October 12, 2014
Updated: December 29, 2014
Bug(s): #446376
ID: 201410-02
Synopsis
Multiple vulnerabilities have been found in the Perl
Locale-Maketext module, allowing remote attackers to inject and execute
arbitrary Perl code.
Background
Locale-Maketext - Perl framework for localization
Affected Packages
Package: perl-core/Locale-Maketext
Vulnerable: < 1.230.0
Unaffected: >= 1.230.0
Architectures: All supported architectures
Package: dev-lang/perl
Vulnerable: < 5.17.7
Unaffected: >= 5.17.7
Architectures: All supported architectures
Description
Two vulnerabilities have been reported in the Locale-Maketext module for
Perl, which can be exploited by malicious users to compromise an
application using the module.
The vulnerabilities are caused due to the “_compile()” function not
properly sanitising input, which can be exploited to inject and execute
arbitrary Perl code.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All users of the Locale-Maketext module should upgrade to the latest
version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=perl-core/Locale-Maketext-1.230.0"
|
References
CVE-2012-6329
Last edited by GLSA on Tue Dec 30, 2014 4:33 am; edited 1 time in total |
|