SB2012013101 - Input validation error in perl (Alpine package)
Published: January 31, 2012
Security Bulletin ID
SB2012013101
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2011-3597)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=cdaba4c1afce6ee8a8dec8b5a0fec1950c126103
- https://git.alpinelinux.org/aports/commit/?id=9220c558cc69fe451cc562f97d0ec6abcc711121
- https://git.alpinelinux.org/aports/commit/?id=0b434eb040355be01914d86b8f17181272b34c64
- https://git.alpinelinux.org/aports/commit/?id=688926b9e5cfa7f14e59ab8e8875d5bed5e26880