Bug 1139700 (CVE-2014-4330)
Summary: | CVE-2014-4330 perl-Data-Dumper: deep recursion stack overflow | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED WONTFIX | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | carnil, cweyl, hannsj_uhl, iarnell, jorton, jplesnik, jshort, kasal, mmaslano, perl-devel, perl-maint-list, ppisar, rc040203, security-response-team, vondruch | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | perl-Data-Dumper 2.154 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2021-06-14 15:03:54 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1144903, 1144904 | ||||||
Bug Blocks: | 1139705 | ||||||
Attachments: |
|
Description
Vasyl Kaigorodov
2014-09-09 13:23:19 UTC
Created attachment 935700 [details]
Upstream provided patch
Attaching upstream patch
Upstream bug report (currently not public): https://rt.perl.org/Public/Bug/Display.html?id=122111 Acknowledgements: Red Hat would like to thank the Ricardo Signes for reporting this issue. Upstream acknowledges Markus Vervier of LSE Leading Security Experts as the original reporter. This issue is public now: http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304 Created perl-Data-Dumper tracking bugs for this issue: Affects: fedora-all [bug 1144903] Affects: epel-all [bug 1144904] Could you please create tracking bugs also for RHEL 7 and RHSCL? perl-Data-Dumper-2.154-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. perl-Data-Dumper-2.154-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. Statement: This issue affects the versions of perl as shipped with Red Hat Enterprise Linux 6 and the versions of perl-Data-Dumper as shipped with Red Hat Enterprise Linux 7. A future update may address this issue. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2014-4330 |