-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Foresight Linux Essential Advisory: 2007-0063-1
Published: 2007-11-09
Rating: Minor
Updated Versions:
perl=/conary.rpath.com@rpl:devel//1/5.8.7-8.2-1
group-dist=/foresight.rpath.org@fl:1-devel//1/1.4.1-0.2-2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
Description:
Previous versions of the perl package contain weaknesses when evaluating
regular expressions.
If a system is serving a perl-based web application that evaluates
remote input as a regular expression, an attacker may be be able to
exploit these weaknesses to execute arbitrary, attacker-provided code on
the system, potentially elevating this to a remote, deterministic
unauthorized access vulnerability.
Foresight Linux does not, by default, enable or contain any such services.
- ---
Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License.
A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
iQIVAwUBRzVJ3tfwEn07iAtZAQLGlQ//ZaOxxdDrbgVBDfnrRZ2E8AAY4wlT2x2w
iI1ATK2PyHKRaMk+8hOskweQjxlQc3C4An6ff/wBCPpIzdG3rufsZCQ5YLwUVX0G
InY9wFWKcE7LqUjp8l+lnBQyXf7po/LLppgwOR6ccMIxI44JbL/jcxfOT9EbO1bU
fvEpzfokfH08j07wwX3ReNWA6xyO2SuWTiXSchUNGnYqNZeOJ115SdPKQC8I8jvi
qhw/HLH96FCK19sigW+ELCcuWHdCKvUYVcSYTwXK/zGcMyr9IV4mgJiF0of7l7il
ADYMYfT28JpkpdNXuOasfE8s7MNlEQ8wVqbbZt40je0OaoTTc/eslqf3JOlyvKZW
8b/WtYgZ1asgEHp3puTcl6e1EYpdf+Yg61RLVZiZ6W4UpFFgut97jp90yY3cR3C2
4v3C5978JQPGKMFhdB93YNE60fh3KdDWPutR34VwFEuhf50vRkND9++5uhmymtLG
0+vz/7QxoM3fTUuCUZLoPH+qJUYo+HwuasPmWUEyKpqrOT0eBnmZKh33/WHl3uo5
apyD9GgFl8bZjuVsTzirXh0JrLUNj4QWb22snEp9ZU/5uoJ0IaqWX++9jQGoJ+7V
VIlfXilU0r8UeorVRuv3+HXDbHRbLnpuVhHTMq6Q1E4brux0Y8NOMxNdJq2UHuFU
UVdaBJzKoMw=
=Vbpl
-----END PGP SIGNATURE-----
