[ MDVSA-2014:192 ] perl-Email-Address

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:192
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : perl-Email-Address
 Date    : October 1, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated perl-Email-Address package fixes security vulnerability:
 
 The parse function in Email::Address module before 1.905 for Perl
 uses an inefficient regular expression, which allows remote attackers
 to cause a denial of service (CPU consumption) via an empty quoted
 string in an RFC 2822 address (CVE-2014-0477).
 
 The Email::Address module before 1.904 for Perl uses an inefficient
 regular expression, which allows remote attackers to cause a denial
 of service (CPU consumption) via vectors related to backtrack

Leave a Reply