| Errata ID | 43 |
|---|---|
| Date | 2017-07-20 |
| Source package | perl |
| Fixed in version | 5.10.1-17.86.201611301406 |
| Description | This update addresses the following issues: * ambiguous environment variables handling (CVE-2016-2381) * Some modules in Perl 5.x do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. (CVE-2016-1238) |
| Additional notes | |
| CVE ID | CVE-2016-2381 CVE-2016-1238 |
| UCS Bug number | #41951 |
