ID CVE-2016-1238
Summary (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
References
Vulnerable Configurations
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • cpe:2.3:a:perl:perl:1.0.15
    cpe:2.3:a:perl:perl:1.0.15
  • cpe:2.3:a:perl:perl:1.0.16
    cpe:2.3:a:perl:perl:1.0.16
  • cpe:2.3:a:perl:perl:5.000
    cpe:2.3:a:perl:perl:5.000
  • cpe:2.3:a:perl:perl:5.000o
    cpe:2.3:a:perl:perl:5.000o
  • cpe:2.3:a:perl:perl:5.001
    cpe:2.3:a:perl:perl:5.001
  • cpe:2.3:a:perl:perl:5.001n
    cpe:2.3:a:perl:perl:5.001n
  • cpe:2.3:a:perl:perl:5.002
    cpe:2.3:a:perl:perl:5.002
  • cpe:2.3:a:perl:perl:5.002_01
    cpe:2.3:a:perl:perl:5.002_01
  • cpe:2.3:a:perl:perl:5.003
    cpe:2.3:a:perl:perl:5.003
  • cpe:2.3:a:perl:perl:5.003_01
    cpe:2.3:a:perl:perl:5.003_01
  • cpe:2.3:a:perl:perl:5.003_02
    cpe:2.3:a:perl:perl:5.003_02
  • cpe:2.3:a:perl:perl:5.003_03
    cpe:2.3:a:perl:perl:5.003_03
  • cpe:2.3:a:perl:perl:5.003_04
    cpe:2.3:a:perl:perl:5.003_04
  • cpe:2.3:a:perl:perl:5.003_05
    cpe:2.3:a:perl:perl:5.003_05
  • cpe:2.3:a:perl:perl:5.003_07
    cpe:2.3:a:perl:perl:5.003_07
  • cpe:2.3:a:perl:perl:5.003_08
    cpe:2.3:a:perl:perl:5.003_08
  • cpe:2.3:a:perl:perl:5.003_09
    cpe:2.3:a:perl:perl:5.003_09
  • cpe:2.3:a:perl:perl:5.003_10
    cpe:2.3:a:perl:perl:5.003_10
  • cpe:2.3:a:perl:perl:5.003_11
    cpe:2.3:a:perl:perl:5.003_11
  • cpe:2.3:a:perl:perl:5.003_12
    cpe:2.3:a:perl:perl:5.003_12
  • cpe:2.3:a:perl:perl:5.003_13
    cpe:2.3:a:perl:perl:5.003_13
  • cpe:2.3:a:perl:perl:5.003_14
    cpe:2.3:a:perl:perl:5.003_14
  • cpe:2.3:a:perl:perl:5.003_15
    cpe:2.3:a:perl:perl:5.003_15
  • cpe:2.3:a:perl:perl:5.003_16
    cpe:2.3:a:perl:perl:5.003_16
  • cpe:2.3:a:perl:perl:5.003_17
    cpe:2.3:a:perl:perl:5.003_17
  • cpe:2.3:a:perl:perl:5.003_18
    cpe:2.3:a:perl:perl:5.003_18
  • cpe:2.3:a:perl:perl:5.003_19
    cpe:2.3:a:perl:perl:5.003_19
  • cpe:2.3:a:perl:perl:5.003_20
    cpe:2.3:a:perl:perl:5.003_20
  • cpe:2.3:a:perl:perl:5.003_21
    cpe:2.3:a:perl:perl:5.003_21
  • cpe:2.3:a:perl:perl:5.003_22
    cpe:2.3:a:perl:perl:5.003_22
  • cpe:2.3:a:perl:perl:5.003_23
    cpe:2.3:a:perl:perl:5.003_23
  • cpe:2.3:a:perl:perl:5.003_24
    cpe:2.3:a:perl:perl:5.003_24
  • cpe:2.3:a:perl:perl:5.003_25
    cpe:2.3:a:perl:perl:5.003_25
  • cpe:2.3:a:perl:perl:5.003_26
    cpe:2.3:a:perl:perl:5.003_26
  • cpe:2.3:a:perl:perl:5.003_27
    cpe:2.3:a:perl:perl:5.003_27
  • cpe:2.3:a:perl:perl:5.003_28
    cpe:2.3:a:perl:perl:5.003_28
  • cpe:2.3:a:perl:perl:5.003_90
    cpe:2.3:a:perl:perl:5.003_90
  • cpe:2.3:a:perl:perl:5.003_91
