Bug 967082 (CVE-2016-2381) - VUL-0: CVE-2016-2381: perl: environment handling bug
Summary: VUL-0: CVE-2016-2381: perl: environment handling bug
Status: RESOLVED FIXED
Alias: CVE-2016-2381
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2018-07-10
Assignee: Michael Schröder
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/161990/
Whiteboard: CVSSv2:RedHat:CVE-2016-2381:5.1:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-17 14:06 UTC by Sebastian Krahmer
Modified: 2019-10-23 14:40 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
attached fix (3.51 KB, patch)
2016-02-17 14:09 UTC, Sebastian Krahmer 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Sebastian Krahmer 2016-02-17 14:09:21 UTC 
Created attachment 665882 [details]
attached fix

attached fix
Comment 2 Swamp Workflow Management 2016-02-17 23:01:21 UTC 
bugbot adjusting priority
Comment 3 Sebastian Krahmer 2016-02-23 14:01:18 UTC 
Unclear impact. Maybe it makes CGI scripts vulnerable.
Any thoughts on doing updates or not?
Comment 4 Johannes Segitz 2016-02-23 14:19:52 UTC 
(In reply to Sebastian Krahmer from comment #3)
I'm for preparing an update. The discussion leading up to this was lengthy and quite a lot of people were involved. It's possible that this receives media attention
Comment 5 Sebastian Krahmer 2016-02-23 14:25:15 UTC 
Raising prio and making VUL-0.
Comment 7 Marcus Meissner 2016-03-07 14:06:23 UTC 
is public
Comment 8 Michael Schröder 2016-03-10 12:45:10 UTC 
(upstream git: ae37b791a73a9e78dedb89fb2429d2628cf58076)
Comment 9 Swamp Workflow Management 2016-03-24 14:12:14 UTC 
openSUSE-SU-2016:0881-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 928292,961528,967082
CVE References: CVE-2015-8607,CVE-2016-2381
Sources used:
openSUSE 13.2 (src):    perl-5.20.1-3.1
Comment 10 Swamp Workflow Management 2016-09-06 13:20:57 UTC 
SUSE-SU-2016:2246-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 929027,967082,987887,988311
CVE References: CVE-2015-8853,CVE-2016-1238,CVE-2016-2381,CVE-2016-6185
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    perl-5.10.0-64.80.1
SUSE Linux Enterprise Server 11-SP4 (src):    perl-5.10.0-64.80.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    perl-5.10.0-64.80.1
Comment 11 Swamp Workflow Management 2016-09-08 13:11:17 UTC 
SUSE-SU-2016:2263-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 928292,932894,967082,984906,987887,988311
CVE References: CVE-2015-8853,CVE-2016-1238,CVE-2016-2381,CVE-2016-6185
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    perl-5.18.2-11.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    perl-5.18.2-11.1
Comment 12 Swamp Workflow Management 2016-09-15 15:10:49 UTC 
openSUSE-SU-2016:2313-1: An update that solves four vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 928292,932894,967082,984906,987887,988311
CVE References: CVE-2015-8853,CVE-2016-1238,CVE-2016-2381,CVE-2016-6185
Sources used:
openSUSE Leap 42.1 (src):    perl-5.18.2-5.1
Comment 13 Michael Schröder 2017-04-26 15:06:56 UTC 
Closing.
Comment 15 Johannes Segitz 2017-08-15 12:10:14 UTC 
Please submit for SUSE:SLE-10-SP3:Update and SUSE:SLE-11-SP1:Update. Thanks
Comment 17 Swamp Workflow Management 2018-06-26 08:28:38 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2018-07-10.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64075
Comment 19 Robert Frohl 2019-10-23 13:03:06 UTC 
released