perl security update
This update fixes a bug in perl that makes spamassassin
crash and does not allow bypassing taint mode by using lc()
or uc() anymore.
- CVE-2010-4777: CVSS v2 Base Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
- CVE-2011-1487: CVSS v2 Base Score: 2.6
(AV:N/AC:H/Au:N/C:N/I:P/A:N): Permissions, Privileges,
and Access Control (CWE-264)
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4498
Fixed bugs
bnc#676086
VUL-0: perl crash - causes spamassassin crash etc.
bnc#657625
bad CC address in perlbug
bnc#684799
VUL-0: perl: -- lc(), uc() routines are laundering tainted
bnc#678877
Package Perl: Packaging error
