Lucene search

K
redhatRedHatRHSA-2011:1424
HistoryNov 03, 2011 - 12:00 a.m.

(RHSA-2011:1424) Moderate: perl security update

2011-11-0300:00:00
access.redhat.com
19

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

90.6%

Perl is a high-level programming language commonly used for system
administration utilities and web programming.

A heap-based buffer overflow flaw was found in the way Perl decoded Unicode
strings. An attacker could create a malicious Unicode string that, when
decoded by a Perl program, would cause the program to crash or,
potentially, execute arbitrary code with the permissions of the user
running the program. (CVE-2011-2939)

It was found that the “new” constructor of the Digest module used its
argument as part of the string expression passed to the eval() function. An
attacker could possibly use this flaw to execute arbitrary Perl code with
the privileges of a Perl program that uses untrusted input as an argument
to the constructor. (CVE-2011-3597)

All Perl users should upgrade to these updated packages, which contain
backported patches to correct these issues. All running Perl programs must
be restarted for this update to take effect.

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

90.6%

Related for RHSA-2011:1424