Front page | perl.macosx |
Postings from February 2009
--As of February 15, 2009 11:10:33 AM +0000, Alan Fry is alleged to have said: > I have an Intel MacPro running Mac OS X 10.5.6 (Perl 5.8.8) and a copy of > PDF::API2. This has worked flawlessly for a long time. > > Suddenly it has failed. There have been no changes at all to the machine > apart from a recent 'Security Update', which I think had to do mostly > with a loophole in Safari. --As for the rest, it is mine. >From the notes on the recent Security Update: > perl > CVE-ID: CVE-2008-1927 > Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, > Mac OS X v10.5.6, Mac OS X Server v10.5.6 > Impact: Using regular expressions containing UTF-8 characters may > lead to an unexpected application termination or arbitrary code > execution > Description: A memory corruption issue exists in the handling of > certain UTF-8 characters in regular expressions. Parsing maliciously > crafted regular expressions may lead to an unexpected application > termination or arbitrary code execution. This update addresses the > issue by performing additional validation of regular expressions. So, they definitely updated Perl. Likely any/all XS modules will need to be recompiled. I'd _hope_ that Apple updated the ones they shipped, but you'll still have to update any you've installed yourself. (I haven't gotten around to installing the update myself yet...) Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ---------------------------------------------------------------Thread Previous | Thread Next