GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue May 20, 2008 7:26 pm Post subject: [ GLSA 200805-17 ] Perl: Execution of arbitrary code |
 |
|
Gentoo Linux Security Advisory
Title: Perl: Execution of arbitrary code (GLSA 200805-17)
Severity: normal
Exploitable: remote
Date: May 20, 2008
Bug(s): #219203
ID: 200805-17
Synopsis
A double free vulnerability was discovered in Perl, possibly resulting in the execution of arbitrary code and a Denial of Service.
Background
Perl is a stable, cross platform programming language.
Affected Packages
Package: dev-lang/perl
Vulnerable: < 5.8.8-r5
Unaffected: >= 5.8.8-r5
Architectures: All supported architectures
Package: sys-devel/libperl
Vulnerable: < 5.8.8-r2
Unaffected: >= 5.8.8-r2
Architectures: All supported architectures
Description
Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters.
Impact
A remote attacker could possibly exploit this vulnerability to execute arbitrary code or cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Perl users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/perl-5.8.8-r5" |
All libperl users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/libperl-5.8.8-r2" |
References
CVE-2008-1927 |
|
News & Announcements
