Why am I still receiving these emails? I unsubscribed. On Mar 1, 2016 10:28 AM, "Salvatore Bonaccorso" <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3501-1 [email protected] > https://www.debian.org/security/ Salvatore Bonaccorso > March 01, 2016 https://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : perl > CVE ID : CVE-2016-2381 > > Stephane Chazelas discovered a bug in the environment handling in Perl. > Perl provides a Perl-space hash variable, %ENV, in which environment > variables can be looked up. If a variable appears twice in envp, only > the last value would appear in %ENV, but getenv would return the first. > Perl's taint security mechanism would be applied to the value in %ENV, > but not to the other rest of the environment. This could result in an > ambiguous environment causing environment variables to be propagated to > subprocesses, despite the protections supposedly offered by taint > checking. > > With this update Perl changes the behavior to match the following: > > a) %ENV is populated with the first environment variable, as getenv > would return. > b) Duplicate environment entries are removed. > > For the oldstable distribution (wheezy), this problem has been fixed > in version 5.14.2-21+deb7u3. > > For the stable distribution (jessie), this problem has been fixed in > version 5.20.2-3+deb8u4. > > For the unstable distribution (sid), this problem will be fixed in > version 5.22.1-8. > > We recommend that you upgrade your perl packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCgAGBQJW1bTDAAoJEAVMuPMTQ89En28P/3uLGpzAppXhj4Hik/2lG/Tl > +UspDr3Dyl2CSeKmLK/iPexhp66R2fTu3FX0QWvNznYlVe9goQpWAK1fMpFitagO > LL3dJgal0dy+pHLmUkqIr1IllEdMoW69Wk0/a6n8Ko0upG7Bjb5BthRtC6EfLdW6 > xYND4pzAPENxBmWsgMv1E2gP2FZesPZAmnNM7DjKmOe7uSF5gw3hplZ2Mufkj4oI > HIzG248UyhNkCOkYw2uzI8vpeEktzsAnkNgQQzfBtI9aW+4uL8c9JYHztkYUuzWP > wqZygN4aIvS8IzlDqQ40jQSqqHM97StAfTJ7vIP6bK8uMTD9tccYCEN0j1OCiTHS > e5h3ZbYhdTgWGHDfwZHkmQcfkhAOXjkNu8gxvf4XrXaSXInJwXCtOC9V3It/PrAs > gpKug9vC2qhTgNIOqX2JqayoVIH2rtPTfsoYDnl7GKyFs0GsWhrr6h1DR+xTxA8x > INrL7MbgF2ydqNnqmp7YAdJAc8c3H8YrW/ERiuW4r/YvD/pUwqbJaF6NFUIqB3v0 > o+24ymPgqGQrK08oopNwkgByQs5JvkcOLZKUpos0puwJTZ4f492WFgwFQQOo+V3j > pFqcNE9d4LswV+Dymbi8//hpkiT+qL6+N4uTULx5pCUO0KzQD4L2+9Fg4ReO//NI > BhdHUyds14H7iDdAZvC5 > =WDZ9 > -----END PGP SIGNATURE----- > >

