1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4347-1] perl security update

    From Salvatore Bonaccorso@1:229/2 to All on Thu Nov 29 23:20:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4347-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 29, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : perl
    CVE ID : CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314

    Multiple vulnerabilities were discovered in the implementation of the
    Perl programming language. The Common Vulnerabilities and Exposures
    project identifies the following problems:

    CVE-2018-18311

    Jayakrishna Menon and Christophe Hauser discovered an integer
    overflow vulnerability in Perl_my_setenv leading to a heap-based
    buffer overflow with attacker-controlled input.

    CVE-2018-18312

    Eiichi Tsukata discovered that a crafted regular expression could
    cause a heap-based buffer overflow write during compilation,
    potentially allowing arbitrary code execution.

    CVE-2018-18313

    Eiichi Tsukata discovered that a crafted regular expression could
    cause a heap-based buffer overflow read during compilation which
    leads to information leak.

    CVE-2018-18314

    Jakub Wilk discovered that a specially crafted regular expression
    could lead to a heap-based buffer overflow.

    For the stable distribution (stretch), these problems have been fixed in version 5.24.1-3+deb9u5.

    We recommend that you upgrade your perl packages.

    For the detailed security status of perl please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/perl

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwAY45fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SexQ/+OyRsCOK4ZPjoe/mZD6nYcTZskjNu6o0XbV0dUwqGLz3+ztWAitThvLqw OdbVmhPD9OBPXEw/CEGG/AzCzy+TTuo4B6CEevTviEq2ACS6MHWpXYk98qSLE+4a 1S+MO+kmziz1NKDJ11/7mUcS+hAoeCSbKpwkcBztyMqgMrbNpzOnlsNcXwu7kiTc TMrTrTh8a/AWYN/IZITUN742STKODbdb86Zmypl6ecdOCY0kQLlrVbSH9SaEUr0v y0R8dvl0g87lq+ipxhU2IiDzBgymf5HagvCAKcnUKWylPg/Dgtj3f7VjaK1I9cr0 GMpTCFoxw6fHsi221JzTKCYLjRC+kd0eQ+XbJmT1Djw5MBnkToNAQrvne7otNu2r VM+pV8Iizze/UiGD33VOYCA9ukzExtQVk1aqXd7jb+s0GC3bThHwApkI2pWIH422 u8fZ4nlc4TBFXzKznT7GHiPMCLL3VxxAeOD0KPrL87Z+XIZTd2ZnuAtbTt3gpDY7 rmlKsCq7ovGYOMqzmT7sNrBG0dTUogDK+pqfsDw780kmlric5/lhpTROBIj1l/Sn XN3ja2TsEwQyyzHd+tjBVxyGygawsa662PeZoL9B6iWGdSeoOhGjDHFXgyNJR4/7 49pvIdcgt0AxftuwlfN4W0h+8rhRFxNggFpC2dtGLZPhXfYI++s=
    =tA1+
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)