Gentoo Linux Security Advisory 201701-75 - Multiple vulnerabilities have been found in Perl, the worst of which could allow remote attackers to execute arbitrary code. Versions less than 5.22.3_rc4 are affected.
aadc81a6433dc3251362cd7f85b56bd8
HP Security Bulletin HPSBNS03635 1 - Multiple potential remote and local vulnerabilities impacting Perl and PHP have been addressed by HPE NonStop Servers OSS Script Languages. The vulnerabilities include Perl's opportunistic loading of optional modules which might allow local users to gain elevation of privilege via a Trojan horse library under the current working directory. Revision 1 of this advisory.
208143266211c16a2e73608c2b984f2c
Ubuntu Security Notice 2916-1 - It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. An attacker could use this issue to cause Perl to consume memory and crash, resulting in a denial of service. Various other issues were also addressed.
b6c02ced38435c1dd8276aac1a9bac16
Debian Linux Security Advisory 3501-1 - Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint security mechanism would be applied to the value in %ENV, but not to the other rest of the environment. This could result in an ambiguous environment causing environment variables to be propagated to subprocesses, despite the protections supposedly offered by taint checking.
ed3599b7967b413eac72bd0ef1844d48