    cpe:2.3:a:perl:perl:5.003_91
  • cpe:2.3:a:perl:perl:5.003_92
    cpe:2.3:a:perl:perl:5.003_92
  • cpe:2.3:a:perl:perl:5.003_93
    cpe:2.3:a:perl:perl:5.003_93
  • cpe:2.3:a:perl:perl:5.003_94
    cpe:2.3:a:perl:perl:5.003_94
  • cpe:2.3:a:perl:perl:5.003_95
    cpe:2.3:a:perl:perl:5.003_95
  • cpe:2.3:a:perl:perl:5.003_96
    cpe:2.3:a:perl:perl:5.003_96
  • cpe:2.3:a:perl:perl:5.003_97
    cpe:2.3:a:perl:perl:5.003_97
  • cpe:2.3:a:perl:perl:5.003_97a
    cpe:2.3:a:perl:perl:5.003_97a
  • cpe:2.3:a:perl:perl:5.003_97b
    cpe:2.3:a:perl:perl:5.003_97b
  • cpe:2.3:a:perl:perl:5.003_97c
    cpe:2.3:a:perl:perl:5.003_97c
  • cpe:2.3:a:perl:perl:5.003_97d
    cpe:2.3:a:perl:perl:5.003_97d
  • cpe:2.3:a:perl:perl:5.003_97e
    cpe:2.3:a:perl:perl:5.003_97e
  • cpe:2.3:a:perl:perl:5.003_97f
    cpe:2.3:a:perl:perl:5.003_97f
  • cpe:2.3:a:perl:perl:5.003_97g
    cpe:2.3:a:perl:perl:5.003_97g
  • cpe:2.3:a:perl:perl:5.003_97h
    cpe:2.3:a:perl:perl:5.003_97h
  • cpe:2.3:a:perl:perl:5.003_97i
    cpe:2.3:a:perl:perl:5.003_97i
  • cpe:2.3:a:perl:perl:5.003_97j
    cpe:2.3:a:perl:perl:5.003_97j
  • cpe:2.3:a:perl:perl:5.003_98
    cpe:2.3:a:perl:perl:5.003_98
  • cpe:2.3:a:perl:perl:5.003_99
    cpe:2.3:a:perl:perl:5.003_99
  • cpe:2.3:a:perl:perl:5.003_99a
    cpe:2.3:a:perl:perl:5.003_99a
  • cpe:2.3:a:perl:perl:5.004
    cpe:2.3:a:perl:perl:5.004
  • cpe:2.3:a:perl:perl:5.004_01
    cpe:2.3:a:perl:perl:5.004_01
  • cpe:2.3:a:perl:perl:5.004_02
    cpe:2.3:a:perl:perl:5.004_02
  • cpe:2.3:a:perl:perl:5.004_03
    cpe:2.3:a:perl:perl:5.004_03
  • cpe:2.3:a:perl:perl:5.004_04
    cpe:2.3:a:perl:perl:5.004_04
  • cpe:2.3:a:perl:perl:5.004_05
    cpe:2.3:a:perl:perl:5.004_05
  • cpe:2.3:a:perl:perl:5.005
    cpe:2.3:a:perl:perl:5.005
  • cpe:2.3:a:perl:perl:5.005_01
    cpe:2.3:a:perl:perl:5.005_01
  • cpe:2.3:a:perl:perl:5.005_02
    cpe:2.3:a:perl:perl:5.005_02
  • cpe:2.3:a:perl:perl:5.005_03
    cpe:2.3:a:perl:perl:5.005_03
  • cpe:2.3:a:perl:perl:5.005_04
    cpe:2.3:a:perl:perl:5.005_04
  • cpe:2.3:a:perl:perl:5.6
    cpe:2.3:a:perl:perl:5.6
  • Perl 5.6.0
    cpe:2.3:a:perl:perl:5.6.0
  • Perl 5.6.1
    cpe:2.3:a:perl:perl:5.6.1
  • cpe:2.3:a:perl:perl:5.6.2
    cpe:2.3:a:perl:perl:5.6.2
  • cpe:2.3:a:perl:perl:5.7.3
    cpe:2.3:a:perl:perl:5.7.3
  • cpe:2.3:a:perl:perl:5.8
    cpe:2.3:a:perl:perl:5.8
  • Perl 5.8.0
    cpe:2.3:a:perl:perl:5.8.0
  • Perl 5.8.1
    cpe:2.3:a:perl:perl:5.8.1
  • Perl 5.8.2
    cpe:2.3:a:perl:perl:5.8.2
  • Perl 5.8.3
    cpe:2.3:a:perl:perl:5.8.3
  • Perl 5.8.4
    cpe:2.3:a:perl:perl:5.8.4
  • Perl 5.8.5
