Moderate CentOS perl Update

Metadata

high
7.5
perl-5.10.1-130.el6_4.i686.rpm, perl-5.10.1-130.el6_4.src.rpm, perl-5.10.1-130.el6_4.x86_64.rpm, perl-5.8.8-40.el5_9.i386.rpm, perl-5.8.8-40.el5_9.src.rpm, perl-5.8.8-40.el5_9.x86_64.rpm, perl-Archive-Extract-0.38-130.el6_4.i686.rpm, perl-Archive-Extract-0.38-130.el6_4.x86_64.rpm, perl-Archive-Tar-1.58-130.el6_4.i686.rpm, perl-Archive-Tar-1.58-130.el6_4.x86_64.rpm, perl-CGI-3.51-130.el6_4.i686.rpm, perl-CGI-3.51-130.el6_4.x86_64.rpm, perl-CPAN-1.9402-130.el6_4.i686.rpm, perl-CPAN-1.9402-130.el6_4.x86_64.rpm, perl-CPANPLUS-0.88-130.el6_4.i686.rpm, perl-CPANPLUS-0.88-130.el6_4.x86_64.rpm, perl-Compress-Raw-Bzip2-2.020-130.el6_4.i686.rpm, perl-Compress-Raw-Bzip2-2.020-130.el6_4.x86_64.rpm, perl-Compress-Raw-Zlib-2.020-130.el6_4.i686.rpm, perl-Compress-Raw-Zlib-2.020-130.el6_4.x86_64.rpm, perl-Compress-Zlib-2.020-130.el6_4.i686.rpm, perl-Compress-Zlib-2.020-130.el6_4.x86_64.rpm, perl-Digest-SHA-5.47-130.el6_4.i686.rpm, perl-Digest-SHA-5.47-130.el6_4.x86_64.rpm, perl-ExtUtils-CBuilder-0.27-130.el6_4.i686.rpm, perl-ExtUtils-CBuilder-0.27-130.el6_4.x86_64.rpm, perl-ExtUtils-Embed-1.28-130.el6_4.i686.rpm, perl-ExtUtils-Embed-1.28-130.el6_4.x86_64.rpm, perl-ExtUtils-MakeMaker-6.55-130.el6_4.i686.rpm, perl-ExtUtils-MakeMaker-6.55-130.el6_4.x86_64.rpm, perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.i686.rpm, perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.x86_64.rpm, perl-File-Fetch-0.26-130.el6_4.i686.rpm, perl-File-Fetch-0.26-130.el6_4.x86_64.rpm, perl-IO-Compress-Base-2.020-130.el6_4.i686.rpm, perl-IO-Compress-Base-2.020-130.el6_4.x86_64.rpm, perl-IO-Compress-Bzip2-2.020-130.el6_4.i686.rpm, perl-IO-Compress-Bzip2-2.020-130.el6_4.x86_64.rpm, perl-IO-Compress-Zlib-2.020-130.el6_4.i686.rpm, perl-IO-Compress-Zlib-2.020-130.el6_4.x86_64.rpm, perl-IO-Zlib-1.09-130.el6_4.i686.rpm, perl-IO-Zlib-1.09-130.el6_4.x86_64.rpm, perl-IPC-Cmd-0.56-130.el6_4.i686.rpm, perl-IPC-Cmd-0.56-130.el6_4.x86_64.rpm, perl-Locale-Maketext-Simple-0.18-130.el6_4.i686.rpm, perl-Locale-Maketext-Simple-0.18-130.el6_4.x86_64.rpm, perl-Log-Message-0.02-130.el6_4.i686.rpm, perl-Log-Message-0.02-130.el6_4.x86_64.rpm, perl-Log-Message-Simple-0.04-130.el6_4.i686.rpm, perl-Log-Message-Simple-0.04-130.el6_4.x86_64.rpm, perl-Module-Build-0.3500-130.el6_4.i686.rpm, perl-Module-Build-0.3500-130.el6_4.x86_64.rpm, perl-Module-CoreList-2.18-130.el6_4.i686.rpm, perl-Module-CoreList-2.18-130.el6_4.x86_64.rpm, perl-Module-Load-0.16-130.el6_4.i686.rpm, perl-Module-Load-0.16-130.el6_4.x86_64.rpm, perl-Module-Load-Conditional-0.30-130.el6_4.i686.rpm, perl-Module-Load-Conditional-0.30-130.el6_4.x86_64.rpm, perl-Module-Loaded-0.02-130.el6_4.i686.rpm, perl-Module-Loaded-0.02-130.el6_4.x86_64.rpm, perl-Module-Pluggable-3.90-130.el6_4.i686.rpm, perl-Module-Pluggable-3.90-130.el6_4.x86_64.rpm, perl-Object-Accessor-0.34-130.el6_4.i686.rpm, perl-Object-Accessor-0.34-130.el6_4.x86_64.rpm, perl-Package-Constants-0.02-130.el6_4.i686.rpm, perl-Package-Constants-0.02-130.el6_4.x86_64.rpm, perl-Params-Check-0.26-130.el6_4.i686.rpm, perl-Params-Check-0.26-130.el6_4.x86_64.rpm, perl-Parse-CPAN-Meta-1.40-130.el6_4.i686.rpm, perl-Parse-CPAN-Meta-1.40-130.el6_4.x86_64.rpm, perl-Pod-Escapes-1.04-130.el6_4.i686.rpm, perl-Pod-Escapes-1.04-130.el6_4.x86_64.rpm, perl-Pod-Simple-3.13-130.el6_4.i686.rpm, perl-Pod-Simple-3.13-130.el6_4.x86_64.rpm, perl-Term-UI-0.20-130.el6_4.i686.rpm, perl-Term-UI-0.20-130.el6_4.x86_64.rpm, perl-Test-Harness-3.17-130.el6_4.i686.rpm, perl-Test-Harness-3.17-130.el6_4.x86_64.rpm, perl-Test-Simple-0.92-130.el6_4.i686.rpm, perl-Test-Simple-0.92-130.el6_4.x86_64.rpm, perl-Time-HiRes-1.9721-130.el6_4.i686.rpm, perl-Time-HiRes-1.9721-130.el6_4.x86_64.rpm, perl-Time-Piece-1.15-130.el6_4.i686.rpm, perl-Time-Piece-1.15-130.el6_4.x86_64.rpm, perl-core-5.10.1-130.el6_4.i686.rpm, perl-core-5.10.1-130.el6_4.x86_64.rpm, perl-devel-5.10.1-130.el6_4.i686.rpm, perl-devel-5.10.1-130.el6_4.x86_64.rpm, perl-libs-5.10.1-130.el6_4.i686.rpm, perl-libs-5.10.1-130.el6_4.x86_64.rpm, perl-parent-0.221-130.el6_4.i686.rpm, perl-parent-0.221-130.el6_4.x86_64.rpm, perl-suidperl-5.10.1-130.el6_4.i686.rpm, perl-suidperl-5.10.1-130.el6_4.x86_64.rpm, perl-suidperl-5.8.8-40.el5_9.i386.rpm, perl-suidperl-5.8.8-40.el5_9.x86_64.rpm, perl-version-0.77-130.el6_4.i686.rpm, perl-version-0.77-130.el6_4.x86_64.rpm
CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, CVE-2013-1667
rhn.redhat.com, lists.centos.org, lists.centos.org
2013-03-26
2017-07-27 19:05
ALAS-2013-177
CVE-2012-5195 perl
CVE-2012-6329 perl
CVE-2012-5526 libcgi-pm-perl
CVE-2012-5526 perl
CVE-2013-1667 perl
CVE-2012-5195
CVE-2012-6329
CVE-2012-5526
CVE-2013-1667
2017-04-01 19:07
2017-01-05 20:11

