Joined: 12 May 2004
|Posted: Wed Jan 29, 2014 8:26 am Post subject: [ GLSA 201401-33 ] Perl Digest-Base module: Arbitrary code e
|Gentoo Linux Security Advisory
Title: Perl Digest-Base module: Arbitrary code execution (GLSA 201401-33)
Date: January 29, 2014
A vulnerability has been found in the Digest-Base Perl module,
allowing remote attackers to execute arbitrary code.
Digest-Base is a set of Perl modules that calculate message digests
Vulnerable: < 1.170.0
Unaffected: >= 1.170.0
Architectures: All supported architectures
The vulnerability is caused due to the “Digest->new()” function
not properly sanitising input before using it in an “eval()” call.
The vulnerability might allow an attacker to execute arbitrary code.
There is no known workaround at this time.
All Digest-Base module users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=perl-core/digest-base-1.170.0"