Foresight: perl
Posted by Bill Keys   
Previous versions of the perl package contain weaknesses when evaluating regular expressions.

If a system is serving a perl-based web application that evaluates remote input as a regular expression, an attacker may be be able to exploit these weaknesses to execute arbitrary, attacker-provided code on the system, potentially elevating this to a remote, deterministic unauthorized access vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Foresight Linux Essential Advisory: 2007-0063-1
Published: 2007-11-09

Rating: Minor

Updated Versions:
   perl=/conary.rpath.com@rpl:devel//1/5.8.7-8.2-1
   group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.1-0.2-2

References:
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116

Description:
   Previous versions of the perl package contain weaknesses when evaluating
   regular expressions.

   If a system is serving a perl-based web application that evaluates
   remote input as a regular expression, an attacker may be be able to
   exploit these weaknesses to execute arbitrary, attacker-provided code on
   the system, potentially elevating this to a remote, deterministic
   unauthorized access vulnerability.

   Foresight Linux does not, by default, enable or contain any such services.

- ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)

iQIVAwUBRzVJ3tfwEn07iAtZAQLGlQ//ZaOxxdDrbgVBDfnrRZ2E8AAY4wlT2x2w
iI1ATK2PyHKRaMk+8hOskweQjxlQc3C4An6ff/wBCPpIzdG3rufsZCQ5YLwUVX0G
InY9wFWKcE7LqUjp8l+lnBQyXf7po/LLppgwOR6ccMIxI44JbL/jcxfOT9EbO1bU
fvEpzfokfH08j07wwX3ReNWA6xyO2SuWTiXSchUNGnYqNZeOJ115SdPKQC8I8jvi
qhw/HLH96FCK19sigW+ELCcuWHdCKvUYVcSYTwXK/zGcMyr9IV4mgJiF0of7l7il
ADYMYfT28JpkpdNXuOasfE8s7MNlEQ8wVqbbZt40je0OaoTTc/eslqf3JOlyvKZW
8b/WtYgZ1asgEHp3puTcl6e1EYpdf+Yg61RLVZiZ6W4UpFFgut97jp90yY3cR3C2
4v3C5978JQPGKMFhdB93YNE60fh3KdDWPutR34VwFEuhf50vRkND9++5uhmymtLG
0+vz/7QxoM3fTUuCUZLoPH+qJUYo+HwuasPmWUEyKpqrOT0eBnmZKh33/WHl3uo5
apyD9GgFl8bZjuVsTzirXh0JrLUNj4QWb22snEp9ZU/5uoJ0IaqWX++9jQGoJ+7V
VIlfXilU0r8UeorVRuv3+HXDbHRbLnpuVhHTMq6Q1E4brux0Y8NOMxNdJq2UHuFU
UVdaBJzKoMw=
=Vbpl
-----END PGP SIGNATURE-----