rh-perl524-perl-CPAN-2.11-368.el6.noarch loads optional modules from current working directory: $ cd /tmp $ mkdir Log cat >Log/Log4perl.pm warn 'HIT'; 1; ^D $ cpan HIT at /tmp/Log/Log4perl.pm line 1. Undefined subroutine &Log::Log4perl::init called at /opt/rh/rh-perl524/root/usr/share/perl5/vendor_perl/App/Cpan.pm line 546. This bug is know as CVE-2016-1238 and a fix exists in perl-5.24.1 release candidate. Other rh-perl524 packages already contain the fix. Please note that additional patch from CPAN RT#116507 is required to handle cpan -j option correctly in case of a relative path.
Created attachment 1238847 [details] Cumulative patch
rh-perl526 is not affected.
In accordance with the Red Hat Software Collections Product Life Cycle, the support period for this collection has ended. New bug fix, enhancement, and security errata updates, as well as technical support services will no longer be made available for this collection. Customers are encouraged to upgrade to a later release. Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/