    cpe:2.3:a:perl:perl:5.8.5
  • Perl 5.8.6
    cpe:2.3:a:perl:perl:5.8.6
  • Perl 5.8.7
    cpe:2.3:a:perl:perl:5.8.7
  • Perl 5.8.8
    cpe:2.3:a:perl:perl:5.8.8
  • Perl 5.8.9
    cpe:2.3:a:perl:perl:5.8.9
  • cpe:2.3:a:perl:perl:5.8.9:rc1
    cpe:2.3:a:perl:perl:5.8.9:rc1
  • cpe:2.3:a:perl:perl:5.9.0
    cpe:2.3:a:perl:perl:5.9.0
  • cpe:2.3:a:perl:perl:5.9.1
    cpe:2.3:a:perl:perl:5.9.1
  • Perl 5.9.2
    cpe:2.3:a:perl:perl:5.9.2
  • cpe:2.3:a:perl:perl:5.9.3
    cpe:2.3:a:perl:perl:5.9.3
  • cpe:2.3:a:perl:perl:5.9.4
    cpe:2.3:a:perl:perl:5.9.4
  • cpe:2.3:a:perl:perl:5.9.5
    cpe:2.3:a:perl:perl:5.9.5
  • Perl perl 5.10
    cpe:2.3:a:perl:perl:5.10
  • Perl 5.10.0
    cpe:2.3:a:perl:perl:5.10.0
  • Perl 5.10.1
    cpe:2.3:a:perl:perl:5.10.1
  • Perl 5.10.1 Release Candidate 1
    cpe:2.3:a:perl:perl:5.10.1:rc1
  • Perl 5.10.1 Release Candidate 2
    cpe:2.3:a:perl:perl:5.10.1:rc2
  • Perl 5.11.0
    cpe:2.3:a:perl:perl:5.11.0
  • Perl perl 5.11.1
    cpe:2.3:a:perl:perl:5.11.1
  • Perl 5.11.2
    cpe:2.3:a:perl:perl:5.11.2
  • Perl 5.11.3
    cpe:2.3:a:perl:perl:5.11.3
  • Perl 5.11.4
    cpe:2.3:a:perl:perl:5.11.4
  • Perl 5.11.5
    cpe:2.3:a:perl:perl:5.11.5
  • Perl 5.12.0
    cpe:2.3:a:perl:perl:5.12.0
  • Perl 5.12.0 Release Candidate 0
    cpe:2.3:a:perl:perl:5.12.0:rc0
  • Perl 5.12.0 Release Candidate 1
    cpe:2.3:a:perl:perl:5.12.0:rc1
  • Perl 5.12.0 Release Candidate 2
    cpe:2.3:a:perl:perl:5.12.0:rc2
  • Perl 5.12.0 Release Candidate 3
    cpe:2.3:a:perl:perl:5.12.0:rc3
  • Perl 5.12.0 Release Candidate 4
    cpe:2.3:a:perl:perl:5.12.0:rc4
  • Perl 5.12.0 Release Candidate 5
    cpe:2.3:a:perl:perl:5.12.0:rc5
  • Perl 5.12.1
    cpe:2.3:a:perl:perl:5.12.1
  • cpe:2.3:a:perl:perl:5.12.1:rc0
    cpe:2.3:a:perl:perl:5.12.1:rc0
  • Perl 5.12.1 Release Candidate 1
    cpe:2.3:a:perl:perl:5.12.1:rc1
  • Perl 5.12.1 Release Candidate 2
    cpe:2.3:a:perl:perl:5.12.1:rc2
  • Perl 5.12.2
    cpe:2.3:a:perl:perl:5.12.2
  • Perl 5.12.2 Release Candidate 1
    cpe:2.3:a:perl:perl:5.12.2:rc1
  • Perl 5.12.3
    cpe:2.3:a:perl:perl:5.12.3
  • Perl 5.12.3 Release Candidate 1
    cpe:2.3:a:perl:perl:5.12.3:rc1
  • Perl 5.12.3 Release Candidate 2
    cpe:2.3:a:perl:perl:5.12.3:rc2
  • Perl 5.12.3 Release Candidate 3
    cpe:2.3:a:perl:perl:5.12.3:rc3
  • cpe:2.3:a:perl:perl:5.12.4
    cpe:2.3:a:perl:perl:5.12.4
  • cpe:2.3:a:perl:perl:5.12.4:rc1
    cpe:2.3:a:perl:perl:5.12.4:rc1
  • cpe:2.3:a:perl:perl:5.12.4:rc2
    cpe:2.3:a:perl:perl:5.12.4:rc2
  • cpe:2.3:a:perl:perl:5.12.5
    cpe:2.3:a:perl:perl:5.12.5
  • cpe:2.3:a:perl:perl:5.12.5:rc1
