Your submission was sent successfully! Close

CVE-2016-2381

Published: 01 March 2016

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian
Upstream
Released (5.22.1-8)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(5.22.1-8)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.18.2-2ubuntu1.1)
Patches:
Upstream: http://perl5.git.perl.org/perl.git/commit/ae37b791a73a9e78dedb89fb2429d2628cf58076
Upstream: http://perl5.git.perl.org/perl.git/commit/9dee5840e63e586718b283d542c830b0e0514aab (vms only)