Stay Secure with the Latest Linux Advisories

security advisorycode executionsoftware patch

Ubuntu 12.10: 2099-1 Moderate: Perl Code Execution Threat

Perl could be made to run programs if it processed a specially crafted Locale::Maketext templates.. =========================================================================Ubuntu Security Notice USN-2099-1 February 05, 2014 perl vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Perl could be made to run programs if it processed a specially crafted Locale::Maketext templates. Software Description: - perl: Practical Extraction and Report Language Details: It was discovered that Perl's Locale::Maketext module incorrectly handled backslashes and fully qualified method names. An attacker could possibly use this flaw to execute arbitrary code when an application used untrusted templates. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: perl-modules 5.14.2-13ubuntu0.3 Ubuntu 12.04 LTS: perl-modules 5.14.2-6ubuntu2.4 Ubuntu 10.04 LTS: perl-modules 5.10.1-8ubuntu2.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2099-1 CVE-2012-6329 Package Information: https://launchpad.net/ubuntu/+source/perl/5.14.2-13ubuntu0.3 https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.4 https://launchpad.net/ubuntu/+source/perl/5.10.1-8ubuntu2.4 . By using custom templates in Perl's Locale::Maketext, it's possible to run arbitrary code. Make sure to keep your Ubuntu system updated to address this vulnerability.. Perl Security, Code Execution, Update Perl, Ubuntu Advisory. . LinuxSecurity.com Team

Feb 05, 2014 Ubuntu