Summary
Ubuntu Update for Linux kernel vulnerabilities USN-1643-1
Solution
Please Install the Updated Packages.
Insight
It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string.
An attacker could use this overflow to cause a denial of service.
(CVE-2011-2939)
It was discovered that the 'new' constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. (CVE-2011-3597)
It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code. (CVE-2012-5195)
Ryo Anazawa discovered that the CGI.pm module does not properly escape newlines in Set-Cookie or P3P (Platform for Privacy Preferences Project) headers. An attacker could use this to inject arbitrary headers into responses from applications that use CGI.pm. (CVE-2012-5526)
Affected
perl on Ubuntu 12.10 ,
Ubuntu 12.04 LTS ,
Ubuntu 11.10 ,
Ubuntu 10.04 LTS ,
Ubuntu 8.04 LTS
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2939, CVE-2011-3597, CVE-2012-5195, CVE-2012-5526 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities