Scientific Linux: Moderate Perl Update Fixes Buffer Overflow Risk

Date: Fri, 4 Nov 2011 09:07:58 -0500
Reply-To: This email address is being protected from spambots. You need JavaScript enabled to view it.
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: perl on SL6.x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis: Moderate: perl security update
Issue Date: 2011-11-03
CVE Numbers: CVE-2011-2939
 CVE-2011-3597

Perl is a high-level programming language commonly used for system
administration utilities and web programming.

A heap-based buffer overflow flaw was found in the way Perl decoded Unicode
strings. An attacker could create a malicious Unicode string that, when
decoded by a Perl program, would cause the program to crash or,
potentially, execute arbitrary code with the permissions of the user
running the program. (CVE-2011-2939)

It was found that the "new" constructor of the Digest module used its
argument as part of the string expression passed to the eval() function. An
attacker could possibly use this flaw to execute arbitrary Perl code with
the privileges of a Perl program that uses untrusted input as an argument
to the constructor. (CVE-2011-3597)

All Perl users should upgrade to these updated packages, which contain
backported patches to correct these issues. All running Perl programs must
be restarted for this update to take effect.

SL6:
 i386
 perl-5.10.1-119.el6_1.1.i686.rpm
 perl-Archive-Extract-0.38-119.el6_1.1.i686.rpm
 perl-Archive-Tar-1.58-119.el6_1.1.i686.rpm
 perl-CGI-3.51-119.el6_1.1.i686.rpm
 perl-Compress-Raw-Zlib-2.023-119.el6_1.1.i686.rpm
 perl-Compress-Zlib-2.020-119.el6_1.1.i686.rpm
 perl-core-5.10.1-119.el6_1.1.i686.rpm
 perl-CPAN-1.9402-119.el6_1.1.i686.rpm
 perl-CPANPLUS-0.88-119.el6_1.1.i686.rpm
 perl-debuginfo-5.10.1-119.el6_1.1.i686.rpm
 perl-devel-5.10.1-119.el6_1.1.i686.rpm
 perl-Digest-SHA-5.47-119.el6_1.1.i686.rpm
 perl-ExtUtils-CBuilder-0.27-119.el6_1.1.i686.rpm
 perl-ExtUtils-Embed-1.28-119.el6_1.1.i686.rpm
 perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.i686.rpm
 perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.i686.rpm
 perl-File-Fetch-0.26-119.el6_1.1.i686.rpm
 perl-IO-Compress-Base-2.020-119.el6_1.1.i686.rpm
 perl-IO-Compress-Zlib-2.020-119.el6_1.1.i686.rpm
 perl-IO-Zlib-1.09-119.el6_1.1.i686.rpm
 perl-IPC-Cmd-0.56-119.el6_1.1.i686.rpm
 perl-libs-5.10.1-119.el6_1.1.i686.rpm
 perl-Locale-Maketext-Simple-0.18-119.el6_1.1.i686.rpm
 perl-Log-Message-0.02-119.el6_1.1.i686.rpm
 perl-Log-Message-Simple-0.04-119.el6_1.1.i686.rpm
 perl-Module-Build-0.3500-119.el6_1.1.i686.rpm
 perl-Module-CoreList-2.18-119.el6_1.1.i686.rpm
 perl-Module-Load-0.16-119.el6_1.1.i686.rpm
 perl-Module-Load-Conditional-0.30-119.el6_1.1.i686.rpm
 perl-Module-Loaded-0.02-119.el6_1.1.i686.rpm
 perl-Module-Pluggable-3.90-119.el6_1.1.i686.rpm
 perl-Object-Accessor-0.34-119.el6_1.1.i686.rpm