    cpe:2.3:a:perl:perl:5.12.5:rc1
  • cpe:2.3:a:perl:perl:5.12.5:rc2
    cpe:2.3:a:perl:perl:5.12.5:rc2
  • Perl 5.13.0
    cpe:2.3:a:perl:perl:5.13.0
  • Perl 5.13.1
    cpe:2.3:a:perl:perl:5.13.1
  • Perl 5.13.2
    cpe:2.3:a:perl:perl:5.13.2
  • Perl 5.13.3
    cpe:2.3:a:perl:perl:5.13.3
  • Perl 5.13.4
    cpe:2.3:a:perl:perl:5.13.4
  • Perl 5.13.5
    cpe:2.3:a:perl:perl:5.13.5
  • Perl 5.13.6
    cpe:2.3:a:perl:perl:5.13.6
  • Perl 5.13.7
    cpe:2.3:a:perl:perl:5.13.7
  • Perl 5.13.8
    cpe:2.3:a:perl:perl:5.13.8
  • Perl 5.13.9
    cpe:2.3:a:perl:perl:5.13.9
  • Perl 5.13.10
    cpe:2.3:a:perl:perl:5.13.10
  • Perl 5.13.11
    cpe:2.3:a:perl:perl:5.13.11
  • Perl 5.14.0
    cpe:2.3:a:perl:perl:5.14.0
  • Perl 5.14.0 Release Candidate 1
    cpe:2.3:a:perl:perl:5.14.0:rc1
  • Perl 5.14.0 Release Candidate 2
    cpe:2.3:a:perl:perl:5.14.0:rc2
  • Perl 5.14.0 Release Candidate 3
    cpe:2.3:a:perl:perl:5.14.0:rc3
  • Perl 5.14.1
    cpe:2.3:a:perl:perl:5.14.1
  • cpe:2.3:a:perl:perl:5.14.1:rc1
    cpe:2.3:a:perl:perl:5.14.1:rc1
  • Perl 5.14.2
    cpe:2.3:a:perl:perl:5.14.2
  • cpe:2.3:a:perl:perl:5.14.2:rc1
    cpe:2.3:a:perl:perl:5.14.2:rc1
  • Perl 5.14.3
    cpe:2.3:a:perl:perl:5.14.3
  • cpe:2.3:a:perl:perl:5.14.3:rc1
    cpe:2.3:a:perl:perl:5.14.3:rc1
  • cpe:2.3:a:perl:perl:5.14.3:rc2
    cpe:2.3:a:perl:perl:5.14.3:rc2
  • cpe:2.3:a:perl:perl:5.14.4
    cpe:2.3:a:perl:perl:5.14.4
  • cpe:2.3:a:perl:perl:5.14.4:rc1
    cpe:2.3:a:perl:perl:5.14.4:rc1
  • cpe:2.3:a:perl:perl:5.14.4:rc2
    cpe:2.3:a:perl:perl:5.14.4:rc2
  • cpe:2.3:a:perl:perl:5.15.0
    cpe:2.3:a:perl:perl:5.15.0
  • cpe:2.3:a:perl:perl:5.15.1
    cpe:2.3:a:perl:perl:5.15.1
  • cpe:2.3:a:perl:perl:5.15.2
    cpe:2.3:a:perl:perl:5.15.2
  • cpe:2.3:a:perl:perl:5.15.3
    cpe:2.3:a:perl:perl:5.15.3
  • cpe:2.3:a:perl:perl:5.15.4
    cpe:2.3:a:perl:perl:5.15.4
  • cpe:2.3:a:perl:perl:5.15.5
    cpe:2.3:a:perl:perl:5.15.5
  • cpe:2.3:a:perl:perl:5.15.6
    cpe:2.3:a:perl:perl:5.15.6
  • cpe:2.3:a:perl:perl:5.15.7
    cpe:2.3:a:perl:perl:5.15.7
  • cpe:2.3:a:perl:perl:5.15.8
    cpe:2.3:a:perl:perl:5.15.8
  • cpe:2.3:a:perl:perl:5.15.9
    cpe:2.3:a:perl:perl:5.15.9
  • Perl 5.16.0
    cpe:2.3:a:perl:perl:5.16.0
  • cpe:2.3:a:perl:perl:5.16.0:rc1
    cpe:2.3:a:perl:perl:5.16.0:rc1
  • cpe:2.3:a:perl:perl:5.16.0:rc2
    cpe:2.3:a:perl:perl:5.16.0:rc2
  • Perl 5.16.1
    cpe:2.3:a:perl:perl:5.16.1
  • Perl 5.16.2
    cpe:2.3:a:perl:perl:5.16.2
  • cpe:2.3:a:perl:perl:5.16.3:rc1
    cpe:2.3:a:perl:perl:5.16.3:rc1
  • cpe:2.3:a:perl:perl:5.16.3.
    cpe:2.3:a:perl:perl:5.16.3.
