Bug 967082 - (CVE-2016-2381) VUL-0: CVE-2016-2381: perl: environment handling bug
(CVE-2016-2381)
VUL-0: CVE-2016-2381: perl: environment handling bug
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michael Schröder
Security Team bot
https://smash.suse.de/issue/161990/
CVSSv2:RedHat:CVE-2016-2381:5.1:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-17 14:06 UTC by Sebastian Krahmer
Modified: 2019-10-23 14:40 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
attached fix (3.51 KB, patch)
2016-02-17 14:09 UTC, Sebastian Krahmer
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Sebastian Krahmer 2016-02-17 14:09:21 UTC
Created attachment 665882 [details]
attached fix

attached fix
Comment 2 Swamp Workflow Management 2016-02-17 23:01:21 UTC
bugbot adjusting priority
Comment 3 Sebastian Krahmer 2016-02-23 14:01:18 UTC
Unclear impact. Maybe it makes CGI scripts vulnerable.
Any thoughts on doing updates or not?
Comment 4 Johannes Segitz 2016-02-23 14:19:52 UTC
(In reply to Sebastian Krahmer from comment #3)
I'm for preparing an update. The discussion leading up to this was lengthy and quite a lot of people were involved. It's possible that this receives media attention
Comment 5 Sebastian Krahmer 2016-02-23 14:25:15 UTC
Raising prio and making VUL-0.
Comment 7 Marcus Meissner 2016-03-07 14:06:23 UTC
is public
Comment 8 Michael Schröder 2016-03-10 12:45:10 UTC
(upstream git: ae37b791a73a9e78dedb89fb2429d2628cf58076)
Comment 9 Swamp Workflow Management 2016-03-24 14:12:14 UTC
openSUSE-SU-2016:0881-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 928292,961528,967082
CVE References: CVE-2015-8607,CVE-2016-2381
Sources used:
openSUSE 13.2 (src):    perl-5.20.1-3.1
Comment 10 Swamp Workflow Management 2016-09-06 13:20:57 UTC
SUSE-SU-2016:2246-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 929027,967082,987887,988311
CVE References: CVE-2015-8853,CVE-2016-1238,CVE-2016-2381,CVE-2016-6185
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    perl-5.10.0-64.80.1
SUSE Linux Enterprise Server 11-SP4 (src):    perl-5.10.0-64.80.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    perl-5.10.0-64.80.1
Comment 11 Swamp Workflow Management 2016-09-08 13:11:17 UTC
SUSE-SU-2016:2263-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 928292,932894,967082,984906,987887,988311
CVE References: CVE-2015-8853,CVE-2016-1238,CVE-2016-2381,CVE-2016-6185
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    perl-5.18.2-11.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    perl-5.18.2-11.1
Comment 12 Swamp Workflow Management 2016-09-15 15:10:49 UTC
openSUSE-SU-2016:2313-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 928292,932894,967082,984906,987887,988311
CVE References: CVE-2015-8853,CVE-2016-1238,CVE-2016-2381,CVE-2016-6185
Sources used:
openSUSE Leap 42.1 (src):    perl-5.18.2-5.1
Comment 13 Michael Schröder 2017-04-26 15:06:56 UTC
Closing.
Comment 15 Johannes Segitz 2017-08-15 12:10:14 UTC
Please submit for SUSE:SLE-10-SP3:Update and SUSE:SLE-11-SP1:Update. Thanks
Comment 17 Swamp Workflow Management 2018-06-26 08:28:38 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-07-10.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64075
Comment 19 Robert Frohl 2019-10-23 13:03:06 UTC
released