Debian Security Advisory
DSA-2586-1 perl -- several vulnerabilities
- Date Reported:
- 11 Dec 2012
- Affected Packages:
- perl
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 689314, Bug 693420, Bug 695223.
In Mitre's CVE dictionary: CVE-2012-5195, CVE-2012-5526. - More information:
-
Two vulnerabilities were discovered in the implementation of the Perl programming language:
- CVE-2012-5195
The
x
operator could cause the Perl interpreter to crash if very long strings were created. - CVE-2012-5526
The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers.
In addition, this update adds a warning to the Storable documentation that this package is not suitable for deserializing untrusted data.
For the stable distribution (squeeze), these problems have been fixed in version 5.10.1-17squeeze4.
For the unstable distribution (sid), these problems have been fixed in version 5.14.2-16.
We recommend that you upgrade your perl packages.
- CVE-2012-5195