Taint problems
Stuart Henderson
stu at spacehopper.org
Thu Apr 21 18:56:25 IST 2011
On 2011-04-20, Glenn Steen <glenn.steen at gmail.com> wrote:
> So... What updates did you do? Do you install perl via yum and the
> MailScanner modules via Jules packaging? That is, expecially on such a
> volatile distro as Fedora, a recipe for failure... as you've noticed.
This is almost certainly fallout from CVE-2011-1487 fixes.
"The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl
5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11,
do not apply the taint attribute to the return value upon processing
tainted input, which might allow context-dependent attackers to bypass
the taint protection mechanism via a crafted string."
More information about the MailScanner
mailing list