--As of February 15, 2009 11:10:33 AM +0000, Alan Fry is alleged to have
said:
I have an Intel MacPro running Mac OS X 10.5.6 (Perl 5.8.8) and a copy of
PDF::API2. This has worked flawlessly for a long time.
Suddenly it has failed. There have been no changes at all to the machine
apart from a recent 'Security Update', which I think had to do mostly
with a loophole in Safari.
--As for the rest, it is mine.
From the notes on the recent Security Update:
perl
CVE-ID: CVE-2008-1927
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Using regular expressions containing UTF-8 characters may
lead to an unexpected application termination or arbitrary code
execution
Description: A memory corruption issue exists in the handling of
certain UTF-8 characters in regular expressions. Parsing maliciously
crafted regular expressions may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue by performing additional validation of regular expressions.
So, they definitely updated Perl. Likely any/all XS modules will need to
be recompiled. I'd _hope_ that Apple updated the ones they shipped, but
you'll still have to update any you've installed yourself.
(I haven't gotten around to installing the update myself yet...)
Daniel T. Staal
---------------------------------------------------------------
This email copyright the author. Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes. This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---------------------------------------------------------------
