MGASA-2013-0032
| Date: | February 6th, 2013 |
| Affected releases: | 2 |
| Media: | Core |
Description:
The _compile function in Maketext.pm in the Locale::Maketext implementation
in Perl before 5.17.7 does not properly handle backslashes and fully
qualified method names during compilation of bracket notation, which allows
context-dependent attackers to execute arbitrary commands via crafted input
to an application that accepts translation strings from users
(CVE-2012-6329).
Updated Packages:
i586:
perl-5.14.2-8.1.mga2.i586.rpm
perl-base-5.14.2-8.1.mga2.i586.rpm
perl-devel-5.14.2-8.1.mga2.i586.rpm
perl-doc-5.14.2-8.1.mga2.noarch.rpm
perl-debug-5.14.2-8.1.mga2.i586.rpm
perl-Locale-Maketext-1.220.0-2.mga2.noarch.rpm
x86_64:
perl-5.14.2-8.1.mga2.x86_64.rpm
perl-base-5.14.2-8.1.mga2.x86_64.rpm
perl-devel-5.14.2-8.1.mga2.x86_64.rpm
perl-doc-5.14.2-8.1.mga2.noarch.rpm
perl-debug-5.14.2-8.1.mga2.x86_64.rpm
perl-Locale-Maketext-1.220.0-2.mga2.noarch.rpm
SRPMS:
perl-5.14.2-8.1.mga2.src.rpm
perl-Locale-Maketext-1.220.0-2.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097440.html
https://bugs.mageia.org/show_bug.cgi?id=8815
