Critical Vulnerability Information Vulnerability Details Security Advisory: OpenPKG-SA-2002.014 Date: 2002-12-16 Project: The OpenPKG Project (http://www.openpkg.org) Contact Email: openpkg-security@openpkg.org, openpkg@openpkg.org Vulnerability Overview Vulnerability: Unsafe module OpenPKG-specific?: No Related Package: perl Affected Versions Affected Versions: - perl-5.6.1-1.0.1 and earlier (OpenPKG 1.0) - perl-5.6.1-1.1.0 and earlier (OpenPKG 1.1) - perl-5.8.0-20021129 and earlier (OpenPKG CURRENT) Fixed Versions: - perl-5.6.1-1.0.2 and later (OpenPKG 1.0) - perl-5.6.1-1.1.1 and later (OpenPKG 1.1) - perl-5.8.0-20021216 and later (OpenPKG CURRENT) Description Andreas Jurenda discovered a security vulnerability in Perl's module. When a module has already been used, its security cannot be guaranteed, as there is a way to execute code within the module to alter its operation mask. Only programs that use the module only once are unaffected by this vulnerability. Detection Method Run to check if affected. Solution Upgrade existing packages to the latest patched Perl version. Choose the appropriate source RPM for your OpenPKG version, obtain it from the OpenPKG FTP service or mirror locations, verify its integrity, build the corresponding binary RPM, and update your OpenPKG installation. Reference Links Vulnerability Report Perl Official Website Source and Update Locations: - OpenPKG 1.0 - OpenPKG 1.1 - OpenPKG CURRENT Security Verification: - Digital Signature Verification Binary RPM Update Tutorial Security Statement This security advisory is signed with an OpenPGP public key to verify its integrity.