develooper Front page | perl.macosx | Postings from February 2009

Re: Sudden death of PDF::API2

Thread Previous | Thread Next
Daniel Staal
February 15, 2009 18:44
Re: Sudden death of PDF::API2
Message ID:
--As of February 15, 2009 11:10:33 AM +0000, Alan Fry is alleged to have 

> I have an Intel MacPro running Mac OS X 10.5.6 (Perl 5.8.8) and a copy of
> PDF::API2. This has worked flawlessly for a long time.
> Suddenly it has failed. There have been no changes at all to the machine
> apart from a recent 'Security Update', which I think had to do mostly
> with a loophole in Safari.

--As for the rest, it is mine.

>From the notes on the recent Security Update:

> perl
> CVE-ID:  CVE-2008-1927
> Available for:  Mac OS X v10.4.11, Mac OS X Server v10.4.11,
> Mac OS X v10.5.6, Mac OS X Server v10.5.6
> Impact:  Using regular expressions containing UTF-8 characters may
> lead to an unexpected application termination or arbitrary code
> execution
> Description:  A memory corruption issue exists in the handling of
> certain UTF-8 characters in regular expressions. Parsing maliciously
> crafted regular expressions may lead to an unexpected application
> termination or arbitrary code execution. This update addresses the
> issue by performing additional validation of regular expressions.

So, they definitely updated Perl.  Likely any/all XS modules will need to 
be recompiled.  I'd _hope_ that Apple updated the ones they shipped, but 
you'll still have to update any you've installed yourself.

(I haven't gotten around to installing the update myself yet...)

Daniel T. Staal

This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About