Описание
Security update for perl
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216).
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233).
- CVE-2018-6797: Fixed sharp-s regexp overflow (bsc#1082234).
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
perl-5.18.2-12.1
perl-32bit-5.18.2-12.1
perl-base-5.18.2-12.1
perl-base-32bit-5.18.2-12.1
perl-doc-5.18.2-12.1
Ссылки
- E-Mail link for openSUSE-SU-2018:1095-1
- SUSE Security Ratings
Описание
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
Затронутые продукты
openSUSE Leap 42.3:perl-32bit-5.18.2-12.1
openSUSE Leap 42.3:perl-5.18.2-12.1
openSUSE Leap 42.3:perl-base-32bit-5.18.2-12.1
openSUSE Leap 42.3:perl-base-5.18.2-12.1
Ссылки
- CVE-2018-6797
- SUSE Bug 1082234
- SUSE Bug 1106717
Описание
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
Затронутые продукты
openSUSE Leap 42.3:perl-32bit-5.18.2-12.1
openSUSE Leap 42.3:perl-5.18.2-12.1
openSUSE Leap 42.3:perl-base-32bit-5.18.2-12.1
openSUSE Leap 42.3:perl-base-5.18.2-12.1
Ссылки
- CVE-2018-6798
- SUSE Bug 1082233
- SUSE Bug 1106717
Описание
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Затронутые продукты
openSUSE Leap 42.3:perl-32bit-5.18.2-12.1
openSUSE Leap 42.3:perl-5.18.2-12.1
openSUSE Leap 42.3:perl-base-32bit-5.18.2-12.1
openSUSE Leap 42.3:perl-base-5.18.2-12.1
Ссылки
- CVE-2018-6913
- SUSE Bug 1082216
- SUSE Bug 1106717