Описание
Security update for perl
This update fixes a memory leak and an infinite recursion in Data::Dumper. (CVE-2014-4330)
Security Issues:
* CVE-2014-4330
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4330>
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
perl-5.10.0-64.70.1
perl-32bit-5.10.0-64.70.1
perl-Module-Build-0.2808.01-0.70.1
perl-Test-Simple-0.72-0.70.1
perl-base-5.10.0-64.70.1
perl-doc-5.10.0-64.70.1
SUSE Linux Enterprise Server 11 SP3
perl-5.10.0-64.70.1
perl-32bit-5.10.0-64.70.1
perl-Module-Build-0.2808.01-0.70.1
perl-Test-Simple-0.72-0.70.1
perl-base-5.10.0-64.70.1
perl-doc-5.10.0-64.70.1
perl-x86-5.10.0-64.70.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
perl-5.10.0-64.70.1
perl-32bit-5.10.0-64.70.1
perl-Module-Build-0.2808.01-0.70.1
perl-Test-Simple-0.72-0.70.1
perl-base-5.10.0-64.70.1
perl-doc-5.10.0-64.70.1
perl-x86-5.10.0-64.70.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
perl-5.10.0-64.70.1
perl-32bit-5.10.0-64.70.1
perl-Module-Build-0.2808.01-0.70.1
perl-Test-Simple-0.72-0.70.1
perl-base-5.10.0-64.70.1
perl-doc-5.10.0-64.70.1
perl-x86-5.10.0-64.70.1
SUSE Linux Enterprise Software Development Kit 11 SP3
perl-base-32bit-5.10.0-64.70.1
Ссылки
- Link for SUSE-RU-2015:0562-1
- E-Mail link for SUSE-RU-2015:0562-1
- SUSE Security Ratings
- SUSE Bug 838333
- SUSE Bug 896715
- SUSE Bug 900455
- SUSE CVE CVE-2014-4330 page
Описание
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:perl-32bit-5.10.0-64.70.1
SUSE Linux Enterprise Desktop 11 SP3:perl-5.10.0-64.70.1
SUSE Linux Enterprise Desktop 11 SP3:perl-Module-Build-0.2808.01-0.70.1
SUSE Linux Enterprise Desktop 11 SP3:perl-Test-Simple-0.72-0.70.1
Ссылки
- CVE-2014-4330
- SUSE Bug 896715