Description


Updated perl packages that fix multiple security issues now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

Perl is a high-level programming language commonly used for system
administration utilities and web programming.

A heap overflow flaw was found in Perl. If a Perl application allowed
user input to control the count argument of the string repeat operator, an
attacker could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2012-5195)

A denial of service flaw was found in the way Perl's rehashing code
implementation, responsible for recalculation of hash keys and
redistribution of hash content, handled certain input. If an attacker
supplied specially-crafted input to be used as hash keys by a Perl
application, it could cause excessive memory consumption. (CVE-2013-1667)

It was found that the Perl CGI module, used to handle Common Gateway
Interface requests and responses, incorrectly sanitized the values for
Set-Cookie and P3P headers. If a Perl application using the CGI module
reused cookies values and accepted untrusted input from web browsers, a
remote attacker could use this flaw to alter member items of the cookie or
add new items. (CVE-2012-5526)

It was found that the Perl Locale::Maketext module, used to localize Perl
applications, did not properly handle backslashes or fully-qualified method
names. An attacker could possibly use this flaw to execute arbitrary Perl
code with the privileges of a Perl application that uses untrusted
Locale::Maketext templates. (CVE-2012-6329)

Red Hat would like to thank the Perl project for reporting CVE-2012-5195
and CVE-2013-1667. Upstream acknowledges Tim Brown as the original
reporter of CVE-2012-5195 and Yves Orton as the original reporter of
CVE-2013-1667.

