FLEA-2007-0063-1 perl

To: foresight-security-announce@xxxxxxxxxxxxxxx
Subject: FLEA-2007-0063-1 perl
From: Foresight Linux Essential Announcement Service <foresight-security-noreply@xxxxxxxxxxxxxxxxxx>
Date: Fri, 09 Nov 2007 21:04:26 -0900
Cc: security-alerts@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, lwn@xxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Heirloom mailx 12.2 01/07/07

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0063-1
Published: 2007-11-09

Rating: Minor

Updated Versions:
    perl=/conary.rpath.com@rpl:devel//1/5.8.7-8.2-1
    group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.1-0.2-2

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116

Description:
    Previous versions of the perl package contain weaknesses when evaluating
    regular expressions.
    
    If a system is serving a perl-based web application that evaluates
    remote input as a regular expression, an attacker may be be able to
    exploit these weaknesses to execute arbitrary, attacker-provided code on
    the system, potentially elevating this to a remote, deterministic
    unauthorized access vulnerability.
    
    Foresight Linux does not, by default, enable or contain any such services.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iQIVAwUBRzVJ3tfwEn07iAtZAQLGlQ//ZaOxxdDrbgVBDfnrRZ2E8AAY4wlT2x2w
iI1ATK2PyHKRaMk+8hOskweQjxlQc3C4An6ff/wBCPpIzdG3rufsZCQ5YLwUVX0G
InY9wFWKcE7LqUjp8l+lnBQyXf7po/LLppgwOR6ccMIxI44JbL/jcxfOT9EbO1bU
fvEpzfokfH08j07wwX3ReNWA6xyO2SuWTiXSchUNGnYqNZeOJ115SdPKQC8I8jvi
qhw/HLH96FCK19sigW+ELCcuWHdCKvUYVcSYTwXK/zGcMyr9IV4mgJiF0of7l7il
ADYMYfT28JpkpdNXuOasfE8s7MNlEQ8wVqbbZt40je0OaoTTc/eslqf3JOlyvKZW
8b/WtYgZ1asgEHp3puTcl6e1EYpdf+Yg61RLVZiZ6W4UpFFgut97jp90yY3cR3C2
4v3C5978JQPGKMFhdB93YNE60fh3KdDWPutR34VwFEuhf50vRkND9++5uhmymtLG
0+vz/7QxoM3fTUuCUZLoPH+qJUYo+HwuasPmWUEyKpqrOT0eBnmZKh33/WHl3uo5
apyD9GgFl8bZjuVsTzirXh0JrLUNj4QWb22snEp9ZU/5uoJ0IaqWX++9jQGoJ+7V
VIlfXilU0r8UeorVRuv3+HXDbHRbLnpuVhHTMq6Q1E4brux0Y8NOMxNdJq2UHuFU
UVdaBJzKoMw=
=Vbpl
-----END PGP SIGNATURE-----

Prev by Date: FLEA-2007-0068-1 ruby
Next by Date: iDefense Security Advisory 11.12.07: WinPcap NPF.SYS bpf_filter_init Arbitrary Array Indexing Vulnerability
Previous by thread: FLEA-2007-0068-1 ruby
Next by thread: iDefense Security Advisory 11.12.07: WinPcap NPF.SYS bpf_filter_init Arbitrary Array Indexing Vulnerability
Index(es):
- Date
- Thread