UBUNTU-CVE-2016-1238

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2016-1238

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1238.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-1238

Related

CVE-2016-1238

Published

2016-07-25T00:00:00Z

Modified

2016-07-25T00:00:00Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

References

Affected packages

Ubuntu:14.04:LTS / libsys-syslog-perl

Package

Name: libsys-syslog-perl
Purl: pkg:deb/ubuntu/libsys-syslog-perl@0.33-1+deb8u1build0.14.04.1?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.33-1+deb8u1build0.14.04.1

Affected versions

0.*

0.29-1build2

0.33-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "libsys-syslog-perl": "0.33-1+deb8u1build0.14.04.1",
            "libsys-syslog-perl-dbgsym": "0.33-1+deb8u1build0.14.04.1"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / perl

Package

Name: perl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.14.2-21build1

5.18.1-4

5.18.1-4build1

5.18.1-5

5.18.2-2

5.18.2-2ubuntu1

5.18.2-2ubuntu1.1

5.18.2-2ubuntu1.3

5.18.2-2ubuntu1.4

5.18.2-2ubuntu1.6

5.18.2-2ubuntu1.7

5.18.2-2ubuntu1.7+esm3

5.18.2-2ubuntu1.7+esm4

5.18.2-2ubuntu1.7+esm5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / perl

Package

Name: perl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.20.2-6

5.22.1-3

5.22.1-4

5.22.1-5

5.22.1-7

5.22.1-8

5.22.1-9

5.22.1-9ubuntu0.2

5.22.1-9ubuntu0.3

5.22.1-9ubuntu0.5

5.22.1-9ubuntu0.6

5.22.1-9ubuntu0.9

5.22.1-9ubuntu0.9+esm1

5.22.1-9ubuntu0.9+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}