Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Perl
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Perl
ID: FEDORA-2013-0659
Distribution: Fedora
Plattformen: Fedora 18
Datum: Mi, 30. Januar 2013, 10:58
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
Applikationen: Perl

Originalnachricht

Name        : perl
Product : Fedora 18
Version : 5.16.2
Release : 237.fc18
URL : http://www.perl.org/
Summary : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk and shell
scripting. Perl is good at handling processes and files, and is especially
good at handling text. Perl's hallmarks are practicality and efficiency.
While it is used to do a lot of different things, Perl's most common
applications are system administration utilities and web programming. A large
proportion of the CGI scripts on the web are written in Perl. You need the
perl package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your system to
handle Perl scripts.

-------------------------------------------------------------------------------
-
Update Information:

Fix Locale::Maketext vulnerability allowing to cross-call functions from
message catalogs (CVE-2012-6329).
App::Cpan(3pm) manual page was included in two subpackages by mistake. This
release keeps the file in perl-CPAN package only.
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Jan 11 2013 Petr Pisar <ppisar@redhat.com> - 4:5.16.2-237
- Fix CVE-2012-6329 (misparsing of maketext strings) (bug #884354)
* Thu Jan 10 2013 Petr Pisar <ppisar@redhat.com> - 4:5.16.2-236
- Do not package App::Cpan(3pm) to perl-Test-Harness (bug #893768)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #884354 - CVE-2012-6329 perl: possible arbitrary code execution via
Locale::Maketext
https://bugzilla.redhat.com/show_bug.cgi?id=884354
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung