DSA-2586-1 perl -- severalID: oval:org.secpod.oval:def:600926 | Date: (C)2012-12-14 (M)2023-12-07 |
Class: PATCH | Family: unix |
Two vulnerabilities were discovered in the implementation of the Perl programming language: CVE-2012-5195 The "x" operator could cause the Perl interpreter to crash if very long strings were created. CVE-2012-5526 The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers. In addition, this update adds a warning to the Storable documentation that this package is not suitable for deserializing untrusted data.