FreeBSD : p5-PathTools -- File::Spec::canonpath loses taint (333f655a-b93a-11e5-9efa-5453ed2e2b49)
High Nessus Plugin ID 87885
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionRicardo Signes reports :
Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath() routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code.
This defect was found and reported by David Golden of MongoDB.
SolutionUpdate the affected packages.