[SECURITY] Fedora 17 Update: perl-5.14.3-221.fc17

Tue Feb 19 01:37:56 UTC 2013

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-1836
2013-02-02 03:49:10
--------------------------------------------------------------------------------

Name        : perl
Product     : Fedora 17
Version     : 5.14.3
Release     : 221.fc17
URL         : http://www.perl.org/
Summary     : Practical Extraction and Report Language
Description :
Perl is a high-level programming language with roots in C, sed, awk and shell
scripting.  Perl is good at handling processes and files, and is especially
good at handling text.  Perl's hallmarks are practicality and efficiency.
While it is used to do a lot of different things, Perl's most common
applications are system administration utilities and web programming.  A large
proportion of the CGI scripts on the web are written in Perl.  You need the
perl package installed on your system so that your system can handle Perl
scripts.

Install this package if you want to program in Perl or enable your system to
handle Perl scripts.

--------------------------------------------------------------------------------
Update Information:

Fix double-free when loading Digest::SHA object representing the intermediate SHA state from a file (RT#82655)

The following command should be run without any errors.

perl -MDigest::SHA -e 'my $d = Digest::SHA->new(256); $d->load("x");'
Fix Locale::Maketext vulnerability allowing to cross-call functions from message catalogs (CVE-2012-6329).
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 30 2013 Jitka Plesnikova <jplesnik at redhat.com> - 4:5.14.3-221
- Fix RT#82655- Double-free when loading Digest::SHA object
* Fri Jan 11 2013 Petr Pisar <ppisar at redhat.com> - 4:5.14.3-220
- Fix CVE-2012-6329 (misparsing of maketext strings) (bug #884354)
* Thu Jan 10 2013 Petr Pisar <ppisar at redhat.com> - 4:5.14.3-219
- Do not package App::Cpan(3pm) to perl-Test-Harness (bug #893768)
* Mon Nov 26 2012 Petr Pisar <ppisar at redhat.com> - 4:5.14.3-218
- Remove perl-CGI sub-package to favour standalone one (bug #876974)
* Wed Oct 17 2012 Jitka Plesnikova <jplesnik at redhat.com> - 4:5.14.3-217
- Do not crash when vivifying $| (bug #865296)
* Mon Oct 15 2012 Jitka Plesnikova <jplesnik at redhat.com> - 4:5.14.3-216
- 5.14.3 bump (see
  https://metacpan.org/module/DOM/perl-5.14.3/pod/perldelta.pod for release
  notes).
* Fri Sep 14 2012 Petr Pisar <ppisar at redhat.com> - 4:5.14.2-215
- Override the Pod::Simple::parse_file to set output to STDOUT by default
  (bug #826872)
* Tue Sep 11 2012 Petr Pisar <ppisar at redhat.com> - 4:5.14.2-214
- Clear $@ before `do' I/O error (bug #834226)
- Do not truncate syscall() return value to 32 bits (bug #838551)
- Match starting byte in non-UTF-8 mode (bug #801739)
- Free hash entries before values on delete (bug #771303)
* Wed Sep  5 2012 Petr Pisar <ppisar at redhat.com> - 4:5.14.2-213
- Remove perl-devel dependency from perl-Test-Harness and perl-Test-Simple
- Move App::Cpan from perl-Test-Harness to perl-CPAN (bug #854577)
* Tue May 29 2012 Jitka Plesnikova <jplesnik at redhat.com> - 4:5.14.2-212
- Fix find2perl to translate ? glob properly (bug #825701)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #884354 - CVE-2012-6329 perl: possible arbitrary code execution via Locale::Maketext
        https://bugzilla.redhat.com/show_bug.cgi?id=884354
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------