SB2016070711 - Fedora 22 update for perl
Published: July 7, 2016 Updated: April 24, 2025
Security Bulletin ID
SB2016070711
CSH Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) XSLoader relative path error in Perl (CVE-ID: CVE-2016-6185)
CWE-ID: CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to an access control error in Perl. A local user can load arbitrary code from the current working directory by supplying specially crafted data to the XSLoader component.
Successful exploitation of this vulnerability may result in execution of arbitrary code.
Remediation
Install update from vendor's website.