 perl-Package-Constants-0.02-119.el6_1.1.i686.rpm
 perl-Params-Check-0.26-119.el6_1.1.i686.rpm
 perl-parent-0.221-119.el6_1.1.i686.rpm
 perl-Parse-CPAN-Meta-1.40-119.el6_1.1.i686.rpm
 perl-Pod-Escapes-1.04-119.el6_1.1.i686.rpm
 perl-Pod-Simple-3.13-119.el6_1.1.i686.rpm
 perl-suidperl-5.10.1-119.el6_1.1.i686.rpm
 perl-Term-UI-0.20-119.el6_1.1.i686.rpm
 perl-Test-Harness-3.17-119.el6_1.1.i686.rpm
 perl-Test-Simple-0.92-119.el6_1.1.i686.rpm
 perl-Time-HiRes-1.9721-119.el6_1.1.i686.rpm
 perl-Time-Piece-1.15-119.el6_1.1.i686.rpm
 perl-version-0.77-119.el6_1.1.i686.rpm
 x86_64
 perl-5.10.1-119.el6_1.1.x86_64.rpm
 perl-Archive-Extract-0.38-119.el6_1.1.x86_64.rpm
 perl-Archive-Tar-1.58-119.el6_1.1.x86_64.rpm
 perl-CGI-3.51-119.el6_1.1.x86_64.rpm
 perl-Compress-Raw-Zlib-2.023-119.el6_1.1.x86_64.rpm
 perl-Compress-Zlib-2.020-119.el6_1.1.x86_64.rpm
 perl-core-5.10.1-119.el6_1.1.x86_64.rpm
 perl-CPAN-1.9402-119.el6_1.1.x86_64.rpm
 perl-CPANPLUS-0.88-119.el6_1.1.x86_64.rpm
 perl-debuginfo-5.10.1-119.el6_1.1.i686.rpm
 perl-debuginfo-5.10.1-119.el6_1.1.x86_64.rpm
 perl-devel-5.10.1-119.el6_1.1.i686.rpm
 perl-devel-5.10.1-119.el6_1.1.x86_64.rpm
 perl-Digest-SHA-5.47-119.el6_1.1.x86_64.rpm
 perl-ExtUtils-CBuilder-0.27-119.el6_1.1.x86_64.rpm
 perl-ExtUtils-Embed-1.28-119.el6_1.1.x86_64.rpm
 perl-ExtUtils-MakeMaker-6.55-119.el6_1.1.x86_64.rpm
 perl-ExtUtils-ParseXS-2.2003.0-119.el6_1.1.x86_64.rpm
 perl-File-Fetch-0.26-119.el6_1.1.x86_64.rpm
 perl-IO-Compress-Base-2.020-119.el6_1.1.x86_64.rpm
 perl-IO-Compress-Zlib-2.020-119.el6_1.1.x86_64.rpm
 perl-IO-Zlib-1.09-119.el6_1.1.x86_64.rpm
 perl-IPC-Cmd-0.56-119.el6_1.1.x86_64.rpm
 perl-libs-5.10.1-119.el6_1.1.i686.rpm
 perl-libs-5.10.1-119.el6_1.1.x86_64.rpm
 perl-Locale-Maketext-Simple-0.18-119.el6_1.1.x86_64.rpm
 perl-Log-Message-0.02-119.el6_1.1.x86_64.rpm
 perl-Log-Message-Simple-0.04-119.el6_1.1.x86_64.rpm
 perl-Module-Build-0.3500-119.el6_1.1.x86_64.rpm
 perl-Module-CoreList-2.18-119.el6_1.1.x86_64.rpm
 perl-Module-Load-0.16-119.el6_1.1.x86_64.rpm
 perl-Module-Load-Conditional-0.30-119.el6_1.1.x86_64.rpm
 perl-Module-Loaded-0.02-119.el6_1.1.x86_64.rpm
 perl-Module-Pluggable-3.90-119.el6_1.1.x86_64.rpm
 perl-Object-Accessor-0.34-119.el6_1.1.x86_64.rpm
 perl-Package-Constants-0.02-119.el6_1.1.x86_64.rpm
 perl-Params-Check-0.26-119.el6_1.1.x86_64.rpm
 perl-parent-0.221-119.el6_1.1.x86_64.rpm
 perl-Parse-CPAN-Meta-1.40-119.el6_1.1.x86_64.rpm
 perl-Pod-Escapes-1.04-119.el6_1.1.x86_64.rpm
 perl-Pod-Simple-3.13-119.el6_1.1.x86_64.rpm
 perl-suidperl-5.10.1-119.el6_1.1.x86_64.rpm
 perl-Term-UI-0.20-119.el6_1.1.x86_64.rpm
 perl-Test-Harness-3.17-119.el6_1.1.x86_64.rpm
 perl-Test-Simple-0.92-119.el6_1.1.x86_64.rpm
 perl-Time-HiRes-1.9721-119.el6_1.1.x86_64.rpm
 perl-Time-Piece-1.15-119.el6_1.1.x86_64.rpm
 perl-version-0.77-119.el6_1.1.x86_64.rpm

- Scientific Linux Development Team