USN-2916-1 Perl vulnerabilities
Several security issues were fixed in Perl.
It was discovered that Perl incorrectly handled certain regular expressions with an invalid back-reference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-7422)
Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. An attacker could use this issue to cause Perl to consume memory and crash, resulting in a denial of service. (CVE-2014-4330)
Stephane Chazelas discovered that Perl incorrectly handled duplicate environment variables. An attacker could possibly use this issue to bypass the taint protection mechanism. (CVE-2016-2381)
Severity is medium unless otherwise noted.
Users of affected versions should apply the following mitigation:
Markus Vervier, Stephane Chazelas