Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:3092-1

Опубликовано: 24 нояб. 2017
Источник: suse-cvrf

Описание

Security update for perl

This update for perl fixes the following issues:

Security issues fixed:

  • CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. (bnc#1057724)
  • CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. (bnc#1057721)
  • CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178)

Bug fixes:

  • backport set_capture_string changes from upstream (bsc#999735)
  • reformat baselibs.conf as source validator workaround

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
perl-5.18.2-12.3.1
perl-32bit-5.18.2-12.3.1
perl-base-5.18.2-12.3.1
perl-doc-5.18.2-12.3.1
SUSE Linux Enterprise Desktop 12 SP3
perl-5.18.2-12.3.1
perl-32bit-5.18.2-12.3.1
perl-base-5.18.2-12.3.1
perl-doc-5.18.2-12.3.1
SUSE Linux Enterprise Server 12 SP2
perl-5.18.2-12.3.1
perl-32bit-5.18.2-12.3.1
perl-base-5.18.2-12.3.1
perl-doc-5.18.2-12.3.1
SUSE Linux Enterprise Server 12 SP3
perl-5.18.2-12.3.1
perl-32bit-5.18.2-12.3.1
perl-base-5.18.2-12.3.1
perl-doc-5.18.2-12.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
perl-5.18.2-12.3.1
perl-base-5.18.2-12.3.1
perl-doc-5.18.2-12.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
perl-5.18.2-12.3.1
perl-32bit-5.18.2-12.3.1
perl-base-5.18.2-12.3.1
perl-doc-5.18.2-12.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
perl-5.18.2-12.3.1
perl-32bit-5.18.2-12.3.1
perl-base-5.18.2-12.3.1
perl-doc-5.18.2-12.3.1

Ссылки

Описание

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1
SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1
SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1
SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1
Ссылки

Описание

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1
SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1
SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1
SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1
Ссылки

Описание

Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:perl-32bit-5.18.2-12.3.1
SUSE Linux Enterprise Desktop 12 SP2:perl-5.18.2-12.3.1
SUSE Linux Enterprise Desktop 12 SP2:perl-base-5.18.2-12.3.1
SUSE Linux Enterprise Desktop 12 SP2:perl-doc-5.18.2-12.3.1
Ссылки
Уязвимость SUSE-SU-2017:3092-1