  • cpe:2.3:a:perl:perl:5.17.0
    cpe:2.3:a:perl:perl:5.17.0
  • cpe:2.3:a:perl:perl:5.17.1
    cpe:2.3:a:perl:perl:5.17.1
  • cpe:2.3:a:perl:perl:5.17.2
    cpe:2.3:a:perl:perl:5.17.2
  • cpe:2.3:a:perl:perl:5.17.3
    cpe:2.3:a:perl:perl:5.17.3
  • cpe:2.3:a:perl:perl:5.17.4
    cpe:2.3:a:perl:perl:5.17.4
  • cpe:2.3:a:perl:perl:5.17.5
    cpe:2.3:a:perl:perl:5.17.5
  • cpe:2.3:a:perl:perl:5.17.6
    cpe:2.3:a:perl:perl:5.17.6
  • Perl 5.17.7
    cpe:2.3:a:perl:perl:5.17.7
  • cpe:2.3:a:perl:perl:5.17.7.0
    cpe:2.3:a:perl:perl:5.17.7.0
  • cpe:2.3:a:perl:perl:5.17.8
    cpe:2.3:a:perl:perl:5.17.8
  • cpe:2.3:a:perl:perl:5.17.9
    cpe:2.3:a:perl:perl:5.17.9
  • cpe:2.3:a:perl:perl:5.17.10
    cpe:2.3:a:perl:perl:5.17.10
  • cpe:2.3:a:perl:perl:5.17.11
    cpe:2.3:a:perl:perl:5.17.11
  • cpe:2.3:a:perl:perl:5.18.0
    cpe:2.3:a:perl:perl:5.18.0
  • cpe:2.3:a:perl:perl:5.18.0:rc1
    cpe:2.3:a:perl:perl:5.18.0:rc1
  • cpe:2.3:a:perl:perl:5.18.0:rc2
    cpe:2.3:a:perl:perl:5.18.0:rc2
  • cpe:2.3:a:perl:perl:5.18.0:rc3
    cpe:2.3:a:perl:perl:5.18.0:rc3
  • cpe:2.3:a:perl:perl:5.18.0:rc4
    cpe:2.3:a:perl:perl:5.18.0:rc4
  • cpe:2.3:a:perl:perl:5.18.1
    cpe:2.3:a:perl:perl:5.18.1
  • cpe:2.3:a:perl:perl:5.18.2
    cpe:2.3:a:perl:perl:5.18.2
  • cpe:2.3:a:perl:perl:5.18.2:rc1
    cpe:2.3:a:perl:perl:5.18.2:rc1
  • cpe:2.3:a:perl:perl:5.18.2:rc2
    cpe:2.3:a:perl:perl:5.18.2:rc2
  • cpe:2.3:a:perl:perl:5.18.2:rc3
    cpe:2.3:a:perl:perl:5.18.2:rc3
  • cpe:2.3:a:perl:perl:5.18.2:rc4
    cpe:2.3:a:perl:perl:5.18.2:rc4
  • cpe:2.3:a:perl:perl:5.18.3
    cpe:2.3:a:perl:perl:5.18.3
  • cpe:2.3:a:perl:perl:5.18.3:rc1
    cpe:2.3:a:perl:perl:5.18.3:rc1
  • cpe:2.3:a:perl:perl:5.18.3:rc2
    cpe:2.3:a:perl:perl:5.18.3:rc2
  • Perl 5.18.4
    cpe:2.3:a:perl:perl:5.18.4
  • cpe:2.3:a:perl:perl:5.19.0
    cpe:2.3:a:perl:perl:5.19.0
  • cpe:2.3:a:perl:perl:5.19.1
    cpe:2.3:a:perl:perl:5.19.1
  • cpe:2.3:a:perl:perl:5.19.2
    cpe:2.3:a:perl:perl:5.19.2
  • cpe:2.3:a:perl:perl:5.19.3
    cpe:2.3:a:perl:perl:5.19.3
  • cpe:2.3:a:perl:perl:5.19.4
    cpe:2.3:a:perl:perl:5.19.4
  • cpe:2.3:a:perl:perl:5.19.5
    cpe:2.3:a:perl:perl:5.19.5
  • cpe:2.3:a:perl:perl:5.19.6
    cpe:2.3:a:perl:perl:5.19.6
  • cpe:2.3:a:perl:perl:5.19.7
    cpe:2.3:a:perl:perl:5.19.7
  • cpe:2.3:a:perl:perl:5.19.8
    cpe:2.3:a:perl:perl:5.19.8
  • cpe:2.3:a:perl:perl:5.19.9
    cpe:2.3:a:perl:perl:5.19.9
  • cpe:2.3:a:perl:perl:5.19.10
    cpe:2.3:a:perl:perl:5.19.10
  • cpe:2.3:a:perl:perl:5.19.11
    cpe:2.3:a:perl:perl:5.19.11
  • cpe:2.3:a:perl:perl:5.20.0
    cpe:2.3:a:perl:perl:5.20.0
  • cpe:2.3:a:perl:perl:5.20.0:rc1
    cpe:2.3:a:perl:perl:5.20.0:rc1
  • Perl 5.20.1
    cpe:2.3:a:perl:perl:5.20.1
  • cpe:2.3:a:perl:perl:5.20.1:rc1
    cpe:2.3:a:perl:perl:5.20.1:rc1
  • cpe:2.3:a:perl:perl:5.20.1:rc2
    cpe:2.3:a:perl:perl:5.20.1:rc2
  • cpe:2.3:a:perl:perl:5.20.2
    cpe:2.3:a:perl:perl:5.20.2
  • cpe:2.3:a:perl:perl:5.20.2:rc1
    cpe:2.3:a:perl:perl:5.20.2:rc1
  • cpe:2.3:a:perl:perl:5.20.3
    cpe:2.3:a:perl:perl:5.20.3
  • cpe:2.3:a:perl:perl:5.20.3:rc1
    cpe:2.3:a:perl:perl:5.20.3:rc1
  • cpe:2.3:a:perl:perl:5.20.3:rc2
    cpe:2.3:a:perl:perl:5.20.3:rc2
  • cpe:2.3:a:perl:perl:5.21.0
    cpe:2.3:a:perl:perl:5.21.0
  • cpe:2.3:a:perl:perl:5.21.1
    cpe:2.3:a:perl:perl:5.21.1
  • cpe:2.3:a:perl:perl:5.21.2
    cpe:2.3:a:perl:perl:5.21.2
  • cpe:2.3:a:perl:perl:5.21.3
    cpe:2.3:a:perl:perl:5.21.3
  • cpe:2.3:a:perl:perl:5.21.4
    cpe:2.3:a:perl:perl:5.21.4
  • cpe:2.3:a:perl:perl:5.21.5
    cpe:2.3:a:perl:perl:5.21.5
  • cpe:2.3:a:perl:perl:5.21.6
    cpe:2.3:a:perl:perl:5.21.6
  • cpe:2.3:a:perl:perl:5.21.7
    cpe:2.3:a:perl:perl:5.21.7
  • cpe:2.3:a:perl:perl:5.21.8
    cpe:2.3:a:perl:perl:5.21.8
  • cpe:2.3:a:perl:perl:5.21.9
    cpe:2.3:a:perl:perl:5.21.9
  • cpe:2.3:a:perl:perl:5.21.10
    cpe:2.3:a:perl:perl:5.21.10
  • cpe:2.3:a:perl:perl:5.21.11
    cpe:2.3:a:perl:perl:5.21.11
  • cpe:2.3:a:perl:perl:5.22.0
    cpe:2.3:a:perl:perl:5.22.0
  • cpe:2.3:a:perl:perl:5.22.0:rc1
    cpe:2.3:a:perl:perl:5.22.0:rc1
  • cpe:2.3:a:perl:perl:5.22.0:rc2
    cpe:2.3:a:perl:perl:5.22.0:rc2
  • cpe:2.3:a:perl:perl:5.22.1
    cpe:2.3:a:perl:perl:5.22.1
  • cpe:2.3:a:perl:perl:5.22.1:rc1
    cpe:2.3:a:perl:perl:5.22.1:rc1
  • cpe:2.3:a:perl:perl:5.22.1:rc2
    cpe:2.3:a:perl:perl:5.22.1:rc2
  • cpe:2.3:a:perl:perl:5.22.1:rc3
    cpe:2.3:a:perl:perl:5.22.1:rc3
  • cpe:2.3:a:perl:perl:5.22.1:rc4
    cpe:2.3:a:perl:perl:5.22.1:rc4
  • cpe:2.3:a:perl:perl:5.22.2
    cpe:2.3:a:perl:perl:5.22.2
  • cpe:2.3:a:perl:perl:5.22.2:rc1
    cpe:2.3:a:perl:perl:5.22.2:rc1
  • cpe:2.3:a:perl:perl:5.22.3:rc1
