Advisories ยป MGASA-2021-0527

Updated perl/perl-Encode packages fix security vulnerability

Publication date: 02 Dec 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-36770

Description, as distributed in Perl through 5.34.0, allows local users to
gain privileges via a Trojan horse Encode::ConfigLocal library (in the
current working directory) that preempts dynamic module loading.
Exploitation requires an unusual configuration, and certain 2021 versions
of (3.05 through 3.11). This issue occurs because the || operator
evaluates @INC in a scalar context, and thus @INC has only an integer value.