UBUNTU-CVE-2016-1238

Source
https://ubuntu.com/security/CVE-2016-1238
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-1238.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-1238
Related
Published
2016-07-25T00:00:00Z
Modified
2016-07-25T00:00:00Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

References

Affected packages

Ubuntu:14.04:LTS / libsys-syslog-perl

Package

Name
libsys-syslog-perl
Purl
pkg:deb/ubuntu/libsys-syslog-perl?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.33-1+deb8u1build0.14.04.1

Affected versions

0.*

0.29-1build2
0.33-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.33-1+deb8u1build0.14.04.1",
            "binary_name": "libsys-syslog-perl"
        },
        {
            "binary_version": "0.33-1+deb8u1build0.14.04.1",
            "binary_name": "libsys-syslog-perl-dbgsym"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / perl

Package

Name
perl
Purl
pkg:deb/ubuntu/perl?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.14.2-21build1
5.18.1-4
5.18.1-4build1
5.18.1-5
5.18.2-2
5.18.2-2ubuntu1
5.18.2-2ubuntu1.1
5.18.2-2ubuntu1.3
5.18.2-2ubuntu1.4
5.18.2-2ubuntu1.6
5.18.2-2ubuntu1.7
5.18.2-2ubuntu1.7+esm3
5.18.2-2ubuntu1.7+esm4
5.18.2-2ubuntu1.7+esm5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / perl

Package

Name
perl
Purl
pkg:deb/ubuntu/perl?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.20.2-6
5.22.1-3
5.22.1-4
5.22.1-5
5.22.1-7
5.22.1-8
5.22.1-9
5.22.1-9ubuntu0.2
5.22.1-9ubuntu0.3
5.22.1-9ubuntu0.5
5.22.1-9ubuntu0.6
5.22.1-9ubuntu0.9
5.22.1-9ubuntu0.9+esm1
5.22.1-9ubuntu0.9+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}