Perl: Multiple vulnerabilities — GLSA 201701-75

Multiple vulnerabilities have been found in Perl, the worst of which could allow remote attackers to execute arbitrary code.

Affected Packages

dev-lang/perl on all architectures
Affected versions < 5.22.3_rc4
Unaffected versions >= 5.22.3_rc4

Background

Perl is a highly capable, feature-rich programming language.

Description

Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or escalate privileges.

Workaround

There is no known workaround at this time.

Resolution

All Perl users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.22.3_rc4"
 

Warning: When you are upgrading to a new major Perl version, the commands above may not be sufficient. Please visit the Gentoo wiki referenced below to learn how to upgrade to a new major Perl version.

References

Release Date
January 29, 2017

Latest Revision
June 01, 2017: 2

Severity
normal

Exploitable
local, remote

Bugzilla entries