Pesquisar

Este conteúdo não está disponível no idioma selecionado.

4.78. perl

download PDF
Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
Perl is a high-level programming language commonly used for system administration utilities and web programming.

Security Fixes

CVE-2012-5195
A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
CVE-2013-1667
A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.
CVE-2012-5526
It was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items.
CVE-2012-6329
It was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates.
Red Hat would like to thank the Perl project for reporting CVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as the original reporter of CVE-2012-5195 and Yves Orton as the original reporter of CVE-2013-1667.
All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect.
Updated perl packages that fix several bugs are now available for Red Hat Enterprise Linux 5.
The perl packages provide the high-level programming language Perl, which is commonly used for system administration utilities and web programming.

Bug Fixes

BZ#800340
Previously, calling the POSIX::strftime() function resulted in a string longer than 64 bytes and, consequently, to a memory leak. This led to memory loss. With this update, memory allocation in the POSIX::strftime() function implementation has been changed to reallocate memory, which prevents memory loss from occurring.
BZ#848156
Previously, certain modules using Perl scripts, which use the overload() function in a specific way, were impacted by a performance regression. Consequently, users could observe slower operation of such scripts after an upgrade of the perl packages. A patch has been applied to prevent this bug.
Users of perl are advised to upgrade to these updated packages, which fix these bugs.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja oBlog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

© 2024 Red Hat, Inc.