Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2016-6185

Published: 2 August 2016

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
perl
Launchpad, Ubuntu, Debian
artful Not vulnerable
(5.22.2-2)
precise
Released (5.14.2-6ubuntu2.7)
trusty
Released (5.18.2-2ubuntu1.4)
upstream
Released (5.22.2-2)
wily Ignored
(reached end-of-life)
xenial
Released (5.22.1-9ubuntu0.3)
yakkety Not vulnerable
(5.22.2-2)
zesty Not vulnerable
(5.22.2-2)
Patches:
upstream: http://perl5.git.perl.org/perl.git/commit/08e3451d7b3b714ad63a27f1b9c2a23ee75d15ee