| Errata ID | 298 |
|---|---|
| Date | 2016-10-20 |
| Source package | perl |
| Fixed in version | 5.14.2-21.82.201609281452 |
| Description | This update addresses the following issues: * ambiguous environment variables handling (CVE-2016-2381) * Some modules in Perl 5.x do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. (CVE-2016-1238) * The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. (CVE-2016-6185) |
| Additional notes | |
| CVE ID | CVE-2016-2381 CVE-2016-1238 CVE-2016-6185 |
| UCS Bug number | #37706 |
