perl is vulnerable to arbitrary code execution. It was found that the “new” constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor.
aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc
cpansearch.perl.org/src/GAAS/Digest-1.17/Changes
kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
secunia.com/advisories/46279
secunia.com/advisories/51457
www.mandriva.com/security/advisories?name=MDVSA-2012:008
www.mandriva.com/security/advisories?name=MDVSA-2012:009
www.redhat.com/support/errata/RHSA-2011-1424.html
www.redhat.com/support/errata/RHSA-2011-1797.html
www.securityfocus.com/bid/49911
www.ubuntu.com/usn/USN-1643-1
access.redhat.com/errata/RHSA-2011:1797
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=743010
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19446