Описание
Security update for perl
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
- CVE-2023-31484: Enabled TLS certificate verification in CPAN (bsc#1210999)
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178)
Список пакетов
Container suse/sle15:15.2
perl-base-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
perl-5.26.1-150000.7.18.1
perl-base-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
perl-5.26.1-150000.7.18.1
perl-base-5.26.1-150000.7.18.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
perl-5.26.1-150000.7.18.1
perl-base-5.26.1-150000.7.18.1
perl-base-32bit-5.26.1-150000.7.18.1
perl-doc-5.26.1-150000.7.18.1
SUSE Linux Enterprise Server 15 SP2-LTSS
perl-5.26.1-150000.7.18.1
perl-base-5.26.1-150000.7.18.1
perl-base-32bit-5.26.1-150000.7.18.1
perl-doc-5.26.1-150000.7.18.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
perl-5.26.1-150000.7.18.1
perl-base-5.26.1-150000.7.18.1
perl-base-32bit-5.26.1-150000.7.18.1
perl-doc-5.26.1-150000.7.18.1
Ссылки
- Link for SUSE-SU-2024:1630-1
- E-Mail link for SUSE-SU-2024:1630-1
- SUSE Security Ratings
- SUSE Bug 1047178
- SUSE Bug 1082216
- SUSE Bug 1082233
- SUSE Bug 1210999
- SUSE CVE CVE-2017-6512 page
- SUSE CVE CVE-2018-6798 page
- SUSE CVE CVE-2018-6913 page
- SUSE CVE CVE-2023-31484 page
Описание
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
Затронутые продукты
Container suse/sle15:15.2:perl-base-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:perl-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:perl-base-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:perl-5.26.1-150000.7.18.1
Ссылки
- CVE-2017-6512
- SUSE Bug 1042218
- SUSE Bug 1047178
Описание
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
Затронутые продукты
Container suse/sle15:15.2:perl-base-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:perl-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:perl-base-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:perl-5.26.1-150000.7.18.1
Ссылки
- CVE-2018-6798
- SUSE Bug 1082233
- SUSE Bug 1106717
Описание
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Затронутые продукты
Container suse/sle15:15.2:perl-base-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:perl-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:perl-base-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:perl-5.26.1-150000.7.18.1
Ссылки
- CVE-2018-6913
- SUSE Bug 1082216
- SUSE Bug 1106717
- SUSE Bug 1224040
Описание
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Затронутые продукты
Container suse/sle15:15.2:perl-base-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:perl-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:perl-base-5.26.1-150000.7.18.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:perl-5.26.1-150000.7.18.1
Ссылки
- CVE-2023-31484
- SUSE Bug 1210999