security vulnerabilities
Matthew Seaman
matthew at FreeBSD.org
Tue Aug 9 11:59:24 UTC 2016
On 08/09/16 10:13, Jos Chrispijn wrote:
> Just to let you know that I got this message after running maintenance on my BSD server:
>
>
> Checking for packages with security vulnerabilities:
> perl5-5.20.3_13
>
> Dunno if this is critical or due to a missed port update?
If you follow the vuxml URL that 'pkg audit' tells you, you will find
that this is a local privilege escalation bug. That's less serious than
many security problems, and depending on your local situation, may not
even be a problem for you at all (for instance, if everyone who can
login to your machine already has root level access...)
There are fixes for perl 5.24 and 5.22 upstream and I believe patches
for 5.20 are being worked on, but they haven't hit the ports just yet.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-perl/attachments/20160809/18774ccd/attachment.sig>
More information about the freebsd-perl
mailing list