Описание
Security update for perl
This update for perl fixes the following issues:
These security issue were fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216).
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233).
- CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234).
- CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718)
This non-security issue was fixed:
- fix debugger crash in tab completion with Term::ReadLine::Gnu [bsc#1068565]
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
Ссылки
- Link for SUSE-SU-2018:1972-2
- E-Mail link for SUSE-SU-2018:1972-2
- SUSE Security Ratings
- SUSE Bug 1068565
- SUSE Bug 1082216
- SUSE Bug 1082233
- SUSE Bug 1082234
- SUSE Bug 1096718
- SUSE CVE CVE-2018-12015 page
- SUSE CVE CVE-2018-6797 page
- SUSE CVE CVE-2018-6798 page
- SUSE CVE CVE-2018-6913 page
Описание
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Затронутые продукты
Ссылки
- CVE-2018-12015
- SUSE Bug 1096718
- SUSE Bug 1099497
- SUSE Bug 1099507
- SUSE Bug 1106717
Описание
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
Затронутые продукты
Ссылки
- CVE-2018-6797
- SUSE Bug 1082234
- SUSE Bug 1106717
Описание
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
Затронутые продукты
Ссылки
- CVE-2018-6798
- SUSE Bug 1082233
- SUSE Bug 1106717
Описание
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Затронутые продукты
Ссылки
- CVE-2018-6913
- SUSE Bug 1082216
- SUSE Bug 1106717
- SUSE Bug 1224040