Perl: Execution of arbitrary code

Perl: Execution of arbitrary code A double free vulnerability was discovered in Perl, possibly resulting in the execution of arbitrary code and a Denial of Service. perl libperl 2008-05-20 2008-05-20 219203 remote 5.8.8-r5 5.8.8-r5 5.8.8-r2 5.8.8-r2

Perl is a stable, cross platform programming language.

Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters.

A remote attacker could possibly exploit this vulnerability to execute arbitrary code or cause a Denial of Service.

There is no known workaround at this time.

All Perl users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.8.8-r5"

All libperl users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-devel/libperl-5.8.8-r2"

CVE-2008-1927 p-y p-y keytoaster