perl -- several vulnerabilities

2012-12-11T00:00:00
ID DSA-2586
Type debian
Reporter Debian
Modified 2012-12-11T00:00:00

Description

Two vulnerabilities were discovered in the implementation of the Perl programming language:

The x operator could cause the Perl interpreter to crash if very long strings were created.

The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers.

In addition, this update adds a warning to the Storable documentation that this package is not suitable for deserializing untrusted data.

For the stable distribution (squeeze), these problems have been fixed in version 5.10.1-17squeeze4.

For the unstable distribution (sid), these problems have been fixed in version 5.14.2-16.

We recommend that you upgrade your perl packages.