All Perl users should upgrade to these updated packages, which contain
backported patches to correct these issues. All running Perl programs
must be restarted for this update to take effect.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
5 perl perl-5.8.8-40.el5_9.src.rpm
perl perl-5.8.8-40.el5_9.i386.rpm
perl perl-5.8.8-40.el5_9.x86_64.rpm
perl-suidperl perl-suidperl-5.8.8-40.el5_9.i386.rpm
perl-suidperl perl-suidperl-5.8.8-40.el5_9.x86_64.rpm
6 perl perl-5.10.1-130.el6_4.i686.rpm
perl perl-5.10.1-130.el6_4.src.rpm
perl perl-5.10.1-130.el6_4.x86_64.rpm
perl-Archive-Extract perl-Archive-Extract-0.38-130.el6_4.i686.rpm
perl-Archive-Extract perl-Archive-Extract-0.38-130.el6_4.x86_64.rpm
perl-Archive-Tar perl-Archive-Tar-1.58-130.el6_4.i686.rpm
perl-Archive-Tar perl-Archive-Tar-1.58-130.el6_4.x86_64.rpm
perl-CGI perl-CGI-3.51-130.el6_4.i686.rpm
perl-CGI perl-CGI-3.51-130.el6_4.x86_64.rpm
perl-Compress-Raw-Bzip2 perl-Compress-Raw-Bzip2-2.020-130.el6_4.i686.rpm
perl-Compress-Raw-Bzip2 perl-Compress-Raw-Bzip2-2.020-130.el6_4.x86_64.rpm
perl-Compress-Raw-Zlib perl-Compress-Raw-Zlib-2.020-130.el6_4.x86_64.rpm
perl-Compress-Raw-Zlib perl-Compress-Raw-Zlib-2.020-130.el6_4.i686.rpm
perl-Compress-Zlib perl-Compress-Zlib-2.020-130.el6_4.x86_64.rpm
perl-Compress-Zlib perl-Compress-Zlib-2.020-130.el6_4.i686.rpm
perl-core perl-core-5.10.1-130.el6_4.x86_64.rpm
perl-core perl-core-5.10.1-130.el6_4.i686.rpm
perl-CPAN perl-CPAN-1.9402-130.el6_4.x86_64.rpm
perl-CPAN perl-CPAN-1.9402-130.el6_4.i686.rpm
perl-CPANPLUS perl-CPANPLUS-0.88-130.el6_4.x86_64.rpm
perl-CPANPLUS perl-CPANPLUS-0.88-130.el6_4.i686.rpm
perl-devel perl-devel-5.10.1-130.el6_4.i686.rpm
perl-devel perl-devel-5.10.1-130.el6_4.x86_64.rpm
perl-Digest-SHA perl-Digest-SHA-5.47-130.el6_4.i686.rpm
perl-Digest-SHA perl-Digest-SHA-5.47-130.el6_4.x86_64.rpm
perl-ExtUtils-CBuilder perl-ExtUtils-CBuilder-0.27-130.el6_4.x86_64.rpm
perl-ExtUtils-CBuilder perl-ExtUtils-CBuilder-0.27-130.el6_4.i686.rpm
perl-ExtUtils-Embed perl-ExtUtils-Embed-1.28-130.el6_4.i686.rpm
perl-ExtUtils-Embed perl-ExtUtils-Embed-1.28-130.el6_4.x86_64.rpm
perl-ExtUtils-MakeMaker perl-ExtUtils-MakeMaker-6.55-130.el6_4.i686.rpm
perl-ExtUtils-MakeMaker perl-ExtUtils-MakeMaker-6.55-130.el6_4.x86_64.rpm
perl-ExtUtils-ParseXS perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.i686.rpm
perl-ExtUtils-ParseXS perl-ExtUtils-ParseXS-2.2003.0-130.el6_4.x86_64.rpm
perl-File-Fetch perl-File-Fetch-0.26-130.el6_4.i686.rpm
perl-File-Fetch perl-File-Fetch-0.26-130.el6_4.x86_64.rpm
perl-IO-Compress-Base perl-IO-Compress-Base-2.020-130.el6_4.i686.rpm
perl-IO-Compress-Base perl-IO-Compress-Base-2.020-130.el6_4.x86_64.rpm
perl-IO-Compress-Bzip2 perl-IO-Compress-Bzip2-2.020-130.el6_4.i686.rpm
perl-IO-Compress-Bzip2 perl-IO-Compress-Bzip2-2.020-130.el6_4.x86_64.rpm
perl-IO-Compress-Zlib perl-IO-Compress-Zlib-2.020-130.el6_4.x86_64.rpm
perl-IO-Compress-Zlib perl-IO-Compress-Zlib-2.020-130.el6_4.i686.rpm
perl-IO-Zlib perl-IO-Zlib-1.09-130.el6_4.i686.rpm
perl-IO-Zlib perl-IO-Zlib-1.09-130.el6_4.x86_64.rpm
