Severity
Medium
Vendor
Ubuntu, Perl
Versions Affected
- Ubuntu 14.04 LTS
Description
Several security issues were fixed in Perl.
It was discovered that Perl incorrectly handled certain regular expressions with an invalid back-reference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-7422)
Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. An attacker could use this issue to cause Perl to consume memory and crash, resulting in a denial of service. (CVE-2014-4330)
Stephane Chazelas discovered that Perl incorrectly handled duplicate environment variables. An attacker could possibly use this issue to bypass the taint protection mechanism. (CVE-2016-2381)
Affected Products and Versions
Severity is medium unless otherwise noted.
- All versions of Cloud Foundry rootfs prior to 1.40.0 AND stemcell 3146.x versions prior to 3146.10 AND all other stemcell versions prior to 3213
Mitigation
Users of affected versions should apply the following mitigation:
- The Cloud Foundry project recommends that Cloud Foundry deployments upgrade rootfs to version 1.40.0 or later
- The Cloud Foundry project recommends that Cloud Foundry deployments upgrade stemcell versions 3146.x to 3146.10 or later OR all other stemcell versions to 3213 or later
Credit
Markus Vervier, Stephane Chazelas