    cpe:2.3:a:perl:perl:5.22.3:rc1
  • cpe:2.3:a:perl:perl:5.24.0
    cpe:2.3:a:perl:perl:5.24.0
  • cpe:2.3:a:perl:perl:5.24.0:rc1
    cpe:2.3:a:perl:perl:5.24.0:rc1
  • cpe:2.3:a:perl:perl:5.24.0:rc2
    cpe:2.3:a:perl:perl:5.24.0:rc2
  • cpe:2.3:a:perl:perl:5.24.0:rc3
    cpe:2.3:a:perl:perl:5.24.0:rc3
  • cpe:2.3:a:perl:perl:5.24.0:rc4
    cpe:2.3:a:perl:perl:5.24.0:rc4
  • cpe:2.3:a:perl:perl:5.24.0:rc5
    cpe:2.3:a:perl:perl:5.24.0:rc5
  • cpe:2.3:a:perl:perl:5.24.1:rc1
    cpe:2.3:a:perl:perl:5.24.1:rc1
CVSS
Base: 7.2 (as of 03-08-2016 - 13:01)
Impact:
Exploitability:
CWE CWE-264
CAPEC
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-DD20A4631A.NASL
    description This update adds an option 'FORCE_SAFE_INC', which, if set (it isn't by default), removes the current directory from the module load path so as to avoid loading code from a potentially unsafe place (CVE-2016-1238). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92810
    published 2016-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92810
    title Fedora 24 : perl-Module-Load-Conditional (2016-dd20a4631a)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-75.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-75 (Perl: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or escalate privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-06-01
    plugin id 96861
    published 2017-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96861
    title GLSA-201701-75 : Perl: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-0AA251BC9B.NASL
    description This update adds an option 'FORCE_SAFE_INC', which, if set (it isn't by default), removes the current directory from the module load path so as to avoid loading code from a potentially unsafe place (CVE-2016-1238). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92797
    published 2016-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92797
    title Fedora 23 : perl-Module-Load-Conditional (2016-0aa251bc9b)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2246-1.NASL
    description This update for perl fixes the following issues : - CVE-2016-6185: xsloader looking at a '(eval)' directory [bsc#988311] - CVE-2016-1238: searching current directory for optional modules [bsc#987887] - CVE-2015-8853: regex engine hanging on bad utf8 [bnc976584] - CVE-2016-2381: environment dup handling bug [bsc#967082] - perl panic with utf8_mg_pos_cache_update [bsc#929027] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93371
    published 2016-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93371
    title SUSE SLES11 Security Update : perl (SUSE-SU-2016:2246-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_72BFBB095A6A11E6A6C314DAE9D210B8.NASL
    description Sawyer X reports : Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 92741
    published 2016-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92741
    title FreeBSD : perl -- local arbitrary code execution (72bfbb09-5a6a-11e6-a6c3-14dae9d210b8)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2263-1.NASL
    description This update for Perl fixes the following issues : - CVE-2016-6185: Xsloader looking at a '(eval)' directory. (bsc#988311) - CVE-2016-1238: Searching current directory for optional modules. (bsc#987887) - CVE-2015-8853: Regular expression engine hanging on bad utf8. (bsc) - CVE-2016-2381: Environment dup handling bug. (bsc#967082) - 'Insecure dependency in require' error in taint mode. (bsc#984906) - Memory leak in 'use utf8' handling. (bsc#928292) - Missing lock prototype to the debugger. (bsc#932894) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93437
    published 2016-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93437
    title SUSE SLED12 / SLES12 Security Update : perl (SUSE-SU-2016:2263-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-584.NASL
    description John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory (which might be changed to another directory without the user realising) and potentially leading to privilege escalation, as demonstrated in Debian with certain combinations of installed packages. The problem relates to Perl loading modules from the includes directory array ('@INC') in which the last element is the current directory ('.'). That means that, when 'perl' wants to load a module (during first compilation or during lazy loading of a module in run time), perl will look for the module in the current directory at the end, since '.' is the last include directory in its array of include directories to seek. The issue is with requiring libraries that are in '.' but are not otherwise installed. With this update the Sys::Syslog Perl module is updated to not load modules from current directory. For Debian 7 'Wheezy', these problems have been fixed in version 0.29-1+deb7u1. We recommend that you upgrade your libsys-syslog-perl packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 92727
