openSUSE Security Update: perl: Fixed two Safe.pm security issues and some bugs ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0518-1 Rating: moderate References: #557636 #596167 #601242 #603840 #605918 #605928 #624628 Affected Products: openSUSE 11.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: perl Safe.pm module was affected by two problems where attackers could break out of such a safed execution. (CVE-2010-1447 , CVE-2010-1168) This update fixes this problem. Also following non-security bugs were fixed: - fix tell cornercase [bnc#596167] - fix regex memory leak [bnc#557636] - do not add vendorlib/auto to filelist [bnc#624628] - also run h2ph on /usr/include/linux [bnc#603840] - backport h2ph include fix from 5.12.0 [bnc#601242] Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.2: zypper in -t patch perl-2830 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.2 (i586 src x86_64): perl-5.10.0-72.7.1 - openSUSE 11.2 (i586 x86_64): perl-base-5.10.0-72.7.1 perl-doc-5.10.0-72.7.1 - openSUSE 11.2 (x86_64): perl-32bit-5.10.0-72.7.1 perl-base-32bit-5.10.0-72.7.1 References: https://bugzilla.novell.com/557636 https://bugzilla.novell.com/596167 https://bugzilla.novell.com/601242 https://bugzilla.novell.com/603840 https://bugzilla.novell.com/605918 https://bugzilla.novell.com/605928 https://bugzilla.novell.com/624628