{"id":"MGASA-2016-0099","summary":"Updated perl packages fix CVE-2016-2381","details":"Updated perl packages fix security vulnerability:\n\nStephane Chazelas discovered a bug in the environment handling in Perl. Perl\nprovides a Perl-space hash variable, %ENV, in which environment variables can\nbe looked up. If a variable appears twice in envp, only the last value would\nappear in %ENV, but getenv would return the first. Perl's taint security\nmechanism would be applied to the value in %ENV, but not to the other rest of\nthe environment. This could result in an ambiguous environment causing\nenvironment variables to be propagated to subprocesses, despite the\nprotections supposedly offered by taint checking (CVE-2016-2381).\n","modified":"2026-04-16T06:25:22.572853430Z","published":"2016-03-07T18:03:54Z","upstream":["CVE-2016-2381"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0099.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17861"},{"type":"WEB","url":"https://www.debian.org/security/2016/dsa-3501"}],"affected":[{"package":{"name":"perl","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/perl?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.20.1-8.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0099.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}