Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

Ubuntu 11.04 USN-1129-1 Moderate: Perl Input Bypass Threat

ubuntu
Calendar Grey May 3, 2011
Scroller Ubuntu
Sharpening commands for PHP can bypass controls, leading to vulnerabilities. Revise your framework to mitigate threats.
An attacker could send crafted input to Perl and bypass intended restrictions.

Summary

An attacker could send crafted input to Perl and bypass intended

restrictions.

Software Description:

- perl: Larry Wall's Practical Extraction and Report Language

Details:

It was discovered that the Safe.pm Perl module incorrectly handled

Safe::reval and Safe::rdo access restrictions. An attacker could use this

flaw to bypass intended restrictions and possibly execute arbitrary code.

(CVE-2010-1168, CVE-2010-1447)

It was discovered that the CGI.pm Perl module incorrectly handled certain

MIME boundary strings. An attacker could use this flaw to inject arbitrary

HTTP headers and perform HTTP response splitting and cross-site scripting

attacks. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 10.04 LTS and

10.10. (CVE-2010-2761, CVE-2010-4411)

It was discovered that the CGI.pm Perl module incorrectly handled newline

characters. An attacker could use this flaw to inject arbitrary HTTP

headers and perform HTTP response splitting and cross-site scripting

at...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  perl                            5.10.1-17ubuntu4.1

Ubuntu 10.10:
  perl                            5.10.1-12ubuntu2.1

Ubuntu 10.04 LTS:
  perl                            5.10.1-8ubuntu2.1

Ubuntu 8.04 LTS:
  perl                            5.8.8-12ubuntu0.5

Ubuntu 6.06 LTS:
  perl                            5.8.7-10ubuntu1.3

In general, a standard system update will make all the necessary changes.

References

CVE-2010-1168, CVE-2010-1447, CVE-2010-2761, CVE-2010-4410,

CVE-2010-4411, CVE-2011-1487

Severity
important
Lowest
Low
Medium
High
Critical

May 03, 2011

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.