perl-IPC-Cmd perl-IPC-Cmd-0.56-130.el6_4.x86_64.rpm
perl-IPC-Cmd perl-IPC-Cmd-0.56-130.el6_4.i686.rpm
perl-libs perl-libs-5.10.1-130.el6_4.x86_64.rpm
perl-libs perl-libs-5.10.1-130.el6_4.i686.rpm
perl-Locale-Maketext-Simple perl-Locale-Maketext-Simple-0.18-130.el6_4.i686.rpm
perl-Locale-Maketext-Simple perl-Locale-Maketext-Simple-0.18-130.el6_4.x86_64.rpm
perl-Log-Message perl-Log-Message-0.02-130.el6_4.x86_64.rpm
perl-Log-Message perl-Log-Message-0.02-130.el6_4.i686.rpm
perl-Log-Message-Simple perl-Log-Message-Simple-0.04-130.el6_4.i686.rpm
perl-Log-Message-Simple perl-Log-Message-Simple-0.04-130.el6_4.x86_64.rpm
perl-Module-Build perl-Module-Build-0.3500-130.el6_4.x86_64.rpm
perl-Module-Build perl-Module-Build-0.3500-130.el6_4.i686.rpm
perl-Module-CoreList perl-Module-CoreList-2.18-130.el6_4.x86_64.rpm
perl-Module-CoreList perl-Module-CoreList-2.18-130.el6_4.i686.rpm
perl-Module-Load perl-Module-Load-0.16-130.el6_4.i686.rpm
perl-Module-Load perl-Module-Load-0.16-130.el6_4.x86_64.rpm
perl-Module-Load-Conditional perl-Module-Load-Conditional-0.30-130.el6_4.i686.rpm
perl-Module-Load-Conditional perl-Module-Load-Conditional-0.30-130.el6_4.x86_64.rpm
perl-Module-Loaded perl-Module-Loaded-0.02-130.el6_4.i686.rpm
perl-Module-Loaded perl-Module-Loaded-0.02-130.el6_4.x86_64.rpm
perl-Module-Pluggable perl-Module-Pluggable-3.90-130.el6_4.i686.rpm
perl-Module-Pluggable perl-Module-Pluggable-3.90-130.el6_4.x86_64.rpm
perl-Object-Accessor perl-Object-Accessor-0.34-130.el6_4.x86_64.rpm
perl-Object-Accessor perl-Object-Accessor-0.34-130.el6_4.i686.rpm
perl-Package-Constants perl-Package-Constants-0.02-130.el6_4.x86_64.rpm
perl-Package-Constants perl-Package-Constants-0.02-130.el6_4.i686.rpm
perl-Params-Check perl-Params-Check-0.26-130.el6_4.x86_64.rpm
perl-Params-Check perl-Params-Check-0.26-130.el6_4.i686.rpm
perl-parent perl-parent-0.221-130.el6_4.i686.rpm
perl-parent perl-parent-0.221-130.el6_4.x86_64.rpm
perl-Parse-CPAN-Meta perl-Parse-CPAN-Meta-1.40-130.el6_4.x86_64.rpm
perl-Parse-CPAN-Meta perl-Parse-CPAN-Meta-1.40-130.el6_4.i686.rpm
perl-Pod-Escapes perl-Pod-Escapes-1.04-130.el6_4.i686.rpm
perl-Pod-Escapes perl-Pod-Escapes-1.04-130.el6_4.x86_64.rpm
perl-Pod-Simple perl-Pod-Simple-3.13-130.el6_4.i686.rpm
perl-Pod-Simple perl-Pod-Simple-3.13-130.el6_4.x86_64.rpm
perl-suidperl perl-suidperl-5.10.1-130.el6_4.i686.rpm
perl-suidperl perl-suidperl-5.10.1-130.el6_4.x86_64.rpm
perl-Term-UI perl-Term-UI-0.20-130.el6_4.x86_64.rpm
perl-Term-UI perl-Term-UI-0.20-130.el6_4.i686.rpm
perl-Test-Harness perl-Test-Harness-3.17-130.el6_4.x86_64.rpm
perl-Test-Harness perl-Test-Harness-3.17-130.el6_4.i686.rpm
perl-Test-Simple perl-Test-Simple-0.92-130.el6_4.i686.rpm
perl-Test-Simple perl-Test-Simple-0.92-130.el6_4.x86_64.rpm
perl-Time-HiRes perl-Time-HiRes-1.9721-130.el6_4.x86_64.rpm
perl-Time-HiRes perl-Time-HiRes-1.9721-130.el6_4.i686.rpm
perl-Time-Piece perl-Time-Piece-1.15-130.el6_4.x86_64.rpm
perl-Time-Piece perl-Time-Piece-1.15-130.el6_4.i686.rpm
perl-version perl-version-0.77-130.el6_4.i686.rpm
perl-version perl-version-0.77-130.el6_4.x86_64.rpm