    published 2016-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92727
    title Debian DLA-584-1 : libsys-syslog-perl security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3628.NASL
    description Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-1238 John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory (which might be changed to another directory without the user realising) and potentially leading to privilege escalation, as demonstrated in Debian with certain combinations of installed packages. The problem relates to Perl loading modules from the includes directory array ('@INC') in which the last element is the current directory ('.'). That means that, when 'perl' wants to load a module (during first compilation or during lazy loading of a module in run time), perl will look for the module in the current directory at the end, since '.' is the last include directory in its array of include directories to seek. The issue is with requiring libraries that are in '.' but are not otherwise installed. With this update several modules which are known to be vulnerable are updated to not load modules from current directory. Additionally the update allows configurable removal of '.' from @INC in /etc/perl/sitecustomize.pl for a transitional period. It is recommended to enable this setting if the possible breakage for a specific site has been evaluated. Problems in packages provided in Debian resulting from the switch to the removal of '.' from @INC should be reported to the Perl maintainers at perl@packages.debian.org . It is planned to switch to the default removal of '.' in @INC in a subsequent update to perl via a point release if possible, and in any case for the upcoming stable release Debian 9 (stretch). - CVE-2016-6185 It was discovered that XSLoader, a core module from Perl to dynamically load C libraries into Perl code, could load shared library from incorrect location. XSLoader uses caller() information to locate the .so file to load. This can be incorrect if XSLoader::load() is called in a string eval. An attacker can take advantage of this flaw to execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 92548
    published 2016-07-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92548
    title Debian DSA-3628-1 : perl - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-6EC2009080.NASL
    description Security fix for CVE-2016-1238 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 93058
    published 2016-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93058
    title Fedora 23 : 4:perl (2016-6ec2009080)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201812-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201812-07 (SpamAssassin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in SpamAssassin. Please review the referenced CVE identifiers for details. Impact : A remote attacker could execute arbitrary code, escalate privileges, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-17
    plugin id 119703
    published 2018-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119703
    title GLSA-201812-07 : SpamAssassin: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1578.NASL
    description Multiple vulnerabilities were found in Spamassassin, which could lead to Remote Code Execution and Denial of Service attacks under certain circumstances. CVE-2016-1238 Many Perl programs do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. CVE-2017-15705 A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. CVE-2018-11780 A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2. CVE-2018-11781 Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. For Debian 8 'Jessie', these problems have been fixed in version 3.4.2-0+deb8u1. Upstream strongly advocates upgrading to the latest upstream version so we are following that recommendation and backported the version published as part of the 9.6 stretch release, which also fixes many critical bugs. We recommend that you upgrade your spamassassin packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 118938
    published 2018-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118938
    title Debian DLA-1578-1 : spamassassin security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-E9E5C081D4.NASL
    description Security fix for CVE-2016-1238 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92738
