Re: [SECURITY] [DSA 2267-1] perl security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2267-1] perl security update
From: Wolfgang Jeltsch <7o2lccqg@acme.softbase.org>
Date: Tue, 23 Aug 2011 17:43:56 +0200
Message-id: <[🔎] 1314114236.4649.7.camel@vivaldi>
In-reply-to: <20110701175258.GA6345@pisco.westfalen.local>
References: <20110701175258.GA6345@pisco.westfalen.local>

Am Freitag, den 01.07.2011, 19:52 +0200 schrieb Moritz Muehlenhoff:
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2267-1                   security@debian.org
> http://www.debian.org/security/                        Moritz Muehlenhoff
> July 01, 2011                          http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : perl
> Vulnerability  : restriction bypass
> Problem type   : local
> Debian-specific: no
> CVE ID         : CVE-2010-1447 
> Debian Bug     : 631529
> 
> It was discovered that Perl's Safe module - a module to compile and 
> execute code in restricted compartments - could by bypassed.

Hello,

is there any way to find out which Debian packages use Perl’s Safe
module? What damage could a local attacker have caused by exploiting the
Safe modules’s security flaw?

Best wishes,
Wolfgang

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2267-1] perl security update
  - From: Stephen Dowdy <sdowdy@ucar.edu>

Prev by Date: Mailing lists and auto replies
Next by Date: Re: [SECURITY] [DSA 2267-1] perl security update
Previous by thread: Mailing lists and auto replies
Next by thread: Re: [SECURITY] [DSA 2267-1] perl security update
Index(es):
- Date
- Thread