README VERSION : 1.1 README CREATION DATE : 2013-08-09 PATCH-ID : 149806-01 PATCH NAME : VRTSperl 5.10.0.17 BASE PACKAGE NAME : VRTSperl BASE PACKAGE VERSION : 5.10.0.6 SUPERSEDED PATCHES : NONE REQUIRED PATCHES : NONE INCOMPATIBLE PATCHES : NONE SUPPORTED PADV : sol_sparc (P-PLATFORM , A-ARCHITECTURE , D-DISTRIBUTION , V-VERSION) PATCH CATEGORY : OTHER PATCH CRITICALITY : OPTIONAL HAS KERNEL COMPONENT : NO ID : NONE REBOOT REQUIRED : NO REQUIRE APPLICATION DOWNTIME : NO PATCH INSTALLATION INSTRUCTIONS: -------------------------------- patchadd 149806-01 PATCH UNINSTALLATION INSTRUCTIONS: ---------------------------------- patchrm 149806-01 SPECIAL INSTRUCTIONS: --------------------- NONE SUMMARY OF FIXED ISSUES: ----------------------------------------- PATCH ID:149806-01 3209525 (3209518) CVE-2011-3597 Perl Digest improper control of generation of code 3278057 (3278056) For Veritas Storage Foundation (SF) 5.1, assess PERL vulnerability for CVE-2012-6329. SUMMARY OF KNOWN ISSUES: ----------------------------------------- NONE KNOWN ISSUES : -------------- NONE FIXED INCIDENTS: ---------------- PATCH ID:149806-01 * INCIDENT NO:3209525 TRACKING ID:3209518 SYMPTOM: Perl Digest improper control of generation of code. DESCRIPTION: In the Digest module before 1.17 for Perl, the eval injection vulnerability allows the context-dependent attackers to execute arbitrary commands via the new constructor. RESOLUTION: The source has been changed to fix this problem. * INCIDENT NO:3278057 TRACKING ID:3278056 SYMPTOM: The current version of module Locale::Maketext in SF 5.1 is 1.12, and it is affected by CVE-2012-6329. DESCRIPTION: Before Perl 5.17.7, the _compile function in Maketext.pm in the Locale::Maketext implementation does not properly handle the backslashes. During the compilation of bracket notation, the fully qualified method names allow the context-dependent attackers to execute arbitrary commands by crafted input to an application. The application accepts translation strings from users. RESOLUTION: Upgrade the module Locale::Maketext to v1.23. INCIDENTS FROM OLD PATCHES: --------------------------- NONE