    published 2016-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92738
    title Fedora 24 : 4:perl (2016-e9e5c081d4)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-565.NASL
    description Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2016-1238 John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code from the current working directory (which might be changed to another directory without the user realising) and potentially leading to privilege escalation, as demonstrated in Debian with certain combinations of installed packages. The problem relates to Perl loading modules from the includes directory array ('@INC') in which the last element is the current directory ('.'). That means that, when 'perl' wants to load a module (during first compilation or during lazy loading of a module in run- time), perl will look for the module in the current directory at the end, since '.' is the last include directory in its array of include directories to seek. The issue is with requiring libraries that are in '.' but are not otherwise installed. With this update several modules which are known to be vulnerable are updated to not load modules from current directory. Additionally the update allows configurable removal of '.' from @INC in /etc/perl/sitecustomize.pl for a transitional period. It is recommended to enable this setting if the possible breakage for a specific site has been evaluated. Problems in packages provided in Debian resulting from the switch to the removal of '.' from @INC should be reported to the Perl maintainers at perl@packages.debian.org . CVE-2016-6185 It was discovered that XSLoader, a core module from Perl to dynamically load C libraries into Perl code, could load shared library from incorrect location. XSLoader uses caller() information to locate the .so file to load. This can be incorrect if XSLoader::load() is called in a string eval. An attacker can take advantage of this flaw to execute arbitrary code. For Debian 7 'Wheezy', these problems have been fixed in version 5.14.2-21+deb7u4. We recommend that you upgrade your perl packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 92613
    published 2016-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92613
    title Debian DLA-565-1 : perl security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1086.NASL
    description This update for Perl fixes the following issues : - CVE-2016-6185: Xsloader looking at a '(eval)' directory. (bsc#988311) - CVE-2016-1238: Searching current directory for optional modules. (bsc#987887) - CVE-2015-8853: Regular expression engine hanging on bad utf8. (bsc) - CVE-2016-2381: Environment dup handling bug. (bsc#967082) - 'Insecure dependency in require' error in taint mode. (bsc#984906) - Memory leak in 'use utf8' handling. (bsc#928292) - Missing lock prototype to the debugger. (bsc#932894) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 93583
    published 2016-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93583
    title openSUSE Security Update : perl (openSUSE-2016-1086)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_613193A0C1B411E8AE2D54E1AD3D6335.NASL
    description the Apache Spamassassin project reports : In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the 'open' event is immediately followed by a 'close' event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the 'text' event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. Fix a reliance on '.' in @INC in one configuration script. Whether this can be exploited in any way is uncertain. Fix a potential Remote Code Execution bug with the PDFInfo plugin. Thanks to cPanel Security Team for their report of this issue. Fourth, this release fixes a local user code injection in the meta rule syntax. Thanks again to cPanel Security Team for their report of this issue.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 117721
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117721
    title FreeBSD : spamassassin -- multiple vulnerabilities (613193a0-c1b4-11e8-ae2d-54e1ad3d6335)
refmap via4
bid 92136
confirm
debian DSA-3628
fedora
  • FEDORA-2016-6ec2009080
  • FEDORA-2016-dd20a4631a
  • FEDORA-2016-e9e5c081d4
gentoo
  • GLSA-201701-75
  • GLSA-201812-07
mlist
  • [announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781
  • [debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update
  • [perl.perl5.porters] 20160725 CVE-2016-1238: Important unsafe module load path flaw
sectrack 1036440
Last major update 28-11-2016 - 14:58
Published 02-08-2016 - 10:59
Last modified 16-12-2018 - 06:29
Back to Top