Alerts This Week
Warning Icon 1 562
Alerts This Week
Warning Icon 1 562

openSUSE 12.1, 12.2, 12.3: 2013:0497-1 Important Perl Security Update

opensuse
Calendar Grey March 20, 2013
Dist Opensuse Esm H88
openSUSE Security Patch resolves critical perl vulnerabilities; provides guidance for system maintenance updates.
An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one An update that solves three vulnerabilities and has one errata is no...

Description

Perl was updated to fix 3 security issues:

- fix rehash denial of service (compute time) [bnc#804415]

[CVE-2013-1667]

- improve CGI crlf escaping [bnc#789994] [CVE-2012-5526]

- sanitize input in Maketext.pm to avoid code injection

[bnc#797060] [CVE-2012-6329]

In openSUSE 12.1 also the following non-security bug was

fixed:

- fix IPC::Open3 bug when '-' is used [bnc#755278]

Topics%20covered

Topics Covered

security advisory denial of service important perl code injection openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-225

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-225

- openSUSE 12.1:

zypper in -t patch openSUSE-2013-225

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 12.3 (i586 x86_64):

perl-5.16.2-2.5.1

perl-base-5.16.2-2.5.1

perl-base-debuginfo-5.16.2-2.5.1

perl-debuginfo-5.16.2-2.5.1

perl-debugsource-5.16.2-2.5.1

- openSUSE 12.3 (x86_64):

perl-32bit-5.16.2-2.5.1

perl-base-32bit-5.16.2-2.5.1

perl-base-debuginfo-32bit-5.16.2-2.5.1

perl-debuginfo-32bit-5.16.2-2.5.1

- openSUSE 12.3 (noarch):

perl-doc-5.16.2-2.5.1

- openSUSE 12.2 (i586 x86_64):

perl-5.16.0-3.5.1

perl-base-5.16.0-3.5.1

perl-base-debuginfo-5.16.0-3.5.1

perl-debuginfo-5.16.0-3.5.1

perl-debugsource-5.16.0-3.5.1

- openSUSE 12.2 (x86_64):

perl-32bit-5.16.0-3.5.1

perl-base-32bit-5.16.0-3.5.1

perl-base-debuginfo-32bit-5.16.0-3.5.1

perl-debuginfo-32bit-5.16.0-3.5.1

- openSUSE 12.2 (noarch):

perl-doc-5.16.0-3.5.1

- openSUSE 12.1 (i586 x86_64):

perl-5.14.2-9.1

perl-base-5.14.2-9.1

perl-base-debuginfo-5.14.2-9.1

perl-debuginfo-5.14.2-9.1

perl-debugsource-5.14.2-9.1

- openSUSE 12.1 (x86_64):

perl-32bit-5.14.2-9.1

perl-base-32bit-5.14.2-9.1

perl-base-debuginfo-32bit-5.14.2-9.1

perl-debuginfo-32bit-5.14.2-9.1

- openSUSE...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2012-5526.html

https://www.suse.com/security/cve/CVE-2012-6329.html

https://www.suse.com/security/cve/CVE-2013-1667.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2013:0497-1
Rating: important
Affected Products: openSUSE 12.3 openSUSE 12.2 openSUSE 12.1

Topics%20covered

Topics Covered

security advisory denial of service important perl code injection openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here