Re: [SECURITY] [DSA 2267-1] perl security update
Am Freitag, den 01.07.2011, 19:52 +0200 schrieb Moritz Muehlenhoff:
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2267-1 security@debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> July 01, 2011 http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package : perl
> Vulnerability : restriction bypass
> Problem type : local
> Debian-specific: no
> CVE ID : CVE-2010-1447
> Debian Bug : 631529
>
> It was discovered that Perl's Safe module - a module to compile and
> execute code in restricted compartments - could by bypassed.
Hello,
is there any way to find out which Debian packages use Perl’s Safe
module? What damage could a local attacker have caused by exploiting the
Safe modules’s security flaw?
Best wishes,
Wolfgang
Reply to: