Perl is a high-level programming language commonly used for systemadministration utilities and web programming. The Safe extension moduleallows users to compile and execute Perl code in restricted compartments.The Safe module did not properly restrict the code of implicitly calledmethods (such as DESTROY and AUTOLOAD) on implicitly blessed objectsreturned as a result of unsafe code evaluation. These methods could havebeen executed unrestricted by Safe when such objects were accessed ordestroyed. A specially-crafted Perl script executed inside of a Safecompartment could use this flaw to bypass intended Safe modulerestrictions. (CVE-2010-1168)The Safe module did not properly restrict code compiled in a Safecompartment and executed out of the compartment via a subroutine referencereturned as a result of unsafe code evaluation. A specially-crafted Perlscript executed inside of a Safe compartment could use this flaw to bypassintended Safe module restrictions, if the returned subroutine reference wascalled from outside of the compartment. (CVE-2010-1447)Red Hat would like to thank Tim Bunce for responsibly reporting theCVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleatonas the original reporter of CVE-2010-1168, and Tim Bunce and RafaëlGarcia-Suarez as the original reporters of CVE-2010-1447.These packages upgrade the Safe extension module to version 2.27. Refer tothe Safe module's Changes file, linked to in the References, for a fulllist of changes.Users of perl are advised to upgrade to these updated packages, whichcorrect these issues. All applications using the Safe extension module mustbe restarted for this update to take effect.