ALT Linux Team

Package perl update in c6 on 2015-12-25

ALT-PU-2015-2178-1

Package perl updated to version 5.12.3-alt4.M60C.2 for branch c6 in task 153459.

Closed vulnerabilities

Published: 2011-04-11

BDU:2016-02231

Уязвимость интерпретатора Perl, позволяющая нарушителю внедрить произвольный код

Severity: MEDIUM (5.0)
References:
Published: 2012-01-13

BDU:2022-02611

Уязвимость функции decode_xs интерпретатора языка программирования Perl, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2012-12-21

BDU:2022-02612

Уязвимость функции bsd_glob интерпретатора языка программирования Perl, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.7) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
Published: 2013-01-04

BDU:2022-02626

Уязвимость функции _compile интерпретатора языка программирования Perl , позволяющая нарушителю выполнять произвольные команды

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2013-03-14

BDU:2022-02638

Уязвимость функции хеширования интерпретатора языка программирования Perl, позволяющая нарушителю вызывать отказ в обслуживании

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2011-04-11
Modified: 2024-11-21

CVE-2011-1487

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Severity: MEDIUM (5.0)
References:
Published: 2012-12-21
Modified: 2024-11-21

CVE-2011-2728

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

Severity: MEDIUM (4.3)
References:
Published: 2012-01-13
Modified: 2024-11-21

CVE-2011-2939

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.

Severity: MEDIUM (5.1)
References:
Published: 2012-12-18
Modified: 2024-11-21

CVE-2012-5195

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

Severity: HIGH (7.5)
References:
Published: 2013-01-05
Modified: 2024-11-21

CVE-2012-6329

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

Severity: HIGH (7.5)
References:
Published: 2013-03-14
Modified: 2024-11-21

CVE-2013-1667

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

Severity: HIGH (7.5)
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top