Summary: | >=dev-lang/perl-5.10, <dev-lang/perl-5.12.3-r1: lc(), uc() routines are laundering tainted data (CVE-2011-1487) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Petr Pisar <petr.pisar> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Petr Pisar
2011-04-05 08:02:53 UTC
(In reply to comment #0) > > This has been recognized by upstream as a security regression and fixed in > forthcoming perl-5.14 > (http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336). > Thank you for the report, Petr. Fixed in dev-lang/perl-5.12.3-r1 which could be stabilized. (In reply to comment #2) > Fixed in dev-lang/perl-5.12.3-r1 which could be stabilized. Great, thank you. Arches, please test and mark stable: =dev-lang/perl-5.12.3-r1 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" works here. amd64 ok ppc/ppc64 stable x86 stable amd64 stable Stable for HPPA. Stable on alpha. arm/ia64/m68k/s390/sh/sparc stable Thanks, folks. Added to existing GLSA request. CVE-2011-1487 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1487): The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. This issue was resolved and addressed in GLSA 201311-17 at http://security.gentoo.org/glsa/glsa-201311-17.xml by GLSA coordinator Sergey Popov (pinkbyte). |