MGASA-2016-0099

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0099.html

Import Source

https://advisories.mageia.org/MGASA-2016-0099.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0099

Related

CVE-2016-2381

Published

2016-03-07T18:03:54Z

Modified

2016-03-07T17:58:12Z

Summary

Updated perl packages fix CVE-2016-2381

Details

Updated perl packages fix security vulnerability:

Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint security mechanism would be applied to the value in %ENV, but not to the other rest of the environment. This could result in an ambiguous environment causing environment variables to be propagated to subprocesses, despite the protections supposedly offered by taint checking (CVE-2016-2381).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / perl

Package

Name: perl
Purl: pkg:rpm/mageia/perl?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.20.1-8.2.mga5

Ecosystem specific

{
    "section": "core"
}