5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.2%
Debian Security Advisory DSA-2586-1 [email protected]
http://www.debian.org/security/
December 11, 2012 http://www.debian.org/security/faq
Package : perl
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-5195 CVE-2012-5526
Debian Bug : 689314 693420 695223
Two vulnerabilities were discovered in the implementation of the Perl
programming language:
CVE-2012-5195
The "x" operator could cause the Perl interpreter to crash
if very long strings were created.
CVE-2012-5526
The CGI module does not properly escape LF characters
in the Set-Cookie and P3P headers.
In addition, this update adds a warning to the Storable documentation
that this package is not suitable for deserializing untrusted data.
For the stable distribution (squeeze), these problems have been fixed in
version 5.10.1-17squeeze4.
For the unstable distribution (sid), these problems have been fixed in
version 5.14.2-16.
We recommend that you upgrade your perl packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: [email protected]
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | kfreebsd-i386 | libperl5.10 | < 5.10.1-17squeeze4 | libperl5.10_5.10.1-17squeeze4_kfreebsd-i386.deb |
Debian | 6 | powerpc | libperl5.10 | < 5.10.1-17squeeze4 | libperl5.10_5.10.1-17squeeze4_powerpc.deb |
Debian | 6 | mips | perl-debug | < 5.10.1-17squeeze4 | perl-debug_5.10.1-17squeeze4_mips.deb |
Debian | 6 | all | libcgi-pm-perl | < 3.49-1squeeze2 | libcgi-pm-perl_3.49-1squeeze2_all.deb |
Debian | 6 | kfreebsd-i386 | perl-suid | < 5.10.1-17squeeze4 | perl-suid_5.10.1-17squeeze4_kfreebsd-i386.deb |
Debian | 6 | amd64 | perl | < 5.10.1-17squeeze4 | perl_5.10.1-17squeeze4_amd64.deb |
Debian | 6 | s390 | perl-base | < 5.10.1-17squeeze4 | perl-base_5.10.1-17squeeze4_s390.deb |
Debian | 6 | i386 | perl-base | < 5.10.1-17squeeze4 | perl-base_5.10.1-17squeeze4_i386.deb |
Debian | 6 | powerpc | perl-base | < 5.10.1-17squeeze4 | perl-base_5.10.1-17squeeze4_powerpc.deb |
Debian | 6 | sparc | perl-base | < 5.10.1-17squeeze4 | perl-base_5.10.1-17squeeze4_sparc.deb |