Ubuntu has issued an advisory on November 29: http://www.ubuntu.com/usn/usn-1643-1/ It's not clear which versions are affected, but Ubuntu has a link to the upstream patch and also notes that the Debian bug has a reproducer: http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5195.html The other CVEs in the advisory include the perl-CGI vulnerability that we just fixed, as well as low severity vulnerabilities in perl-Digest and perl-Encode that only impact Mageia 1 (they were fixed upstream in the versions we have in Mageia 2).
Whiteboard: (none) => MGA2TOO, MGA1TOO
URL: (none) => http://lwn.net/Vulnerabilities/527725/
mageia 1 no longer supported.
Whiteboard: MGA2TOO, MGA1TOO => MGA2TOO
doesn't affect perl 5.16, so cauldron is safe.
CC: (none) => jquelinVersion: Cauldron => 2Whiteboard: MGA2TOO => (none)
fixed in perl-5.14.2-8.mga2, currently being built. qa: please validate & push to updates.
Assignee: jquelin => qa-bugs
Thanks Jerome! Advisory: ======================== Updated perl packages fix security vulnerability: It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code (CVE-2012-5195). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195 http://www.ubuntu.com/usn/usn-1643-1/ ======================== Updated packages in core/updates_testing: ======================== perl-5.14.2-8.mga2 perl-base-5.14.2-8.mga2 perl-devel-5.14.2-8.mga2 perl-doc-5.14.2-8.mga2 from perl-5.14.2-8.mga2.src.rpm
PoC: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689314 Before ------ $ perl -le 'print "v"x(2**31+1) ."=1"' Segmentation fault After ----- $ perl -le 'print "v"x(2**31+1) ."=1"' panic: memory wrap at -e line 1.
Whiteboard: (none) => has_procedure mga2-64-OK
Testing complete on Mageia 2 i586 and x86-64. Unlike Comment 5, I'm getting "Out of memory", with perl-5.14.2-7.mga2, rather then a segfault. Same with perl-5.14.2-8.mga2. For testing, I'm just checking that perl programs such as mgaapplet, rpmdrake, and diskdrake are working. Could someone from the sysadmin team push the srpm perl-5.14.2-8.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated perl packages fix security vulnerability: It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code (CVE-2012-5195). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195 http://www.ubuntu.com/usn/usn-1643-1/ https://bugs.mageia.org/show_bug.cgi?id=8253
Keywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugsWhiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK MGA2-32-OK
On Mageia 1, I get "Out of memory!" with the current version, and after rebuilding it with the patch. Strange. Anyway, I've checked the patch into Mageia 1 SVN if anyone ever wants it.
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED