The following message concerns a hash-related flaw in perl 5
This issue affects all production versions of perl from 5.8.2 to 5.16.x. It does not affect the upcoming perl 5.18.
In order to prevent an algorithmic complexity attack against its hashing mechanism, perl will sometimes recalculate keys and redistribute the contents of a hash. This mechanism has made perl robust against attacks that have been demonstrated against other systems.
Research by Yves Orton has recently uncovered a flaw in the rehashing code which can result in pathological behavior. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys.
Because using user-provided strings as hash keys is a very common operation, we urge users of perl to update their perl executable as soon as possible.
Updates to address this issue have been pushed to main-5.8, maint-5.10, maint-5.12, maint-5.14, and maint-5.16 branches today, perl 5.14.4 and 5.16.3 will be released soon, including these fixes. There is no plan to make a new release of any other version.
Vendors* were informed of this problem two weeks ago and are expected to be shipping updates today (or otherwise very soon).
bleadperl is not affected.
This issue has been assigned the identifier CVE-2013-1667.
The Perl Foundation are attempting to participate in the Google Code In this year and as always time is short. They need tasks added here:
In the next 48 hours (and most definately before midnight Friday). More information can be found here:
Thanks in advance
TWiki.org, a leading provider of enterprise collaboration and wiki application development platform, announced the general availability of TWiki-5.1.2 Community Release.
TWiki® is an open source enterprise wiki written in Perl.
Or just download it and give it a try.
Strawberry Perl 126.96.36.199 is available at http://strawberryperl.com
(all editions: MSI, ZIP, PortableZIP for both: 32/64bit MS Windows)
More details in Release Notes:
http://strawberryperl.com/release-notes/188.8.131.52-32bit.html (recommended for most situations)
Strawberry Perl is a perl environment for MS Windows containing all you need to run and develop perl applications. It is designed to be as close as possible to perl environment on UNIX systems.
O’Reilly are having a 50% off Perl Ebooks sale for one week.
Discount code WKPER5
Deal expires August 9, 2012 at 11:59pm PT
This includes the new Intermediate Perl, 2nd Edition.
The 2012 Perl White Camel awards were announced at YAPC::NA this week, congratulations to the well deserved recipients…
Perl Community: Renee Bäcker
Renee Bäcker is at the heart of the German Perl community. He publishes $foo Magazine, a sponsor of this conference, is a leader in the German Perl monger community, and is organizing this year’s YAPC::EU in Frankfurt (although he was already short-listed for this award before we knew that).
Perl User Groups: Jim Keenan
Jim Keenan has been a quiet but effective Perl influence. For years he led Perl Seminar New York, a technical complement to NY.pm‘s social focus. He volunteers to help at many hackathons, gently advises new events, and was instrumental in bringing together separate Perl groups
within New York City.
Perl Conferences: Breno G. de Oliveira
Breno G. de Oliveira, or just “garu”, is a social connector in the Brasilian Perl community as well as the PerlSDL community. Active in Rio.pm, he was also the organizer of YAPC::Brasil 2011 in Rio de Janeiro. He has contributed to the PerlSDL book. With a little help, he wants to unite the global Perl community by visiting every YAPC he can and helping other people to travel to Brasil to meet Perl programmers they might not otherwise interact with.
For those of you who aren’t able to attend YAPC::NA in person, this year’s organizers set up live streams of the conference. You can use the conference schedule to find which talks you want to see and then stream the room you are interested in. The rooms are:
- Lowell Dining Room (Main Hall / Perl in the Wild)
- Pyle 325 (Perl 101 / Beginners Track)
- Pyle 313 (Anything Goes)
- Pyle Vandenburg Auditorium (Anything Goes)
You’ll need Microsoft Silverlight, Adobe Flash, or Apple Quicktime to be able to view these streams.
The streams will go live at 9am US Central time on June 13th.
You can find a full list of changes in the file “perldelta.pod“.
Perl 5.16.0 represents approximately 12 months of development since Perl 5.14.0 and contains approximately 590,000 lines of changes across 2,500 files from 139 authors.
Perl continues to flourish into its third decade thanks to a vibrant community of users and developers.
Congratulations to Raul Matei who came up with the design which can now be see on the MetaCPAN site.