old perl vulnerabilitiy

Ryan Steinmetz zi at FreeBSD.org
Fri Mar 15 13:55:05 UTC 2013


On (03/15/13 17:30), freebsd at tern.ru wrote:
>Hello Freebsd-security,
>
>I've got portaudit alarm on perl-5.8.9_7 with regard to
>
>perl -- denial of service via algorithmic complexity attack on hashing routines.
>Reference: http://portaudit.FreeBSD.org/68c1f75b-8824-11e2-9996-c48508086173.html
>
>But on the other server I have perl-threaded-5.8.9_7
>and portaudit thinks that it is OK (no problem)
>
>Is it correct?
>It seems to me that threaded perl also should have the same problem.
>

It does have the same issue.  I've corrected the VuXML entry and you
should see updated portaudit results within 30 minutes.  Your 5.8.9
perl-threaded installation should also show up as vulnerable to the same
issue.


Thanks!
-r


>Please advise.
>
>PS.  I  know  that  it  is  old  and "unsupported" but I don't want to
>  upgrade   without  serious  reason.  And, any way, the "behavior" of
>  portaudit seems to me not correct.
>
>
>With best regards,
>Alexandre Krasnov.
>
>
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"

-- 
Ryan Steinmetz
PGP: EF36 D45A 5CA9 28B1 A550  18CD A43C D111 7AD7 FAF2


More information about the freebsd-security mailing list