Описание
Security update for perl
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216).
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233).
- CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
perl-5.18.2-12.11.1
perl-32bit-5.18.2-12.11.1
perl-base-5.18.2-12.11.1
perl-doc-5.18.2-12.11.1
SUSE Linux Enterprise Server 12 SP3
perl-5.18.2-12.11.1
perl-32bit-5.18.2-12.11.1
perl-base-5.18.2-12.11.1
perl-doc-5.18.2-12.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
perl-5.18.2-12.11.1
perl-32bit-5.18.2-12.11.1
perl-base-5.18.2-12.11.1
perl-doc-5.18.2-12.11.1
Ссылки
- Link for SUSE-SU-2018:1074-1
- E-Mail link for SUSE-SU-2018:1074-1
- SUSE Security Ratings
- SUSE Bug 1082216
- SUSE Bug 1082233
- SUSE Bug 1082234
- SUSE CVE CVE-2018-6797 page
- SUSE CVE CVE-2018-6798 page
- SUSE CVE CVE-2018-6913 page
Описание
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.11.1
SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.11.1
SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.11.1
SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.11.1
Ссылки
- CVE-2018-6797
- SUSE Bug 1082234
- SUSE Bug 1106717
Описание
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.11.1
SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.11.1
SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.11.1
SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.11.1
Ссылки
- CVE-2018-6798
- SUSE Bug 1082233
- SUSE Bug 1106717
Описание
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:perl-32bit-5.18.2-12.11.1
SUSE Linux Enterprise Desktop 12 SP3:perl-5.18.2-12.11.1
SUSE Linux Enterprise Desktop 12 SP3:perl-base-5.18.2-12.11.1
SUSE Linux Enterprise Desktop 12 SP3:perl-doc-5.18.2-12.11.1
Ссылки
- CVE-2018-6913
- SUSE Bug 1082216
- SUSE Bug 1106717
- SUSE Bug 1224040