[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1051108 Bug 1051108 depends on bug 1051110, which changed state. Bug 1051110 Summary: perl-PlRPC: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1051110 What|Removed |Added -

[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1051108 Bug 1051108 depends on bug 1030572, which changed state. Bug 1030572 Summary: perl-PlRPC: not secure across trust boundaries https://bugzilla.redhat.com/show_bug.cgi?id=1030572 What|Removed |Added -

[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1051108 Stefan Cornelius changed: What|Removed |Added Status|NEW |CLOSED Resolution|---

[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1051108 --- Comment #9 from Petr Pisar --- Without PlRPC modules, DBD::Proxy* modules have to be removed. Without DBD::Proxy* modules, Bundle::DBI module, DBI's t/80proxy.t test and DBI's /usr/bin/dbiproxy tool have to be removed. -- You are receivi

[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1051108 Tomas Hoger changed: What|Removed |Added Priority|high|medium Whiteboard|impact=importan

[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1051108 Tomas Hoger changed: What|Removed |Added Depends On||1103127 -- You are receiving this mail

[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1051108 --- Comment #6 from Tomas Hoger --- Possible mitigation here is to use host based access restrictions to any service using PlRPC to ensure only trusted hosts/users have access. -- You are receiving this mail because: You are on the CC list f

[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1051108 --- Comment #5 from Tomas Hoger --- Here is Storable documentation that describes security risks of deserializing untrusted inputs using Storable: http://search.cpan.org/~ams/Storable-2.45/Storable.pm#SECURITY_WARNING The only package shipped

[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1051108 Tomas Hoger changed: What|Removed |Added Whiteboard|impact=important,public=201 |impact=important,public=201

[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1051108 Petr Pisar changed: What|Removed |Added CC||rat...@redhat.com Flags|

[Bug 1051108] CVE-2013-7284 perl-PlRPC: pre-auth remote code execution

https://bugzilla.redhat.com/show_bug.cgi?id=1051108 Vincent Danen changed: What|Removed |Added Summary|perl-PlRPC: pre-auth remote |CVE-2013-7284 perl-PlRPC: