CVE-2010-1168

Publication date 21 June 2010

Last updated 24 July 2024

Ubuntu priority

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
perl	11.04 natty	Fixed 5.10.1-17ubuntu4.1
	10.10 maverick	Fixed 5.10.1-12ubuntu2.1
	10.04 LTS lucid	Fixed 5.10.1-8ubuntu2.1
	9.10 karmic	Ignored end of life
	9.04 jaunty	Ignored end of life
	8.04 LTS hardy	Fixed 5.8.8-12ubuntu0.5
	6.06 LTS dapper	Fixed 5.8.7-10ubuntu1.3

Notes

mdeslaur

debian bug says upstream 2.27 contains regressions...should update to 2.25, but 2.25 doesn't fix CVE-2010-1447.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
perl	Upstream: http://search.cpan.org/~rgarcia/Safe-2.27/Safe.pm

References

Related Ubuntu Security Notices (USN)