Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:1972-1

Опубликовано: 17 июл. 2018
Источник: suse-cvrf

Описание

Security update for perl

This update for perl fixes the following issues:

These security issue were fixed:

  • CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216).
  • CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233).
  • CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234).
  • CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718)

This non-security issue was fixed:

  • fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565]

Список пакетов

SUSE Enterprise Storage 4
perl-5.18.2-12.14.1
perl-32bit-5.18.2-12.14.1
perl-base-5.18.2-12.14.1
perl-doc-5.18.2-12.14.1
SUSE Linux Enterprise Desktop 12 SP3
perl-5.18.2-12.14.1
perl-32bit-5.18.2-12.14.1
perl-base-5.18.2-12.14.1
perl-doc-5.18.2-12.14.1
SUSE Linux Enterprise Server 12 SP1-LTSS
perl-5.18.2-12.14.1
perl-32bit-5.18.2-12.14.1
perl-base-5.18.2-12.14.1
perl-doc-5.18.2-12.14.1
SUSE Linux Enterprise Server 12 SP2-LTSS
perl-5.18.2-12.14.1
perl-32bit-5.18.2-12.14.1
perl-base-5.18.2-12.14.1
perl-doc-5.18.2-12.14.1
SUSE Linux Enterprise Server 12 SP3
perl-5.18.2-12.14.1
perl-32bit-5.18.2-12.14.1
perl-base-5.18.2-12.14.1
perl-doc-5.18.2-12.14.1
SUSE Linux Enterprise Server 12-LTSS
perl-5.18.2-12.14.1
perl-32bit-5.18.2-12.14.1
perl-base-5.18.2-12.14.1
perl-doc-5.18.2-12.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
perl-5.18.2-12.14.1
perl-32bit-5.18.2-12.14.1
perl-base-5.18.2-12.14.1
perl-doc-5.18.2-12.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
perl-5.18.2-12.14.1
perl-32bit-5.18.2-12.14.1
perl-base-5.18.2-12.14.1
perl-doc-5.18.2-12.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
perl-5.18.2-12.14.1
perl-32bit-5.18.2-12.14.1
perl-base-5.18.2-12.14.1
perl-doc-5.18.2-12.14.1
SUSE OpenStack Cloud 7
perl-5.18.2-12.14.1
perl-32bit-5.18.2-12.14.1
perl-base-5.18.2-12.14.1
perl-doc-5.18.2-12.14.1

Ссылки

Описание

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Затронутые продукты
SUSE Enterprise Storage 4:perl-32bit-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-base-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-doc-5.18.2-12.14.1
Ссылки

Описание

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

Затронутые продукты
SUSE Enterprise Storage 4:perl-32bit-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-base-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-doc-5.18.2-12.14.1
Ссылки

Описание

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

Затронутые продукты
SUSE Enterprise Storage 4:perl-32bit-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-base-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-doc-5.18.2-12.14.1
Ссылки

Описание

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

Затронутые продукты
SUSE Enterprise Storage 4:perl-32bit-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-base-5.18.2-12.14.1
SUSE Enterprise Storage 4:perl-doc-5.18.2-12.14.1
Ссылки