MGASA-2016-0299

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0299.html

Import Source

https://advisories.mageia.org/MGASA-2016-0299.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2016-0299

Related

CVE-2016-6185

Published

2016-09-16T09:27:13Z

Modified

2016-09-08T22:29:43Z

Summary

Updated perl-XSLoader packages fix security vulnerability

Details

An arbitrary code execution can be achieved if loading code from untrusted current working directory despite the '.' is removed from @INC. Vulnerability is in XSLoader that uses caller() information to locate .so file to load. If malicious attacker creates directory named (eval 1) with malicious binary file in it, it will be loaded if the package calling XSLoader is in parent directory (CVE-2016-6185).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / perl-XSLoader

Package

Name: perl-XSLoader
Purl: pkg:rpm/mageia/perl-XSLoader?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.160.0-7.1.mga5

Ecosystem specific

{
    "section": "core"
}