- Vulnerability/
- RHSA-2010:0457
RHSA-2010:0457: Moderate: perl security update
First published: Mon Jun 07 2010(Updated: )
Perl is a high-level programming language commonly used for system<br>administration utilities and web programming. The Safe extension module<br>allows users to compile and execute Perl code in restricted compartments.<br>The Safe module did not properly restrict the code of implicitly called<br>methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects<br>returned as a result of unsafe code evaluation. These methods could have<br>been executed unrestricted by Safe when such objects were accessed or<br>destroyed. A specially-crafted Perl script executed inside of a Safe<br>compartment could use this flaw to bypass intended Safe module<br>restrictions. (CVE-2010-1168)<br>The Safe module did not properly restrict code compiled in a Safe<br>compartment and executed out of the compartment via a subroutine reference<br>returned as a result of unsafe code evaluation. A specially-crafted Perl<br>script executed inside of a Safe compartment could use this flaw to bypass<br>intended Safe module restrictions, if the returned subroutine reference was<br>called from outside of the compartment. (CVE-2010-1447)<br>Red Hat would like to thank Tim Bunce for responsibly reporting the<br>CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton<br>as the original reporter of CVE-2010-1168, and Tim Bunce and Rafaël<br>Garcia-Suarez as the original reporters of CVE-2010-1447.<br>These packages upgrade the Safe extension module to version 2.27. Refer to<br>the Safe module's Changes file, linked to in the References, for a full<br>list of changes.<br>Users of perl are advised to upgrade to these updated packages, which<br>correct these issues. All applications using the Safe extension module must<br>be restarted for this update to take effect.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/perl | <5.8.5-53.el4 | 5.8.5-53.el4 |
| redhat/perl | <5.8.5-53.el4 | 5.8.5-53.el4 |
| redhat/perl-suidperl | <5.8.5-53.el4 | 5.8.5-53.el4 |
| redhat/perl-suidperl | <5.8.5-53.el4 | 5.8.5-53.el4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0457
- agent/software-canonical-lookup
- package-manager/redhat