Gentoo Linux Security Advisory 201311-17 - Multiple vulnerabilities were found in Perl, the worst of which could allow a local attacker to cause a Denial of Service condition. Versions less than 5.12.3-r1 are affected.
17bc7911b1233ec593e55fce4bd6168ee82f0df54d00136756cc65e61e2a42aa
Mandriva Linux Security Advisory 2010-116 - Multiple vulnerabilities has been discovered and corrected in Path.pm and Safe.pm which could lead to escalated privilegies. The updated packages have been patched to correct these issues.
278ee32972da2900f2577f8e89442cf702bae4ae30d56a75844b8ed4546a7c97
Ubuntu Security Notice USN-700-1 - Jonathan Smith discovered that the Archive::Tar Perl module did not correctly handle symlinks when extracting archives. If a user or automated system were tricked into opening a specially crafted tar file, a remote attacker could over-write arbitrary files. Tavis Ormandy and Will Drewry discovered that Perl did not correctly handle certain utf8 characters in regular expressions. If a user or automated system were tricked into using a specially crafted expression, a remote attacker could crash the application, leading to a denial of service. Ubuntu 8.10 was not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could create arbitrary setuid binaries. Ubuntu 6.06 and 8.10 were not affected by this issue. A race condition was discovered in the File::Path Perl module's rmtree function. If a local attacker successfully raced another user's call of rmtree, they could delete arbitrary files. Ubuntu 6.06 was not affected by this issue.
4cd9f58b06577565cb8d0f6645a1ecaf732d9f924f3c0b72bfd28ab955c3a7a4
Debian Security Advisory 1678-2 - The perl update in DSA-1678-1 contains a regression which is triggered by some Perl scripts which have changed into the directory tree removed by File::Path::rmtree. In particular, this happens if File::Temp::tempdir is used. This new update corrects this regression.
7a6ee91b53e6aa6c99a93729bd44c00a32faf2e6b49baa69e2c88266c1e40521
Debian Security Advisory 1678-1 - Paul Szabo rediscovered a vulnerability in the File::Path::rmtree function of Perl. It was possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This issue was originally known as CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and DSA-620-1. Unfortunately, they were reintroduced later.
3b0a9ceaca5082cebcdc0a65405e3400807ad506649cb0176587ffa4442d6cb4