[Secure-testing-team] Bug#622817: perl: CVE-2011-1487: taint laundering in lc, uc
Dominic Hargreaves
dom at earth.li
Thu Apr 14 20:45:55 UTC 2011
Package: perl
Version: 5.10.1-19
Severity: grave
Tags: security
Justification: user security hole
CVE description:
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl
5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11,
do not apply the taint attribute to the return value upon processing
tainted input, which might allow context-dependent attackers to bypass
the taint protection mechanism via a crafted string.
Upstream report: <http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336>
Redhat bug: <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1487>
Fix from bleadperl: <http://perl5.git.perl.org/perl.git/commitdiff/539689e74a3bcb04d29e4cd9396de91a81045b99>
Fedora fix in 5.12: <https://bugzilla.redhat.com/show_bug.cgi?id=692900>
More information about the Secure-testing-team
mailing list