FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p5-XSLoader -- local arbitrary code execution

Affected packages
p5-XSLoader < 0.22
perl5 < 5.18.4_24
5.20 <= perl5 < 5.20.3_15
5.21 <= perl5 < 5.22.3.r2
5.23 <= perl5 < 5.24.1.r2
5.25 <= perl5 < 5.25.2.87
perl5-devel < 5.18.4_24
5.20 <= perl5-devel < 5.20.3_15
5.21 <= perl5-devel < 5.22.3.r2
5.23 <= perl5-devel < 5.24.1.r2
5.25 <= perl5-devel < 5.25.2.87
perl5.18 < 5.18.4_24
5.20 <= perl5.18 < 5.20.3_15
5.21 <= perl5.18 < 5.22.3.r2
5.23 <= perl5.18 < 5.24.1.r2
5.25 <= perl5.18 < 5.25.2.87
perl5.20 < 5.18.4_24
5.20 <= perl5.20 < 5.20.3_15
5.21 <= perl5.20 < 5.22.3.r2
5.23 <= perl5.20 < 5.24.1.r2
5.25 <= perl5.20 < 5.25.2.87
perl5.22 < 5.18.4_24
5.20 <= perl5.22 < 5.20.3_15
5.21 <= perl5.22 < 5.22.3.r2
5.23 <= perl5.22 < 5.24.1.r2
5.25 <= perl5.22 < 5.25.2.87
perl5.24 < 5.18.4_24
5.20 <= perl5.24 < 5.20.3_15
5.21 <= perl5.24 < 5.22.3.r2
5.23 <= perl5.24 < 5.24.1.r2
5.25 <= perl5.24 < 5.25.2.87
0 <= perl

Details

VuXML ID 3e08047f-5a6c-11e6-a6c3-14dae9d210b8
Discovery 2016-06-30
Entry 2016-08-04
Modified 2016-08-22

Jakub Wilk reports:

XSLoader tries to load code from a subdirectory in the cwd when called inside a string eval

References

CVE Name CVE-2016-6185
URL https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829578