MGASA-2021-0527 - Updated perl/perl-Encode packages fix security vulnerability

Publication date: 02 Dec 2021
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-36770, as distributed in Perl through 5.34.0, allows local users to
gain privileges via a Trojan horse Encode::ConfigLocal library (in the
current working directory) that preempts dynamic module loading.
Exploitation requires an unusual configuration, and certain 2021 versions
of (3.05 through 3.11). This issue occurs because the || operator
evaluates @INC in a scalar context, and thus @INC has only an integer value.

-[email protected]/thread/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/

- 8/core/perl-5.32.1-1.1.mga8
- 8/core/perl-Encode-3.80.0-1.1.mga8